Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S7kJLbgFtg.exe

Overview

General Information

Sample Name:S7kJLbgFtg.exe
Analysis ID:594117
MD5:55b95e36469a3600abb995e58f61d4c9
SHA1:de6717493246599d8702e7d1fd6914aab5bd015d
SHA256:7862d6e083c5792c40a6a570c1d3824ddab12cebc902ea965393fe057b717c0a
Tags:exe
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Sigma detected: Copying Sensitive Files with Credential Data
May disable shadow drive data (uses vssadmin)
Infects executable files (exe, dll, sys, html)
Drops executable to a common third party application directory
Deletes shadow drive data (may be related to ransomware)
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Abnormal high CPU Usage

Classification

Process Tree

  • System is w10x64
  • S7kJLbgFtg.exe (PID: 6472 cmdline: "C:\Users\user\Desktop\S7kJLbgFtg.exe" MD5: 55B95E36469A3600ABB995E58F61D4C9)
    • vssadmin.exe (PID: 7140 cmdline: vssadmin delete shadows /all /quiet MD5: 47D51216EF45075B5F7EAA117CC70E40)
      • conhost.exe (PID: 4744 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Shadow Copies Deletion Using Operating Systems Utilities
Source: Process startedAuthor: Florian Roth, Michael Haag, Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community, Andreas Hunkeler (@Karneades): Data: Command: vssadmin delete shadows /all /quiet, CommandLine: vssadmin delete shadows /all /quiet, CommandLine|base64offset|contains: vh, Image: C:\Windows\System32\vssadmin.exe, NewProcessName: C:\Windows\System32\vssadmin.exe, OriginalFileName: C:\Windows\System32\vssadmin.exe, ParentCommandLine: "C:\Users\user\Desktop\S7kJLbgFtg.exe" , ParentImage: C:\Users\user\Desktop\S7kJLbgFtg.exe, ParentProcessId: 6472, ProcessCommandLine: vssadmin delete shadows /all /quiet, ProcessId: 7140
Sigma detected: Copying Sensitive Files with Credential Data
Source: Process startedAuthor: Teymur Kheirkhabarov, Daniil Yugoslavskiy, oscd.community: Data: Command: vssadmin delete shadows /all /quiet, CommandLine: vssadmin delete shadows /all /quiet, CommandLine|base64offset|contains: vh, Image: C:\Windows\System32\vssadmin.exe, NewProcessName: C:\Windows\System32\vssadmin.exe, OriginalFileName: C:\Windows\System32\vssadmin.exe, ParentCommandLine: "C:\Users\user\Desktop\S7kJLbgFtg.exe" , ParentImage: C:\Users\user\Desktop\S7kJLbgFtg.exe, ParentProcessId: 6472, ProcessCommandLine: vssadmin delete shadows /all /quiet, ProcessId: 7140

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: S7kJLbgFtg.exeVirustotal: Detection: 52%Perma Link
Source: S7kJLbgFtg.exeReversingLabs: Detection: 69%
Source: S7kJLbgFtg.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: Binary string: Reflow.pdbRR source: Data1.cab.0.dr
Source: Binary string: PDDom.pdbiiH source: Data1.cab.0.dr
Source: Binary string: SaveAsRTF.pdbUU source: Data1.cab.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\armsvc.pdb A source: Data1.cab.0.dr
Source: Binary string: Accessibility.pdbpp source: Data1.cab.0.dr
Source: Binary string: Accessibility.pdb source: Data1.cab.0.dr
Source: Binary string: D:\garuda_1890\esg\lilo\plugins\AdobeHunspellPlugin\6.1\binaries\VC.Net2010\Win32\Release\AdobeHunspellPlugin.pdb source: Data1.cab.0.dr
Source: Binary string: SaveAsRTF.pdb source: Data1.cab.0.dr
Source: Binary string: Reflow.pdb source: Data1.cab.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\AdobeARM.pdb source: Data1.cab.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: Data1.cab.0.dr
Source: Binary string: PDDom.pdb source: Data1.cab.0.dr
Source: Binary string: D:\CB\ARM_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: AdobeARMHelper.exe0.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\armsvc.pdb source: Data1.cab.0.dr
Source: Binary string: MakeAccessible.pdb source: Data1.cab.0.dr

Spreading

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\msasxpress.dllJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Clean Store\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\NisBackup\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Jump to behavior
Source: AdobeARM.msi0.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.c
Source: AdobeARM.msi0.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AdobeARM.msi0.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AdobeARM.msi0.0.drString found in binary or memory: http://crl.thawte.com/ThawteCodeSigningCA.crl0
Source: AdobeARM.msi0.0.drString found in binary or memory: http://crl.thawte.com/ThawtePremiumServerCA.crl0
Source: Data1.cab.0.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: AdobeARM.msi0.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AdobeARM.msi0.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AdobeARM.msi0.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AdobeARM.msi0.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: Data1.cab.0.drString found in binary or memory: http://evcs-aia.ws.symantec.com/evcs.cer0
Source: Data1.cab.0.drString found in binary or memory: http://evcs-crl.ws.symantec.com/evcs.crl0
Source: Data1.cab.0.drString found in binary or memory: http://evcs-ocsp.ws.symantec.com04
Source: AdobeARM.msi0.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://ocsp.digicert.com0H
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://ocsp.digicert.com0I
Source: AdobeARM.msi0.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: AdobeARM.msi0.0.dr, Data1.cab.0.drString found in binary or memory: http://ocsp.thawte.com0
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: http://s.symcd.com06
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: Data1.cab.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: Data1.cab.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: Data1.cab.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: Data1.cab.0.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AdobeARM.msi0.0.drString found in binary or memory: http://www.macrovision.com0
Source: Data1.cab.0.drString found in binary or memory: http://www.symauth.com/cps0(
Source: Data1.cab.0.drString found in binary or memory: http://www.symauth.com/cps09
Source: Data1.cab.0.drString found in binary or memory: http://www.symauth.com/rpa04
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: https://d.symcb.com/cps0%
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: https://d.symcb.com/rpa0
Source: AdobeARMHelper.exe0.0.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: S7kJLbgFtg.exeString found in binary or memory: https://dist.torproject.org/torbrowser/8.5.3/tor-win32-0.3.5.8.zipzipTor
Source: AdobeARMHelper.exe0.0.dr, AdobeARM.msi0.0.drString found in binary or memory: https://www.digicert.com/CPS0

Spam, unwanted Advertisements and Ransom Demands

barindex
May disable shadow drive data (uses vssadmin)
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Deletes shadow drive data (may be related to ransomware)
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Source: vssadmin.exe, 00000001.00000002.359172423.000001FA20780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Users\user\Desktop\C:\Windows\SYSTEM32\vssadmin.exevssadmin delete shadows /all /quietC:\Windows\SYSTEM32\vssadmin.exeWinsta0\Default
Source: vssadmin.exe, 00000001.00000002.359172423.000001FA20780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vssadmin delete shadows /all /quiet
Source: vssadmin.exe, 00000001.00000002.359151558.000001FA206E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vssadmindeleteshadows/all/quiet
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess Stats: CPU usage > 98%
Source: S7kJLbgFtg.exeVirustotal: Detection: 52%
Source: S7kJLbgFtg.exeReversingLabs: Detection: 69%
Source: S7kJLbgFtg.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\S7kJLbgFtg.exe "C:\Users\user\Desktop\S7kJLbgFtg.exe"
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quiet
Source: C:\Windows\System32\vssadmin.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess created: C:\Windows\System32\vssadmin.exe vssadmin delete shadows /all /quietJump to behavior
Source: C:\Windows\System32\vssadmin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2C2787D-95AB-40D4-942D-298F5F757874}\InProcServer32Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4744:120:WilError_01
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile created: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\!-Recovery_Instructions-!.txtJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile created: C:\Users\user\Desktop\!-Recovery_Instructions-!.txtJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile created: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\temp\!-Recovery_Instructions-!.txtJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\ArmReport.iniJump to behavior
Source: classification engineClassification label: mal76.rans.spre.winEXE@4/1151@0/0
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile read: C:\ProgramData\Adobe\ARM\ArmReport.iniJump to behavior
Source: S7kJLbgFtg.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: S7kJLbgFtg.exeStatic PE information: TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
Source: S7kJLbgFtg.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: Reflow.pdbRR source: Data1.cab.0.dr
Source: Binary string: PDDom.pdbiiH source: Data1.cab.0.dr
Source: Binary string: SaveAsRTF.pdbUU source: Data1.cab.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\armsvc.pdb A source: Data1.cab.0.dr
Source: Binary string: Accessibility.pdbpp source: Data1.cab.0.dr
Source: Binary string: Accessibility.pdb source: Data1.cab.0.dr
Source: Binary string: D:\garuda_1890\esg\lilo\plugins\AdobeHunspellPlugin\6.1\binaries\VC.Net2010\Win32\Release\AdobeHunspellPlugin.pdb source: Data1.cab.0.dr
Source: Binary string: SaveAsRTF.pdb source: Data1.cab.0.dr
Source: Binary string: Reflow.pdb source: Data1.cab.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\AdobeARM.pdb source: Data1.cab.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: Data1.cab.0.dr
Source: Binary string: PDDom.pdb source: Data1.cab.0.dr
Source: Binary string: D:\CB\ARM_Main\BuildResults\bin\Win32\Release\AdobeARMHelper.pdb source: AdobeARMHelper.exe0.0.dr
Source: Binary string: C:\O\W\B\130707\ARM\BuildResults\bin\Win32\Release\armsvc.pdb source: Data1.cab.0.dr
Source: Binary string: MakeAccessible.pdb source: Data1.cab.0.dr
Source: S7kJLbgFtg.exeStatic PE information: section name: _RDATA

Persistence and Installation Behavior

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeSystem file written: C:\Program Files (x86)\Microsoft SQL Server\110\Shared\msasxpress.dllJump to behavior
Drops executable to a common third party application directory
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile written: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exeJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Default\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Clean Store\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\NisBackup\Jump to behavior
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeFile opened: C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Jump to behavior
Source: S7kJLbgFtg.exeBinary or memory string: .Mdfsqlserv.exeoracle.exentdbsmgr.exesqlservr.exesqlwriter.exeMsDtsSrvr.exemsmdsrv.exeReportingServecesService.exefdhost.exefdlauncher.execher.exevmickvpexchangevmicguestinterfacevmicshutdownvmicheartbeatvmicrdvstorfltvmictimesyncvmicvssMSSQLFDLauncherMSSQLSERVERSQLSERVERAGENTSQLBrowserSQLTELEMETRYMsDtsServer130SSISTELEMETRY130SQLWriterMSSQLSQLAgentMSSQLServerADHelper100MSSQLServerOLAPServiceMsDtsServer100ReportServerTMBMServerpostgresql-x64-9.4UniFivmmssql-x64-9.4
Source: Data1.cab.0.drBinary or memory string: gHExitMaximize&Click to activateShell_TrayWndTrayNotifyWndp
Source: C:\Users\user\Desktop\S7kJLbgFtg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception2
Process Injection		12
Masquerading		OS Credential Dumping1
Security Software Discovery		1
Taint Shared Content		Data from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
Process Injection		LSASS Memory2
Process Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
File Deletion		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
S7kJLbgFtg.exe52%VirustotalBrowse
S7kJLbgFtg.exe69%ReversingLabsWin64.Ransomware.LockCrypt

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.macrovision.com00%URL Reputationsafe
http://ocsp.thawte.com00%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.macrovision.com0AdobeARM.msi0.0.drfalse
  • URL Reputation: safe
unknown
https://dist.torproject.org/torbrowser/8.5.3/tor-win32-0.3.5.8.zipzipTorS7kJLbgFtg.exefalse
    		high
    http://www.symauth.com/rpa04Data1.cab.0.drfalse
      		high
      http://crl.thawte.com/ThawtePremiumServerCA.crl0AdobeARM.msi0.0.drfalse
        		high
        http://crl.thawte.com/ThawteTimestampingCA.crl0Data1.cab.0.drfalse
          		high
          http://www.symauth.com/cps09Data1.cab.0.drfalse
            		high
            http://www.symauth.com/cps0(Data1.cab.0.drfalse
              		high
              http://ocsp.thawte.com0AdobeARM.msi0.0.dr, Data1.cab.0.drfalse
              • URL Reputation: safe
              		unknown
              http://crl.thawte.com/ThawteCodeSigningCA.crl0AdobeARM.msi0.0.drfalse
                		high

                World Map of Contacted IPs

                No contacted IP infos

                General Information

                Joe Sandbox Version:34.0.0 Boulder Opal
                Analysis ID:594117
                Start date and time:2022-03-22 12:56:19 +01:00
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 10m 8s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:S7kJLbgFtg.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:23
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:1
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal76.rans.spre.winEXE@4/1151@0/0
                EGA Information:Failed
                HDC Information:Failed
                HCA Information:
                • Successful, ratio: 100%
                • Number of executed functions: 0
                • Number of non-executed functions: 0
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                • Override analysis time to 240s for sample files taking high CPU consumption

                Warnings

                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, VSSVC.exe, svchost.exe, wuapihost.exe
                • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, client.wns.windows.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com
                • Not all processes where analyzed, report is missing behavior information
                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                • Report size getting too big, too many NtCreateFile calls found.
                • Report size getting too big, too many NtOpenFile calls found.
                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                • Report size getting too big, too many NtReadFile calls found.
                • Report size getting too big, too many NtSetInformationFile calls found.
                • Report size getting too big, too many NtWriteFile calls found.

                Simulations

                Behavior and APIs

                No simulations

                Joe Sandbox View / Context

                IPs

                No context

                Domains

                No context

                ASNs

                No context

                JA3 Fingerprints

                No context

                Dropped Files

                No context

                Created / dropped Files

                C:\Documents and Settings\All Users\Adobe\ARM\ArmReport.ini.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1254
                Entropy (8bit):7.02691869608283
                Encrypted:false
                SSDEEP:24:ZxedxzkEwt1LrrV5MTFtGb2/maDJn0QwxrYCZVZjH0TH9O5Ye+QUiln4V:Zsk/17V5MT7p/maD3MVZDNEBiV4V
                MD5:1502CCE3B0A2E7980C76B94DF3A22834
                SHA1:C84C7AC85F2F1BE374AD3D0FDDDFA388BE6FA5CA
                SHA-256:E44CFD29CDB102FE1543FAFF5615A3599605324D1D7BE6E05B5F13E25F75DB4F
                SHA-512:9D242C41F63703D1D63280946F9DE61C2EA050D490C83C16E659C4B59880D8B73C5AF589F77977E149C9C62D81FD54D6E96C5050F11BF674A27E32E0BBCB791B
                Malicious:false
                Reputation:low
                Preview:..IX...&....@.%...m"".8........2>7?..@H.......&..8 ......;...V......-A].D<.l.....EP.)O.$q.v....^.|(..q./.y.4...2.r.I$.L.U6...........t..2.d7R...../...q...G..I....Lq[...B.m>.i....l.T...].s.C..6.."...I._............N.X.|n.".r.. .......P.#D.z%....]..iW3...>`d.P..t..4.......T.......}.ZW.....4.z..vJK.../.g....e.....?t..S...]D(i,7.i.E.J...&....`..l^Y...C.......?.....ye...eE+...&..e{.+.~F.....;{. 6.....K........[..n.#.L....x..I.I.'.O.....+.....V...o...w.w..._.....(..`JKE2Lj.}fN..L..ja.3bHU.y...r<..#.......\....w...~..6i.....5./...Q...cn..`.M.......3P....L/+...d....!0...U.B;9qF9.7...\._..w..4}ml..R.w..Jdn. .......ljZ..Q.E.....<7.. .A98........l....t<...'zP...Pye%.....;...KOxANs.i.v.-*.1V.K...:T..9.,.....t....-460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e38993

                C:\Documents and Settings\All Users\Adobe\ARM\S\11399\AdobeARM.msi.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):991752
                Entropy (8bit):7.626507275468615
                Encrypted:false
                SSDEEP:12288:dB8CfiwQEHeSHMTuLTBn0wM67J9ji8GUrWelRRzMzzD0Ad3KYo7hAx131YKTwIiF:nnKVa/INiRoz0AhK7+xyL6A2oY0E8
                MD5:FFB796F8B843498557793C843F24E813
                SHA1:DFDFA869AB5090DA75B4073674357A12DD6F61E4
                SHA-256:FBD6C1F7673114B6838ACD72D42550430C126F197D99534D32A6F49D8A3829B1
                SHA-512:0496785E62F95E12975A342E9A0218FB23699A17F2B902E1B22C5CDA49EEAF04207EA883A543A00793532915EF6A5AF71B3C7D63F80A1172E1AA1E15AFAB94A5
                Malicious:false
                Reputation:low
                Preview:O....~E.2.}..f.K4V.B...p.^.9.....-.(3=.O.J...4....-.6oK.E.B...=;B..t..Q.X.m.QO...Sy.....F*..f.ve.Dm...n.....M.r.3......2Y.~.@4..#.a.....H.u.R. y.`.@.V..W..!D. ....W.NK3.J2....w.........:.....E.......l.........:..A.7...pI..v..p2].H.&J?K...5f..{d!S..iC.$..u..al0......B.d....=..y.N.:...)-.i|..G..2.)x....E,M$.....g..._._C...B..2}l....Z...ix:....Q#..a........*d.%.......e.?./=..A.@sI.,$.....G.X......,..3},..e...R.r.....z.~FA.".t.Ayip.....u..Dh..r.;.. .2..eb(.?P.v_.B.?&.u....'.%M...9n....!.6.A.hJP..='.....{s.9....J..P.U8S.Ot...`..=.=p.Q...T.....7.p~.....m\.8}_~.S...LU.|.,..R..P..=....p...i..mI.f6...t.3...5B....~.{.....t5.z...!....JO.=..q.Z.4%CL.Z...S......"..fk....!X...I.. ..]..&.!..O...-..U.L..e....%....5.+."+.<...U..........70........0O......m..o..>.p...*..x.^3......./.CU.f.5.5An9...s*.K....y...'}.......x.i.4;3O$#v.....:1#..4...3v;./~.8.r!..II......=L:..-......Z.k.g.b.~F..G2.,.l.*dY..Or._..[."....E..st..U.z..z.x.a..Gx..w..U....r...;%...

                C:\Documents and Settings\All Users\Adobe\ARM\S\11399\AdobeARMHelper.exe.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):423984
                Entropy (8bit):6.812958831857012
                Encrypted:false
                SSDEEP:6144:SlHq6WUBfn7LiJdKkAtyKuskePvX2Zp7DmuXYvr6ys/pV:SZAU9n72/KkAtydem3nM6Bv
                MD5:84B1C6E77490CD35CF033B16A45F1B18
                SHA1:7027596B9E0F369786ECD4AA9BA2AB938D070D52
                SHA-256:A507FEF96103EB16FDE83AE68A0B4A8278CED10E4C5914CD5D9E0B46A73F5A6F
                SHA-512:114FFB9061395407869E9D6FD97565BB365D639E7FE3E310500F856D71C63898E221A92EDEF851F40BA2131C451EF9BA314EBCA492CB4D7240BAECC60740B080
                Malicious:false
                Reputation:low
                Preview:.........:.....O.....1 G..b.gv`..G..q...cX....J...|qd........L.F.i..6.).Lq..d...U.d...y(K@.O..a.H.+.....'......BC..n..N....N...lR.....d....&.%-.>....L........~mx....v.5..u..S.../........L..~....HN.x.f.+*.~.?]_.=.k.WW.1.+j...D.bK%.1.P.CX...cZ......t.hoIT..G......b.-[.9...rX!.(W./y.LC!......aSI.D[..>j.....-..k;.}....]...[....w.9..xP.P.......7r...WF.N.Q...8..J.....Bt.F.._...Cx..a..%D.0.x|..........3......U.'D9.._..................7..,C.M..w.@...P.,.S...G.G..h.O.pz8d.^.3.x.r..o.C...G..W.)A..J?(..N..ER>[=..'...x6...F..&..x.....[s......7v.P...`..Q.......Y.fV....6:......s......Z....5b........0,"J@..>,..u......uQ.A/....h.K...?.w..\..3.....s.<-.!}n..X....9N.........?H.....!......../t[8y.t..P.&.R,.Y.6Su..9...0<=....s...3.<.(E.q.BO....Z....!X...s....GA.^..R.z...SVs ..M..|D...,...,......M>....1%>..B....s.H..{..).4u.5..*7...v....IP....GfN..^.G.O..Q.......Yk..".u;W..4`....h..g.....+..8,A.%.x*;u......."...6..=...G .B........j..pLxS.%h..O....-.......

                C:\Documents and Settings\All Users\Adobe\ARM\S\1977\AdobeARM.msi.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):983048
                Entropy (8bit):7.625384010401799
                Encrypted:false
                SSDEEP:24576:2ucX0PbwtL9IkSmZB1mNw6TjxY5hhuA89:GX0PbGZBsNw6TjxYhu79
                MD5:C2754EADBFB3853ACAF498DD23AFF8D7
                SHA1:3BB3954B563C17F461163CD8D28947BAC060F813
                SHA-256:790DC24C9BB6104DF883BF292FC50D582BB2C786C6D8E062360B2017E3FCCF22
                SHA-512:7C4AF00744BBC6B17337C68379F428B60D317AC34EA47A89F397C51F29B2457B7FA5B6744E4D757DFC83A754DF2545C187DFE52A80063B89A8295CB072AB93AD
                Malicious:false
                Reputation:low
                Preview:~W...p3veQ.#.ml....-rJj......C...e2DNW.;B.a;...);.....A...VI<...A.,Y.......iL.TQT..Y..y;tw(..Pp3KK....9/..b.....=G:& \.}...6b.....Q......J.esf.st.$a.C.F..W...r...#.u../.h.=W./?YI.#4R......NM.:. 'AA......0.b.l....4.v.\y6..=..3...$......5.F..k.Z...Xf.D.....q..+`NU.g..L..1.#...........+.}+.0..I.N.V.).f..'........X.Ah...z.xB.bm.Vh.NTk...1......h..K....[.%o........!2..EO....T....~./.O.%.i......;mH..V..!....-...|e..E.m..........2....AQe.h....Vt.{.)......+.&.09o.....9j.d.<..Bi,.w.......|..>...=N.e..ud.[.y.D...%.G.....wF..F..H.....;/J..9...r..].9gc..`....n0...>.e.7...Q.>/V..........l...ZV......~./W.t$.......0........c..>Q@........)$.O.........kW8...`d...t...'w.....[.F..fJQ..[_)..]....L...H*n.e.;N..$.HZ.(..*v........&..e.b`..X.3...&..:u...J?B.'2.g&i.k......h^!kz..x...3!.@.$vzI{....f....a..xi....#..8K....F.<".@...g...D..nH..-.L.Q$....x.#..-M.m*...B'J...`kT...........s.!..l.qw.a..<_s6..1.C#.L...tW.}y...l.S..xDPV...E7.N...R.:.h...T5.q:...1.

                C:\Documents and Settings\All Users\Adobe\ARM\S\1977\AdobeARMHelper.exe.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):423984
                Entropy (8bit):6.812567711909317
                Encrypted:false
                SSDEEP:6144:qVd2NyuWU/plBYWzRYH5n7LiJdKkAtyKuskePvX2Zp7DmuXYvr6ys/pY:gdWplBTSH5n72/KkAtydem3nM6Bi
                MD5:494D0CD8CDE8149A5CAD25A4564412F7
                SHA1:02640604AB691FFEAC4B49015A61AC0255BC8909
                SHA-256:B5F00E2BF6F860141C0A9B761E8E003091456A834CB90E8A03F6A3C45AB8517C
                SHA-512:9CC57F1623E3AD7F8E69C2CBE70E8880F088EDF8364B1648549F18519B56181A6C8B72D5F4CBDE84D6CAA8CDDBAA037A06D8B2B208B15E5CC82111E4F08A08B5
                Malicious:false
                Reputation:low
                Preview:.?EO..-.8'.!....Ub.4...l.cSJ.~K...2....]..|..(......3.....=qb.T........6.A5..H...D.$.FOI.J/ .Ot.;.|.F....T.~.'...D....n.=l.B....zc+C.M..(w...".q....B.<*..Ce.....b...."...g2..r...l.9cI.V..L...'...[,.....$.c...;.#..@...+..R..k.MQ.K....H-.hQ.#2...':../.).F@..T..........w........f.u..L.bx....3...5.E]6...O...?H,.<.x...^..zH...y........+.5.y.....P.a.Z.x.....]tB...M~.`.7.......\..T.*qW..(Q.....=..5.%h.).Y.<B.s...8..h...!uj...-@.WO..92..a.....y..N.<...F...b....k..w-.O...F...sN...G..X............[....o.n...W..S..J4.W...!|[..V..t..Z.97..,......WBZ....P..~.=@.h.J}.s].S'...f.~<.g...ul....].*h...&...:.J6!.+.ib.6.I....*7.>..!...J[...!.=s...e.9.:<.?.xp./n...}.u8...$.+6.I...?~....l....eA.)....#.r........g..jRv.m,.e...v.+.U.%E=..e..U.4.n..m|..J]..P4K..G.U.&..p....,..B_.B6v...:.U..M.SjcN...D.^.U. .X7y.k..........a.....B?....a.......1+../.bh..'JuaI..V>..4["H].Q.[.L...w.......b..h...r.#.L..W...uU|...9....x..4..2E.g.....q...C....(.qQ...B......h...7c~...K..

                C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):244417032
                Entropy (8bit):6.906775747123068
                Encrypted:false
                SSDEEP:6291456:XWCpELQzJo3S/buKi8FpgpeNcOf77ntTVU5EAb2XO9ot:XWCpELQzWKi8FpgpeNcOf77ntTVU5EAe
                MD5:C266D7BC4CD1AF078AA11334FD021DB0
                SHA1:07B137C9B05A9E219EA768834398F50515E1B583
                SHA-256:859F40B2C700C3998FB00AC054960EA5CADF282FC3BDA82494FAA7F197635E86
                SHA-512:2AAFD88FA61D80D95C708AB10E7F0433883972DC5E16532FAA28AAAB904F2910367F6623CC875A1D3BE30ABB327C762E06D7CB392694AB50ACAF4C0D77835B28
                Malicious:false
                Reputation:low
                Preview:...f.1.8.....Q....8..}......P..s.n.+.b...H..+.s.."@,./l..]....H.....k=..ig.gX.Cf.....*.f..C...Bw...W..Q4....C\.M1n.k.}.*.3f.c3Z.F..]...8tY....YVN.8.2X].7|Z..........O^Q.W..Ng/+u~x....Y....\.hb@....T....f...F.....A..B....51..P......`!.h..V?+.0..Q.n..$k.W.s.4G.m.e..........|.X..T...+N.3...".e.$.p.[..-B.]2.......4.1.7'..a..q.....`........K..$....XL.?.~.M.].+1).i|2.y.[.S.Y....4.2..V.3;...h..GM.n...5.&.........5;.%HUp3._HP....P<.l../V.@wxm]....1#....%......GM..CqC4&D..jF.1....l:...C.....~*4.....KpA..G...<...J..%....k.c:{-. ...i.=^......(%._.lU/.F.x......m...Du3..4.l..4O]..e.....zS*oi.' ....l......9...i.^Z.r.%..a....bp...]1...8.d#^6.e.p....?:..E...6{B...x....Q......5N.jr.a'.e.,..bw..8.$.$K[..-....5.!.vF&......".*LQL.`.|.fQ.PV..H...%..s..t......OFh&].Z....Z....).lH.&K&B..W...$.K.......Q............HL..S...lD..Q.... ..H..0.o.x.....%|_.7.U..C..a......Z.+A.Y."....@.1....~0.9s./..QW.G<.(.w.Q.8..s..>.....N.....K...R..@P,.T........\...?t..o.\`<>L!.Z.

                C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2793480
                Entropy (8bit):6.07045132125952
                Encrypted:false
                SSDEEP:24576:vutYYt68TeWKwmEpuXRGEUHkT86JdNFtGvMy/E8vQsJfyf:ef7VKQpgo1kjJavJuufyf
                MD5:ACA73DA7B65922ABDD2019796E47ACCA
                SHA1:6E0E7E7977CDCACC919828F4FEBD58825863D13D
                SHA-256:DF6B532A69D20522331415F86C1C68FB32760948CEE966432673A99D82F9E059
                SHA-512:2E9B8B0BB13B49F5873B32B2732160E6558F1D647BB7E5EF511F7D9E5C29E58B3553ED72B4836F72A41DD555A332ADC6497E1AED8FC4E8F22FC12D4121A940B2
                Malicious:false
                Reputation:low
                Preview:I.^{.y.{U)......{.nd...{....#........##..5....0j.....$"..,-ys...}=.wP.6w.....|$><....uUmV..fr.."V/a.|q>f.....Nj...i.....B...].?.|^...*Yc.6...hQ.....S.....{....s>.JL:CR..."Q.r.A....N$S..mx...,..B3....|+s..x?.i .Aj...b.....gsB{..J.8X...T..i.[Jl..i)q../.{g. ..f.O..j'....U3.!b..+..............S..[........*=Sg.d.........9F...:.H8....d....E........(..w?FWR....{{...4.`..U ....8.S..<e.,....]?:F'......V.24h..~.TIv.o.e.....ZQ^.j.s.S...U=....`..z1...k..%.....u._..u.TN.v{..4_........ ......a.a.M...lT........#..LG.K..kV.3*L..~...*a<..|..].b.y.mJ=.?.....dx..x.j......p..6%..F...b/.y.!U.... .^......d......P.,f..r..'.......wJ....#K.p......AG....:..L..Y.......,_.^l.(...........x#f.-.....9~..3.........Q..?*...sb_.#.-.i*1:@.8s.~0..-0...a.... ..C8R...J.M..&.Q...I<<...8B..:...rw..3.V.1D.J.k.!.}.L7......Z.{.l".}.l....a.h1 ....n.....W...q.....q........`?...%^Y...za..._..|..n.y...9.;....(r.uNi4............8..)r$.....h>o...<Sf.. .....rK....4. E....(.&.7.)...

                C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):175114563
                Entropy (8bit):6.829207774192238
                Encrypted:false
                SSDEEP:3145728:UIFJHdDdl9HCH6eRwZ+zU5IZ+zix/5bg5hF:HdXXHCHJeZ+zU5IZ+zix/G5hF
                MD5:BC0E77A02C543761D47BF937EA189EFB
                SHA1:DC7CCA60B9DEC24515B6B6EBA7FA022302C3B01E
                SHA-256:B767FC3B9C719F7F6971C1D02F520EC51D288CE2EB460E9AD1CC494402C99198
                SHA-512:C782F2F897FB10CFDE1D07C8F07A6DCFBBEF2DA9D8DECA0294D3B2BEB74D71872FA0F8CED66AE44C68B623EFBB3E31D61C25826E299986DCB23AFDBC1F1B227F
                Malicious:false
                Reputation:low
                Preview:e......1.a....{....\....e..Y[..t....../.lx..!z`>}|.m.^.b.P_#..xX..N9.v.Z..H..G.=.E...y;GY...y.ZV%.%Jg.Yi.......8...:..r..!..wl...tta.B.....1.Gj;3......i..0.^...g.s.x.MK...m....vO.../Y...........u..3..'6#.k.%e4a..PO..\x."....... xj:6.q...3T..[.<......[....l1.oN..B.q..a.R..,7...q.5.../Z..%.B...."._&..C.Rw....u.Z......x..p....A`.1......K>C6.%.#.{....,..%.......!e}56...z.c.#)Jg.-.8.j.../.uhe.f.........2.8..6..I...v.......f@..").fR......)U:..7.E...h.{2...GBy...k<|!...z...:k..|.=67...9.b.....*n6.`...8....,N.(,.fs2....,....Zg.,.eU....mkl.......9.y......9tn.6...^bO.@....q...'$ZE..>..g.y..>+....L$....Y..w...i -=a..jWQ...<.=.fWGV.+A2........'-...#......%..h~..u.:...br...,.......B~.......J.kV.#..%R.".....Io.A' ..}.]5........r.$E..%O.|j.M..>..!o[.qzPF=.}U0....&...&.k#'.B[)..`".0....q.V.......h._KWD....n`$y...i^*..G8QVR..gm..%^.u..;6..JI..h..\..K..[F.>...... .......4.K..l8.....%.....[..j...gs...J..../.....5b3.*._A....h[?)u.S={Pi.n.a.,.b.....UNGYs..

                C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1128
                Entropy (8bit):6.802099894010874
                Encrypted:false
                SSDEEP:24:6N7moZL+lcW6h03fgTvSU4ZVZjH0TH9O5Ye+QUiln4V:a7R7u3GAVZDNEBiV4V
                MD5:5133F4D1831D5964906CF10CC7184282
                SHA1:C1B180C7FC56128B022175BAD6EA0ECA47DC4248
                SHA-256:C9428A02B8AAD54BC813F6C6BC1B069E850E397723C9ACD8D4746349944C8FF6
                SHA-512:0EB9855FE3C97CB63731C2E2F047C2CFD45E53A7DC0465D0353C9078831DEC0DDFAAF4FA1D78848045C6FCC79435C3E8E20A685045C493B0FCE3793C9ACBD8DF
                Malicious:false
                Reputation:low
                Preview:!.qpZ......hY..H..ia...L.5..S.U|%i..2&..pv|h.#......_.O..m..3..8....DO. .6.(.V..?.o...qrA....D.Er0....j...'...(H.....6.}...?...._.X..6....9.r...z..k.....sb...h........).}&.u[.8M.........|..!...z....V...n..d..2>..># ......B...."..9....X..~l..._...5.E6YD.dO0..S..]..C........2q..1..#.RGc~..DP{.....zd...L..8.`ZT."..E........=M..I#3P!.a......f...Y.2t .4..9...y.V...(.hp..............x`.Ua.5N.....E....x.13..`..S.......I..w.F..v..>R.OxN..5.n..Rt.$..;f1/!.I.).pP)./....C+...)..1..I......b.G...@Q..o..v./.z.5.F..}9L.L..A(k.?...%/........H9...R.aS..{x.|...;[].T......@..g.8.l.....p.......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4

                C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):465400
                Entropy (8bit):6.514534685725487
                Encrypted:false
                SSDEEP:6144:NUF6r9keydE9jLVoZLoAgLLS0c0HftDrkYY1hj63hgDonsogCh6NEpAFr:66CE9hAgLLBpxYfj63hgD1ZiE
                MD5:F608FFC1D33E611317404EBFA2CEF2AA
                SHA1:B74687A5365673C0F1AD4F11F960644EC54E8D78
                SHA-256:6767C541F6D9E215E2222141CF5E2537A8A97657FE9BCC1FBE40AD2DD253BDDA
                SHA-512:5891ECC67BA88796C53234542F9D422D07B8A9E0B47D75027A85A7926DF20F866E6F3FDBC5F912B325FF1623A2244D62E14DE3F2E46DDBD60BF9CAB3CFC2DA69
                Malicious:false
                Reputation:low
                Preview:.....MQqb.P.../(y...h..W:.S.{.....J(......)y.)3..K...E.i.b..c..r!..r.....6.:.....@w.....I..U..a...R..9p...=..{...f...p7/.|..1e.....T.pV....A...qj......'*fn.7.VQ..G=.7L..2.L.............z6."a4rq*.R.......7....^s.2...y.....e. .s..h..J.G6z..6gZ.........Fx...54.\.:"k.J.....$v..b....p.x4....{...:.......8w..$..W,B.x.........Ng..aI.....P d..r.^,.{D.....O...............1..x......X.Z;9*..0....=..c...1<INl..&|..c.#...+Ahq.d..v.Pj-......fD.).z.H.J..D......^..{..MB.c.o..K.n..q.2..^(&..'.T..(<......<>.}.^.......:Y...M]..2.w..y..EZ....I?...*.JG..x#.......=W.<.q.*.K$...k....9.....A.=Xn.Z.\m.!.....qT...&.......IknoJ...`.F7:<1W./x.%.u..#p.B..Lg.%7..zJ:.Dt.....s...H7.Mc.n.{.r1ZQ.G..R.7.S..+.D2..}.ud#O.Z.P..E.....].#.y..UY.r.1.q..@....+.l..1@b.....k...%.......e......k..;u....6..ar.........;..^...7.D'....~...ey...g4..U..(..(I....v.H..H>..q!....,..B.C%.....-....x....lf....Z....D1.9.CN.Mlv.a....Y.....^U.'a.e....../.N....q.Z...fj....<..S:.R...a.We.e

                C:\Documents and Settings\All Users\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):734
                Entropy (8bit):5.689073912393182
                Encrypted:false
                SSDEEP:12:ek4ysBXu6/VkxCr9r3ZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:T4JBX7/SCr13ZVZjH0TH9O5Ye+QUilnq
                MD5:6362C86657644C67465D3799164EC22B
                SHA1:59E97F799C46E750893766BACC4907A5B5FD5DBB
                SHA-256:06F8365A086ADD91143AAA479CCC64C4C8D566DAE5C369C3801600AFC13E21F4
                SHA-512:5B8A5E72C8771B47B948A70CF07CE1233308B971736258B806A458DE7AAFEC12614065AA3C241D3A5077F7A3C3BD031E1203187D06F70A63057B8389AC9514CB
                Malicious:false
                Reputation:low
                Preview:D.\..-...t..M.........q....V.$CU...%....: 3.K..W`.,........Fj.y{.C..F.8...=.F.....p.....IC...M....a...."...=......WeD..O-<.../H.3`."}b...X9..tj<....C}+.K.E...3...n../..&[.g.*.h...G.8s.U:..".$h......... .~V.-G...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Crypto\SystemKeys\8161c532f4be2453f4e2b357fecb49ca_d06ed635-68f6-4e9a-955c-4899f5f57b9a.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2085
                Entropy (8bit):7.536886819389944
                Encrypted:false
                SSDEEP:48:6OgsiAq5eJiRVZRV/uhcnjDBaSIojRPyTVZDNEBiV4V:69x5eoRVESXkERSeBiV4V
                MD5:81F3AEBB1E9DAEEF1B5850836A299B54
                SHA1:A29C19D4B89112914D62852A95EF3E0EDDACFD12
                SHA-256:E8F14570F353717862938D005BD56A2ACDAD54167B437362F42057B0451E282B
                SHA-512:A9ED0495B2067E43ACE9FBBDCE00B9243AD2C10FA68B848A69D56BD2DDF02035B70FF110B98569C3B4CD61F7486588D4B06D2710F59A10930F18B72D1FA3E3C9
                Malicious:false
                Preview:l.F`:dB:/H.M..#..\>.......`.....-...@g.....?.BR".pS.dh.......l@.... <...&z.>...B..Td..]..<.8..1..b......}.....?M/..nu.S.$..{.z.4...[......B.I.. ....`t.. :............vA[b.5..'..~3]......`?...?5m*b......A|z60.........+..N...h.Y..~....a.A.......RC...w.f..........2.7..4=..m.m.R..2....E.........b....es.B@..*....'.........4...;.e)....j........'".Va=.3C-?..#.wt..#.A98.|...r...-@....X.%li2\..j4.t....h2GY..x..."...\Mo...I.[......e..+....q>....D.8o..Y..<.j_.......a...)sB.&.......O.W...."-.....Q.=......n..I8q..li(..SP.=...AC..............._..p.X.5."..P'...K...KZ.<..K...[E!.....(.,...s;....(%..x..?t...9...a....{.....!.w...-..RLzS....KwD.......F..h.f..+wy.t......P8....8'N.Gc.Q...!=.#.Nj|q...)F...1q....N.@~fW{.ch....y...y.{.....%.u.v.,\...../6.J^5.|..Qm.+..a4.#.#.A7z..D...O.....e..#{+.8fW.......3 ..y.i..7=...6.. .c..!m...........&.p....3.YP..3c.m...zH...N..-v.O*..4K...........e.Ni0....c.c..?x..j..V...F..$...~z`..e..P...*...UP..yY..I^.3.....d=!h..';..6

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089428
                Entropy (8bit):6.250678348779951
                Encrypted:false
                SSDEEP:12288:SbP7hTWlW7WFWPiYp3ZiYp3qiYp3biYp3IPD/L:yP7hUhuLP
                MD5:EC064766765A7F885B422B2933F0A729
                SHA1:35BB37DA538C71B71F5AE1DFB58A305A9727C0CE
                SHA-256:B25472687E229BE16148C916969BB8890B672424219A5660BBF4FDF56AB9482A
                SHA-512:6687F475E7AE6E63B2144817E16DA7431B11F04BF942E43C8A5A52BB45808F49A38DAFD7C60027CAD2EC7AD7CCF06E9E6EAD8F621642D30FBDE78AE5135E84C0
                Malicious:false
                Preview:..FH....5..{.6PsV_.IPBMZ?.OS.`.Z.}g.`...t....`[.D".'w..~...zW...Eh....&K.5'..t.....C..S...3.3.?x.._.0....?GM.2...V..%.Ep.%|.5.^..e'..B....{.c..(.[X#.]f...`.,..j.[.~..N...0........?.>....../g.F.CD_.....hR.?...-m........<.....RT...A..'.A..6s...5C.K....o"...8.F;.~.'..z....q.z..;..U.Z..........7..1Z...g]4I..&...h...,.m.T!.R)....7.s....P........<..FSS...6...d.-V .X....p..I.:..6..]...Gv....m....8v]..v..$.!..(` .7/.~.Ljl...:J#.Bk...`{.'.O{..[a.>x|..Z.[.7.(./^.C..e..q4E.....E...v...^.0$......|...:[..3.}.k...X...#.Td..../.......[fG.ZY...QS.b....x.._..3UR.@..1].....}..e......Z.........)...F?.N.JbV....,D..Vc..g9....'.rf..7.:.lAPr.&;K..\6..N|P..).).5..l.X..........:..@\......[..$...j.t..d..|..u.{0....}.a..3L.8.;;2@..F...`..Ux../...o.......{<.%.&..oY ....".ab^g.....g.z...c..Iv..{g.M4G...g..u...8......|.L.../+.eIG..O.....4.0.......,K.:T.5..RG....~..R.A...oz,$v.......D.4....c..f!e...?Y.......q.c.T.E...U....i1#O..I'.......D..Y..F.....0."..P.F.-

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:PGP\011Secret Key -
                Category:dropped
                Size (bytes):1623
                Entropy (8bit):7.314976398663098
                Encrypted:false
                SSDEEP:48:P5M1CxKQfqp06VEBbvsuD8ecZXbISPVZDNEBiV4V:Pu1hQCp05BbvVc6SHeBiV4V
                MD5:2CD3BBFFD4A198B031555FB58008B6E0
                SHA1:98ABDAA87EAC142ADE4A594E21956DE4F9EBBAAB
                SHA-256:120ADD26DD2800C0E97FEEC522070F49AE0818E490CDE230A3BDE107293852BF
                SHA-512:8B3EED986FB5652F1DE6EC87D51E6E04D45FDF8528D7E1C96294508C867AF6466F7630BC70A500E40974CE2C78E589B8D5721E4D23A2139DEC788CB7BAAB5D74
                Malicious:false
                Preview:.o$;....L-..(,...&.!m.$........."I>......:..V.......&:"......'.G...d.!...2.<.......:9.'.,..yB..m..b...`...G2.V.#.^ZS..0. *3?".@-.(I-..N.>.~...y......F.VD....i.....N....(.B...(WG`......_l?...:@....7C...^.E.g..........-.G...~.......%.6 '......../..YUk..A..c.*..;......d....{K/..&.8..b.?[..=....k!.ds......0.i....w..@ ...b...N........... ..F..$O..h.`Q.U#....`CQY.R|johF...t......`H...4,.uV.........t>v}n.......R./.t.l}..}..|..R.....p.q...-.b......#...*>.....=:M..L{<Z.?..h...&.Cc...3.Uw1zo.Y2.CJ..F...y..5t.pfo.t...x...~..8....4..r5.'..h..`.%.0....O...P.M.j....w..[2.h+..o..*KF^...x..a+.w........B.....Sf.:..S.*S...?......VL..Cs...{FD..&...W=.)3v.-.aM%%O.d.J...z..w~..[%P.9..........k.x?NZ...K.l........mG=.iY.w...t:M.....p.u.....I...yU~....i.8 `...?.....O.#....v....t..L.Y...W...2./.S9....i^7&.ah.. .....CO*......~..'?....4.%.#.k..6.>.!.K6..`{..P.......a...{.0vz,G....#......-...`O..C.\..b.~...w........c1Y$..R.0.P.<KZ.q.9$...P..y.Z.3.lx3ZD..nC.)F{.V?E

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):4148
                Entropy (8bit):7.841603592196144
                Encrypted:false
                SSDEEP:96:SxxkRWBKZTgnur1GqAkuMKpqFEIBsSRC95VSgCRcMnjkHF1CeBiV4V:S20KZTgnurPAeTFHB7Rw5Fy4lNo+V
                MD5:103A54DB15B00483B0EE3B5B23E1B52B
                SHA1:4E28A05A91E4554A4F472763521072327D34530D
                SHA-256:4902EEB091B6B55073ECF8A94B579BD0BAF317EEBEED24A2F7F10B2695E33C7E
                SHA-512:5A870B1875920D5DFC76360CB70EA07F82203AEC17615D4DFEBAFCCAD4A79986EE18D8E5462A01B8CC3781D3BFC167B313528AFC2A79A001457CEC401379FD2F
                Malicious:false
                Preview:o.."..!......./.....W.58.V...k.Ig.......oEA..m.]....y..%..~........Wv.......i ..hq.3a....J..4...\H...hDG.../...c.>..T..pxe...J kUw,....gT.Iu./.^......s[..Gb.z.....\<..Pe....J.*. ..n..........CB...8bnR>....5....0'.rGc..,../"..x....:n.....Q..'.u....!......L`..G.............J.....Go.D....a...h...w$..(.)..o.9:..^3.J........"s!....mHO..........x.B..h.b.E#Z..aPC..R>...2.8...`...`.IA7.....l..V:...*?..8m...W...2.+t..dy{z.Z.Z..%.FV...J</.*...=.^.....'......V.5`..l4..CU5....W..Of}....d......;.p......t.DnsX.O..}5.........3..3.}..qE.*QI...........P....b.i...<...;hWs...#.x. ...8..............(.....t....h<...X.6.......-...JJ.Zj.*.ZQ.........{gd.E....f..L.....N..}..w....{%.+..:8......%.c.]..A.;.....<...e.........W..}..t...(..K.#/OY.X..;.|hA>....a..M..CoJ...*.....I.Ed...n..3.6.\........OB......N.2..n.$uh...d....Fy.....Lgd.....Y;..g..N. .4c.P...a...u2..;r`.Kc...q.0...j.s......R.c..T.Ln_41G...U....u!.......:.8.M.LM@....^..h.....W..>r......2."L.;A.<.2B

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.diffbase.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1812434
                Entropy (8bit):5.256056045203617
                Encrypted:false
                SSDEEP:6144:GbXXiSzNJbf8x0fpz4pJP+2JwVhGNuJJ0Ug8DMazT1LjRux/t1UhKiGgGoVmVFGM:GbiSzbbk0xz8Bv2I8WeIQzrS
                MD5:A25820D5161E1B46AF89C770AF829CD5
                SHA1:E01F402E8E8255EC8C7951CE34D32781DAB77FF8
                SHA-256:8124E98A8DCEA84DA39D8DC4365EC82CDB01F3EA17D24F23878916450CC6DB17
                SHA-512:2CABFCE0A4063686ADBC7AB6D3AE1916BD0DFD55F3F7F35D0F5359281FDDF2DB335CB7C664D6FA229385E43A03717D275563CC3A2E03F685ED44264D2DDC20B3
                Malicious:false
                Preview:5~....:.T.p...M...=.3.....-.M......x.....%..mXn...SG.{.....i....P.F...t.Lx.z-q5.,7..L.#......C.NE.Ls..RT..aQ.9.#I.=..../..j`...#...(....)o...(..h.S!..-._B....'.K9!.....>.\..F..!/.]EJr..y7<L:..|._...'b._Zm.....BP.Z...a..Ns..+.-..4C.....(9./d..P.,k.,.|....{..M..'.2.U..#........4..6.s'x.y.....b.e.....i.0....&<...E.\$.%C...9',K./2.i...*...Tv..Fd\.|>.].(.S.T.u.;..*....X.g..+l.e...{.?#[rd.-L.-,X..>|.......(p.......W7.4SbjG.f!;./WS..{."Q.Po?. ..wW...............i...|.,+9....L...q.5.i...tp.>"a}-..2...m..sp... ..-..-.{...t.....H...o\..5......;U[..k..GL...U.i"...Lw.;...yz.Bk.N.V!....A-lY...r.e.U.5Y.!L....G.a...........l]Y..T.oz.pL;?.C.={.......&".c.>..R;....g^.l.yU,...Q...`...nr..Z......#V...L...}T...({.!.. .O%........K....q.s..'=|C.*j.+&.P.......,.)^JR.t.qi.k..E".;.9.ei.#....V.....L;6.. ....S.*.n&.e....i.-_....3..x..Cz.J......\..Kxz`.......*|..._...;..P.'........z...x..(9...j..y..1...SfX._;..}....k$7...5......G..P?.....,-`.......j.e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\OfflineSettings\offlineblocklist.json.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):551
                Entropy (8bit):4.420858583820719
                Encrypted:false
                SSDEEP:12:sDL+ZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:XZVZjH0TH9O5Ye+QUiln4V
                MD5:9C97C714536C6C8587A2750DFC977E9F
                SHA1:34FE6E0B83C79B34CA5D0EF9FB5C07660DB7F896
                SHA-256:7E6CE979972953D3895912CBD06F8551EB64372BC65C2EF7635B07A20CB91D62
                SHA-512:A42DCF65E4477DDBEA5E2BE8CDEBEE5C6EBFFF34EE6FF50488FEBAA8F70FFF4D1A45781275DBE23CF6779B6A6F8E8D99C100040498A92552CCF73585A484A1DC
                Malicious:false
                Preview:..Q{....G..W.....O.T.<F..b.1..D..y460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Diagnosis\WindowsAnalytics\analyticsevents.dat.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1396
                Entropy (8bit):7.14018132302589
                Encrypted:false
                SSDEEP:24:hR6wpb8mRAZId83o2YzPz5oafNA6WzS8ig+myFRWv1p6NkZVZjH0TH9O5Ye+QUio:L18mRAmuY26bRWze44WNp6+VZDNEBiVq
                MD5:8771599782ABC1EC2FC86A6CD92EE363
                SHA1:DC1CFCB145340983785957551214D4B4EBE8478A
                SHA-256:E038D7DD91590D535672EEDED41DA8FA1ABB75B7B82DFA06EB51B6C6CC9B8B08
                SHA-512:412840F8C3F1578A23B0A9002A1E9DB517C72917F14F1223292581BB332B0BEFF75D746A720F033A75CB38DDDBAA7BCF790C9E7BED57C1D8F79832CF22318E7C
                Malicious:false
                Preview:;$..9.0.|V\._A<P..5d=...T.Q...c..xU.....!....J..>....s.d.~y....H.M.......3lr.OBI.....JJ.W@...E..1.BC/....>...2~_....i1V.X...6..K..'c.;.4*0......h-....QL.."..<i.... V.?.).i....rv.r..8f\<.../.k ..0.t..0[.q..I..H.j49#Ot.t..d.....;..W,..[r.B...a...~C^8..........f.....-=J...m%o...`.S..o..~.n&r...|4.6S...'c<.@..5.\l..l.GF..T.U.T....W.U+AgG.2....w......p.....c]J.].E%......h*Nk.1..V*.F. ..9....Z..j&$...!Jjr....6.c[../.(.e....IM....=5..2.._J.,.G.A.K...$......-.....G..u.7.I..2...n......=....%t.7\..s..........!.$....,..W..J.k...i.o..2...S1....Jz..3.O..[G..d...u......d.T..3".....a{s.<.c..l..A..[....}.7C*.}!.q...(!.[.r.D.!g..tR=......x>.n...;.w.SM.y....T...../....).9..]...l..]<....(B..c1C..V1..0G.;.%$.?.....I[......XNn...5...-.$.l.Mj......fe..N...Z...8..EC..F{..#.R.qg..$..\?4.M.p$xH.td..^.i>E<!.-:...w..w_..DN)........)SG.z.9.V..p:.T.e.N460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):13266
                Entropy (8bit):7.971743178383917
                Encrypted:false
                SSDEEP:384:6887gu6Chngy7VtCyKo2kH1HVvE5TKNJXV:6996IgyUDadEFMJl
                MD5:BEDE332009D998676FE32C291E54318E
                SHA1:EB8E90D6560803CC535E678089B3D841CE99FFDC
                SHA-256:532C13D7F54041DC15AA233A696DCD99F366FCAE71BB3CC33D23C0E8AE801F49
                SHA-512:3E5D337779C50AB07DF6C545F6D88FE88D63386D0DDB09A9B1DDBE0373CBEEBC845E5E3F845FB762FE45C1225E0D0EBFAECD12FAF54C548C60ACC72B07C06ACE
                Malicious:false
                Preview:..B.#..#..7J.R.K..li9c....8s.|.4.{...gl..CX....d..v..co\........K..Q.n.N..Zd....4.....hO.o......i4.A0.h.k.W6f..0.>....mmz...T..}S(....A.f.........n..?.p.%...A].b....D+H...A..[.....s...C.K4..y...c.w...G.B...Z0V....-.o.b.5.66../..=r.......!q9....H......L...K.N...+...........4.y.......|#....Q<8...b?\.8..I.....~......!`.....Y......dESn:..,.<:X..j._U.......>.G..h}*..8..p.B..)...cy.I"...........>_0.$.I.v_=.....!..Y.U...I....K..s...o.)..Hs.h(X...:A.@.F....THL(.c...K..vqu1Zt.+W.n,.'. .#V.t..z.,.;(IE!....O..q#R......N.....B.L..hU`.I..r!.|...T..g2...~U..j....R@.aY.U....c.......>..)d.....e.aX...a..F....q...&"..mxc[..R..{|kyM.5.y..O.........wc.`,.0e.0..PJ..?._*.<..'.x......D.O<YT.Ah.....jQq.n.{by....K..X.O.iJ.I)...C.eI.I..,....z,K.%...6.:#mn..~A.SN}*.!.....'98>.g`|.;.JK....{.. ].BT.Y..b.g...eM..R..f$.3....?xK^.ISh.I.87puM.=.QP...A.....*....,.@.LY.I..~*......e=...>....o.,.. j<..4>.#......'.._`...............0....AE...P"WU\.a......'=..<.....WrhFC.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\IdentityCRL\production\wlidsvcconfig.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):14760
                Entropy (8bit):7.978033243801228
                Encrypted:false
                SSDEEP:192:eGlGurbcggNxqvWfTPyFU3Od0lYWBEk3qVukjDtFu29c5ahz8PtTfgsxlBvq5atx:eGmghWrydCvX8uk3tFuHo8P10IV
                MD5:87FB06F83A7134AC0F9731AEA9CAD3F6
                SHA1:D1E257837B56A630EF7940DA213DE1F6FB13FBBA
                SHA-256:FA5C5F0C7A2006A1E4334B03E738BEDACC266F562EDDAF1A6BE0DC2643801880
                SHA-512:F1E4AE487C2FB72FE0A25C97F8507A7B11635869C3029138F1DFCB2AFED478D9FE9CCEC70EBD8F3EA610197856CE9349E90ADD0664046E0B541A9F51DB21B844
                Malicious:false
                Preview:.\.6..Yx..0...Q..b.....W;.K..H...@L.?.?h.9<.J....m......5r....y.O.)7...%.d.p..;Wk..M../..k.U-6A_..3.UCfM..M....D....O8..9thW.i..GhCH...%..,t...#5...).Ply.b.....5m/....B..A..1.{...d4f.....gIA.".....2./6...x....Q..nc.;i.B+.;!.TOF.$.gbEX...-DP...b....s...\..."=....I.....0...........&......}.rm..zm.c/..L..vTz.M.k..8c...XJ.. !.4xRa..u....T..9.>t..q.;...ze.6./{...(h....W.B........!.....)..9..2..o..D.@%..C]...3=.A.O..{.npQ.>..b-..n..~.D.x.xz...R(..*o.l.....B..~...'...R...b.&.u 3....$...m[:..'...b..?.48.E.m...c.""0...../..'...{B.....0...CM.Qs.)1..e.L<....uc@5Ek...-P.....\.r....B..C.X8.F..]..Tc{.!.O,.j`.#8B...RN1q..?e....Ng..j..T.c.k.*d....8M. ........*q....rP\.......x.!.`._MA..X...g.G.*.i?M.'.b.....-.M.F..~....=3.8..uZ..K....~....-OyT...n.\.f...Q>mj..0.(..RI|.=.O.nRRfdb..k...`...y..........[...+k#.)..Lf...`3J...b.W.e.<......B..-..8I.Q"..z......q..........i|..\...]....R|.H.*.V...pH.n.=l._...2,..U~..2}.B..YI@x.Q....W.E.-.7P.(.}.5&.Z\.".^'.p.Z.`...X...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Active.GRL.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):15492
                Entropy (8bit):7.976094782842844
                Encrypted:false
                SSDEEP:384:UXKO19cBRoiAWk2WHYo7sZmEtNunhHqxa3xwYV:UdXcHbk2WLfS6Bqxa3x7
                MD5:93EA6298A5B2B8093DC3F103D642E180
                SHA1:25AC420B67628557D4FEDA626FC468C4AF2D4BE1
                SHA-256:3BA1C3791E5FD385271B2FB8E143EA5FE7FF35CDB380685DCE36B7868815A187
                SHA-512:4A4CE61D156421130FF32496B41E4F0DB910DD160AD614F1618BF6D855E7E3903B6762E18A6E5C22716162AA157B172755F2FFD9673CDEC0CBBB99BD02B4BF9B
                Malicious:false
                Preview:..VY*...:..M.s..7.<..6...$1X.C?W.;.........+:@.v..s^...........Ba"<1.H........'15.]$k...}..L..(.! ...........l..!N..._......'..&...l.j6 >.Jj`..B..h..mb4..c.;.e..3.p..2.....O).v....j......`wt.....}.T.......F..p'4...r%.i..;...?.].]=. b.H."...<D.f..x.I..M.......TeS.)`...c....Z...Va.|.....!..l..K0S.3X&~a~+...V...G.C1![.h !f..w...v.+...e........A.....D.=.m...N&.4..# .1.C..$...e...7.{.pG`..j....*....<.PH.;....-..!`8V...6WKnR.p...U#.h..,..Zh..t......P./.'ss.2.n .B{..0..A ...E..Pp...m.N6.=k./~.S..V....pvg-.HR!....G.:...s\.NQC..'5.r.M.{.{.s..2.~`....8....+T....,...Y...l;.o...ef.X... ..-..l9......D..S..#...^......8X^......i..!...@.9..#-.N..r..c(.o...I..-.r....i.w1........M... .Il......^r|.h?w..s`1.....+..I.i..v..KGw.I...d...5.p...P,.$..mwq.LB.._5.`#<.\.S.!.{G0.TL.<.h.....:.4IQ..].,.....B.c....#LF8s..8....47....Y..>5S.|#.....IN.:e.p.~..m..O<.....q..:m.c.+.!.\....^@n.......6.F...;K;V..O 4Rj..N.W...U...Y.........#...B..y....<..^#..{..O?.(O....w

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\MF\Pending.GRL.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):15492
                Entropy (8bit):7.980845333418046
                Encrypted:false
                SSDEEP:192:Ioiy3viKanLGb2pwIAK8wKyHOdo4N812tL/x0WuQ7c1oHSmCTaIYaDDrsOC7Txrs:tiy3qdLGQ3KeR1kLWRPmQXsLQs3TilV
                MD5:32BDE1049C69EFA88324446A9848E11A
                SHA1:2C1B85D67EDEDC356C1BD90C783C605D8B43660A
                SHA-256:8C044BE0592CD3C7140FEB132FB6C27F8919DFFEF3FD65E156F17795CC373FB3
                SHA-512:23315252D57EC24D18F284FBE62228EFB51DF14BBD437F3D6A99709E4667D6C6B6EAA9758C50237DBA6387CC7607E081361324391D1BACDB9A7EA47148E78716
                Malicious:false
                Preview:..(XWI....oC...9./nt..-.....q..e..B..@ar~w-..I9..#.f.e.....=..Gh.#.uDp\..........,....p}./m....%..[I-ZgK].i(9..o..Gm7....=.V<q...^Y.:.-Rl_....i.%.M..$n.sK...x...wC...VU.0.S.l.t...."...^.Yb..V...a.aC...RL....wtJK.U.&.v.x:.....8..(C....o......)m...\...?....6C."5"..Z....Xr....!....6.ey...\.*..Y.q_?v...^.1.:#.*L.....B..a...uxn.F..........8_.....#.-....I...v]k..J..4.Q....k...2?O..E.p.h=,.'*R..*..`.}q..B....j#.M.H.w.[Rl..:....iDu..b.uX..A..B...:x.M...k...].....f..:..P...KWc;xt.20F..[.T..1\l.F.%.....H.i....ck...5..{...a\.6.O.##z.A....t.pw...{.{.)w...:.}..,H...Q......4....[....Q-j..;.3r..EU.^S.x..X.X..*......tRz8HfN..........Tje..#-.S:e.\.f....3B<L....k.Hq..*.w=.=..Q...d.....|..%....i.;...~.w.S.X..3;.hQe....!..."C[.a'..#.?..}..%...>.....h.o8.n.z0."....s......a.=?.......?..[....~..QfB4 I..Z~{.Z...6...kf.8.pN...p.r?L.h.(3{..".....f.7..j....A?..#..!.NMJY..%C,.=..#.LtiI..<..a...]. 7k.E..r..Ecl...d.-.K..ki.....bM,....#*;J....qz...#..A.q ...2.&..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edb.chk.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):8712
                Entropy (8bit):7.947365308354234
                Encrypted:false
                SSDEEP:192:VZ7nCU3754Sco/kY11EwSnSXD/t9Hc0gRVcH9oZwDXlGU6o+V:VZTlco/511kuDF980qV6oZy1FcV
                MD5:6154802AA0E93C84FFB41DF91A477975
                SHA1:BFD4743A11A3A334573377E2D1499DFC2AB53F48
                SHA-256:4C3B59900EBC1357BCAC7F817F61ACBBB87B537981E17FE4ADD106B9A56C3DDC
                SHA-512:1D7166956AE640454EBB57E0AB81D495FECAB5396421C4D9AC53AABD5D79F9E1367F1E59C91E2A64533E890B75B902630AA737C5B02B4463ABD9F6F319D081F5
                Malicious:false
                Preview:.$.o{n7.J;.Q....7?nf..`?...#[.30?Z....~,..x..|k~..E..?....h..(.l......8..=..c......c..A....o...q..\us..1...Sun{.....Y....{f....5Q.S...Z..fA'..M..{.N......B..D.H;d.5.|!.....o.M.tM)..Dx.....rX.....T...X.......b%........c V.rfQr...i;...A}X..."..0,........_.?..zW..8...@.....3.x..P.#..W>K..w...I..........7.G.'....2~......&.m.z Bf.o.rO....`HT....I.....]'d7.i...z..H&..o.......q~.....e.8....,.M.k.w...9....f.#..z.2"4.B..n....s...7..oB .:.w.z.n.E...Y....6 x.0.uH..-:X/b+t.,.T....._..w..J..2.X.......Q.r..A..M.^.......-.9....Z..'.Pm...d......l+...9U.Q.NTn8..1!.K.yQE.0.K....Z.1"...\G/(~..........sT...kbK.m.s3~}..]BO.....{.5.Z....'....4.a./..;..iU...h{.r...<...;..s..1.G..W}..p...@8......eywC}B.......8.-}..........r.......{...ll.$q.../c$.54..t....AU...R...c.B.3.\.=....A...0......O.r.$.w$........,...Q..!y9d.IV..7......5.|/.01+.......>t..>+A.G...?.9..X...RiH.b.R.U..n.i.h.-......Q...N........?..d.i,.W..h..^G..+y+..dN.....zD.>..@Yh=....7....]...[Y.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00001.jrs.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311240
                Entropy (8bit):1.0209134036805216
                Encrypted:false
                SSDEEP:1536:C74/lFYsaBBKa5hGBQso36oarwreJBQZnsgumx6/vXVFPL+G1Z9Kn0xuy9S8f8Pk:C+FDaBBjIQ16miJBQNu5fVzZ3c8fMK
                MD5:10686B4E46D61383F815A7FF16D9CE89
                SHA1:E5CFA5A5C10DAFE232A9D5F353D714CE6D26FCA1
                SHA-256:134D18D5358B8F7B6650A34B6B34B4216839EEAD1315B81993F20CE704236D13
                SHA-512:E17D052F90851735F7DC5491134833EF9A6C9594483B12127CFBF7E691EB3774B00111EE758E11F059E4BA495AED053F27F778B5290B869077ECFAE954A27322
                Malicious:false
                Preview:. ...+L.A T.b...{.I..L.._...4.;.%."...=.....m...j)nU...Uw.?.@.9F/......d...)...= ..!f.....y!.,"....}........'j..Y..J.Q......u.M..O...j8l.nV.F...44.B?.E.......\.......x.3U..;.x..s0Oo....T.*......N=..G.{.-..+.$..j........WG.u.Q<k#LP..P..e.L7|..2.......r.F....+..6......@......,GI..:.\.8?....R:m....k..../ a.ih.U).MW...Y..A.+.}s..H.=R.....@..x.s.e.8N....@.O$ ...y.U...[Zb~Q...ce@..;C...~..y...yg(..}.9c..m!....F..).%..z..4...kw....H..N...r-..........*...g.D+..@.Ie^3....a.m.Zr.S/....-...a/J......n.Y.e....z.Ud..(..7j...u...xOz.-q......'|.3..-.......g.......z]t.0J..........c..,.N....%..I...^.T ....k...p..6%....2.d..R!h..>..tG_....Y..q......\.B.~%...Vt.Z..(V...1..........~...7hPO......S.t.....=G-,n.b..x......{...0..S.`).>JF.R.+....[.I.C.V.@N..J.}W..N.&.$..K[>[.E..NjOx.Q.G.\\.......b.uoIfC.:Q?.H...[.@ .2.P0Y4.. _e.....`..d...^..1..|T.37.DwfU:....i.wz._&_7.(....L..vUu.x...q.Os.......$p.$.g".&!.|v...D....`.4....G.^h..n...x....c.@:...o..J-K...J..f.0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbres00002.jrs.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311240
                Entropy (8bit):1.020631593232994
                Encrypted:false
                SSDEEP:3072:4r7YhWBq8cJERHzgWn2KM/6n2nc13l1tS/D:4HgWBq8gERHPtMmMD
                MD5:5BCF7246F74B1C533C77EA19F477EE42
                SHA1:27148BB7E49ADA6B1C379E62F24F62287C475AAA
                SHA-256:B9C4E9DBF840A24F39A455C9CAA21CDFD62E513508A6E51B1B1D525B120A418C
                SHA-512:75149D6635C4656E9DD338E9B91F295F8784EF8F33DC0348755F23E51DCB63F9116EFB12F06EAA4A5058419135A5A43330AD8D9E13BF8C9B26797ABDF674CF3D
                Malicious:false
                Preview:T...*aXoR`".^....\Zl.t.3.h..I.`.....$J....N.....v..&-V.2.f....ABxy..]m.N.!...A.n.7......T...J...x.;G..=.k.|.........V.%b........;f$...WO}.. ....6a....="....T.=..B......F.#.N.b..<..`...z..{..Cp.A.:q......Lv.z3N.....+....:...@)..}.}....,VFH.J.....J;.t^,...t.RhE.NMb.#Y.?4.......,.s..,. ....G.V....{.W..(.pdf9...U......Iq......h...n`t.8.`......D.....%.,....R.................f.=.U..cm.6.J....SD.....[...t^..n!.a.1!(tI.E'...~d.r....e.k.}(.N.8...k.Y..y.5.........X=..E.H.2....W.e..L..1...v%m..k............6..|W..E......i.....70Y....ps..~aXt..D;......9+.z....Hn...af.....7..:..'F}.....S....r..b..|... ..N.{....b...r&.q..G...X|...4.Gqa.L ."\M8...283...>j.Ti.#R.N.&bI_.^..zc.......U!..1.J.g...N-..-r..J.-.,6.9.q.S}}G.~..T..K>....$.......Q.@..+.....T...s\.X...v.p......\3s/.f...l7..'..j.r.....3....EP.....Tc...b."P0...#Y......4G.o"...9N..)#.%).Y5.q....uN.G.8.M.9#..l.).2....Y.........l9.5........E!.Z.g.e......v-..U..+i.a2..`.u.....~.p.\..._../U..|hvD.O...P[.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Network\Downloader\edbtmp.log.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311240
                Entropy (8bit):1.0207589710685068
                Encrypted:false
                SSDEEP:3072:VJU22Cub10Ypzxs1AAYnLZdfB9Os2PvzLmq7:VC2Mb2utsQddfB9OP/d
                MD5:07D798413AA54509BC70E499F948CE98
                SHA1:B5C36D6938037CC4199B2C7FB41C8BB027EEE93C
                SHA-256:59D3855F4CC972976711F8A6DAD490CED3B019893EE6887CB41247248CCBF034
                SHA-512:AFD56FE9EFA9D5338275605750D4322C80E3014E69AA1BFA6377C7A32F34F529B8A88B815FD2ADC7AD4644143F7C0395E92A5CE8B319F8DEB63D45FB162C84A0
                Malicious:false
                Preview:.V..f...0..}.X&...+.&......T.w.R..:...., M..Q......y....8&.r..I..r&.X|.fU.y:..`Ze....... .}..2*i.o..B...'@..BZ.9F6[.7Xm.E!.......K.N..CF..g.?.K.p.b...C*..w...M.K..k`9L.....'....z....Oi8.[..`CB..........E...7.!`$..<...h.k.&...d.b..@...P...5*uE."d..I....c2.C6..l.....x..>[..{eP.%.m.Q~...D......0....L.P.2.v...e.1^......2..8.........7.H../..H.]''.#...oc.m...*xY. ].<M(]....O/...Sn..d_h.;..2..1z.S.k!.7...wh...$....q.....m.]....{q...F,9<W.(L....o.S.....T3.T`..J.J.p..[I.(..Mj.@g4|$$4HJ.D#|.....j...R....L'.ld.....?...Nn..E..U.@Z7..&"...;vE*..XW.A..5....?.L.F?-.9N..J..c..]...T...K....z.M...Y..0G..gNew.+h..<a..k.x9..#..|)..:~..@.T...0.N....0.b.n..1..].%..>.ie+.......('.........9...xq......q.x..:dl...*Uh..8..^.Q..K..J....c/...o_S?b}.f.j...a:..C.d..XM.....v......S.O.v....XT.M.....\s....39}~.............c...P.=...yN....&)Dx1+...d.........SMr..?8.&...Z..!E.0..d.....8...B.?E..,~J.t.b...{..%9.r6.w..m..yt..,.|.....Z.VR?b.%.'.E.......vH..<m..c(_.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\AssetLibrary.ico.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):5950
                Entropy (8bit):7.90944627112566
                Encrypted:false
                SSDEEP:96:r+p1dho2uqHfAYLR5cULCcc2kz1d2LzWiOTSJeGMLRYoWdf++znTOK1eBiV4V:alddAYs4C92pG43MFdWd9znqKoo+V
                MD5:26E827B13DA72ECE91CC1FCB6FD67092
                SHA1:CF24220C28283554B0A4C4ECDD77916EE4348C9D
                SHA-256:1794B6A160FED4ADF8CCCED9780285ECFB1F6ADB6C2F8C429E0C4161D0BD6EBF
                SHA-512:CE2676E75E63E38D9A3D7DF36A0ED4ECD7519CA481A6756516115F6FAD055F66AD5C77EF3A4FDD3EBE9D88C846F1BEAEE027CFAA918941318C4869F0C216AAC5
                Malicious:false
                Preview:...Y.X.x.'g0.89.o.RO.J.I.....&.>....M..t..R..."X||..`....m...r.L..R.GaO....J.g;F..P...xj..RF@t.B.{h......o.J/FA.5.W...u;g...n.<"....3..r.C..\..".MWQ.t..BD.F.Y.. [g..YI.^....c..c..x..?u.......R).}.}CQ.......c.0..."4......f....."....].o...k^iJ..R.|..{.]..J..9.@9.J=G.$.....4.F|I7^c<|.......9.lP".....i".....bt\.h.`.=.R}..4f..[..S2.`.d... .r..M..Q$.i...].U...G.r.....PQ...j......$A{.V.3...f...~G....,..'FZP.o.4...}..$h.8.+N.e......_.d...@.v~v.3...N.nh.@2K.]1;.:.i....M._..]]..FLG..(4g..T..A..w.3Y.C.....8......^.s...`.j._..m.oD......F.ua.<$.S....?..v_ d.s..zuz7)'Y.pSCR..8.&.^KG..5.....h.M.@.J....x-.^.[.e.,u.w.....%.A.`t.?.....LZ3.!..S[........N..2X.'....Z.-......Na.Y.K4..7.....]_8.nb4M.,..4~.....vGUx.;.R.N..#.k...u.A.K:~...#..{.......(.&.....H?.).E.@..JB.cTYW]^\.....GD......._.E...^.s.(.......!s.?W......4G$...l6....h;.E.<...F5*r>.P.C.X:.8t.%:..]f.ETT...I/..,.A.B...r...8..T.\.v....-).Lm..!.FG..|.&......-..A....v.l A.Yn..s.I

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\DocumentRepository.ico.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.988955987301468
                Encrypted:false
                SSDEEP:384:Z8Mdb5oQwTzYG4GcWyDcK6g5XXIpOXwM+llpP/MyWAVBBiScwHoEIZEIN+sV:HNDeYG4HlDcKp9Nd+llpMyWAVyJlES+G
                MD5:DF6F2EE78C6A1AF7CA1E497A414B1B31
                SHA1:4C694A99A72365C2C621D23E8E0ECC573089FFF9
                SHA-256:F2C3274D6031E593F432A046D0EA0CE5370C3C5B8D373B15515CF3991E2E4ABB
                SHA-512:A2490073115BA2ED695D50A354FB935A251469E998D79166E6BD896B37B9F715581B13C1750BCCD31C200322E79F23985A1418994EF36A6031BC9A668301BE1B
                Malicious:false
                Preview:..UyD...Z......."S...:C<..g..Y.<mwe..o..+o.\.'L..h..m...e..... "....N...........>7)......z.P. ~....T..8..Te8...vY.~m...=2....+..m$..u:P.f...7G.\.E..P-`.KU.7w.qf#i?f...X.v.=G..(.$.|...../..{....d..&1......x;.1.U..3.?..r......PKq....^..6u\t7.T..B)-"c:q.J.u..;"k.k.}.....4.Z;c...$Ne..@.Z..+KyC@4`.bP=..C...D...DI......+.e....g.....Sw.l.7.O..........bb{/..l..$^...G...sW.o.].L.....O6....J.l.Ie..........Y.R..W....w0j...\.P.aeL....;t...5.)........R.5...q.p/..DLC..(=.$b..s.._C.2..M..+l...~.'.....;@.%8..P@.....G].....Z......'..d..g..:.0....u#...Y...WQ..@.f..?...c.......b..b..*.1..M...MA......0..y^.Qm.^..Zx..u....l.C/(.>Vg.q.h..?....X..]..G.+;G.]v.&v. ..Z..T*.z.K.[Q@..@zK.<..)jw..;..4..9.h.Yi.to..r.99...q........!P&%..j6.....6.%...1v...]R=....8..i...y.|.V..kEX.....D....$..x..:.U....-..h._.|.Dd....2*....U..j.^......{k..=>.%4..&kF..a..b...[.v........B!..Dk....#...bR..a..#L..t_ c..6.....j....1.oD..dF.=.$c....././.3.....pM....)0.'.{2.nm..n..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\MySharePoints.ico.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):99792
                Entropy (8bit):7.99777753481322
                Encrypted:true
                SSDEEP:3072:hCGusUEC7HATCpg8lo26xwXvIGfgpJHaNmGCOl6RMh:h/k7HATCpgAj6WXvIRf8h
                MD5:55B36F0A5D5C80D6FF479F70F08F4EE1
                SHA1:77BB8206C19E52A018EA2BBDEF86DB8CDCE03CDD
                SHA-256:2FFF93D66D0F0D15D433133DFB8CB07FC68F8ACB1CE6A44E90FE027A9A267D15
                SHA-512:BC926B583FBB8892D82F15415FC777B683D7750A4FBAB368DB42E17766A0587610A8494AE5CE18CA350CB973F9D920D770CF0442E4EC0E31F2C57A75D864FD9E
                Malicious:false
                Preview:.bX...|K...T.<...w.......C.8...C..x..5.-..^.d.. ..I..Cg..E.q........@.!.B....q.jrO....4e..a.^.-.(c...p[...;T..+^..n.j.q..,.m25.U,.].1..u.....x..|dW.T.5.o.#Zv.%P.....=..r.&..r......F..m....y.:.UV;...x.x.f.*R......E.K...O#.lM......|..q.....'..A8.F...MK......8KM.H...3.....7j7...\.:.4M.g...$.....1..$$.../....~.kl..xO9..5.JCy..W...pF>..3{...O..(l...~..y.......c."5....t>...)n.G].;.~...<J......8.&.{.|.....+........w..n.u.G.....#/...^x.......W..T.T.,gc..)....."..0...h...(".....r.[A...jf.....9X.).y...itX".F.5...rekL.g..z.\EZ.XH..H....Ul9..c..jy..c..x.ib1.9..>.>D..u.....k..K..".`].....^.%kn...$.;.j.}........;.r...;..I.....a..{.f......d......-R.+n.0.eOw.]r.wl.]._w...y.q....-.u..zj_...iO*..Vq.w:dx...`.qB?.RT...."KTm.....V....]..*......A...3.+...].........5...p.q.Y....R.Yo...7......R.#..B..-Wo..P...>.t.......M.<...Zf.....Mg....x.S.A......b...U.F.!g!2..3ng..E|.eo.>y..*..[9.n.n.NV..du..K_......I...I...+..b..7j.[..V..=-..G..P`H.......A(".L.t......o..........,.X.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\MySite.ico.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.98826978781403
                Encrypted:false
                SSDEEP:384:PnkLUQPilxFIrOgtIpgLdO8bTcn9upPePHR8imARIcq7olV40EQnDYk32qVV:v4d6lnIOgupg7TCFPHmdy40E3kX
                MD5:3AFC15FDBFE9FC4F418CC4A4A433DEDE
                SHA1:D2939329E383623055A8F5F7686CCD0A31A8A506
                SHA-256:85ED88DE69F03DA964830F182B56504D030E6ECEFAD3AA32115175B27A99B344
                SHA-512:5A7FF300AA7919CD9C2B2199BF30BFC99C28839F06A008523DD9D7683C06B42FB51F543BEF9B109C55FC43A7182142DDE6A5E6F96A3701C177D077ED84759BF2
                Malicious:false
                Preview:....k...u.}..*xn.".}........g..`.S.4r..ZZ...2.u..h......%..wyX........g_.P.&.S...~...D..o../.u...m.]S.....E..$.....]..V.b.-EG%8..J.w..#.U6.r .9...*l..0.&.\........sdD.Z8.qt=....>[.Cdva%."....Y.Swm..c..y....Z....R....h..........X.A.-l.f*.....9... ...WF...E2q.....}.f...._iv....."I.kA...5M#O1..C..%.\....O.4....j.m.3..<..V.|_..3u.+.w.......4c.e."!O8.[L...TH.t%.f......o..|i/pL.;.$".e.U:..z.?...B....nn..D.@..8x....E...5.../.!..2)...&...6...P.....e...7[....L?.E..7d.0.I.lW.(.&._1..gH.J.$..TV.#z...G('K+b..5.n..y..n.L.....1@...f..{..u.*i!({.0`.3......M....AVg.......]....u.:..v..........h..G..K%.U.........@...m.XBy..<P.d8..d......... ..+.AA..p.1..W.u.<b.%l.9....?.[...r..&uI..y.kt,.lu.J..:..6....W..z6..MB.....c16"..H=1+.)..b.VSl.}EN.........S.q.=.v....7...W..... 5..V`.c>....p....c..{?.:.m.4."...[9O..E....C.....Ns.R....../...!5%....i...E..kz............'...z.Xn.......!.r}t.$....%.,.T.eY..&....:S......(cA.. ..@.]X........]L5..a.Z..B.+..k{S}....}..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\SharePointPortalSite.ico.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:PGP\011Secret Key -
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.987484117553923
                Encrypted:false
                SSDEEP:384:i7DeIo0E8Q/WL58FqKfOSo8G4yWkK+d++VYpiAC5Dk85T3GbS5Tv+jLV:kDeAxcWuhf1HG4L+++Ypi55Dn025jih
                MD5:802F9916F6EC233156AD8DDE412713B1
                SHA1:CCE6049DE2C7ABEDA02E2E5267A0AF676B13ADBF
                SHA-256:F5D8BAB90B508436AD67E75ED605A06F639EA9CF88CD2236280F658E28DA2BEB
                SHA-512:5C3ADCC0811747E2DE5E1BB3382FE1A34464A6EA5F79859BEF421F42F334A3D6B925FB4E01752997F2360D601FB8E5FDD4748ECDDD998D1D55EDBDBB0C02F6C9
                Malicious:false
                Preview:.._4l.......TS][..G....E}.I...C...... ..Y....!..../V.CMl....y..a....0.H..8.#.GLm..r{;..........R9.!.T=.....y..iX..&...j.P.Fn7.......3....av..j./...5..U..U.k(...j..'..'..T.jEt....K...\..V.cj..-..#&..A.W..7.....4<|.,!5x..+M..a..d..u..N..p.....+hI..sh.~&...hS....c.........rkU.:i.Y.W.=.727V6..w...'.n.E.U.8..#Q,..J.......G..."O%v..0.n...Rl..%(.w.9.6..Z.......w..8_A....bZ.....2NV&.4....p...sK......u9....{...B=&.L.B[Mx....-..".>."a.>.....u.$.!...cF.. ....R.}.@)..w...Q.2.|.. ..;./d|y...1.Z.-.=.......2..BO......W...].`.ta.wq..b.#S@.,.........[...?T..TYXX...`Y....@ .d.{..m<T.K....g.^'..y^.q.x....g...S=t.sr....sey."..kp..A.w.....7...".(w.p...gAe(..S.].).e...f.z...B|...u....M.CC..J4.VpD=....o.Sm....@z.<..h(S6n..0..$..j...d.%..#Q.h..b........1.f..>..o.w.^>|..C~^.....8.&..v ..5..6..`....[.|......x.:.uC..TS..^..g\.7dpu.........A....CO.V=.5khb..qS}.k...*Z..../...z.56)[c........X.......-.{..i.F....cv....e!..om...pL./A..]Z...Ed..<.....Ur.hk.`..]..Q.e.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\OFFICE\SharePointTeamSite.ico.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.988192998045503
                Encrypted:false
                SSDEEP:768:uzEYxVHjoELyEqa2myQCwU0e9RQEofgrLbaE55R:uzEY1dn+WU5oKbaQR
                MD5:4D826301F16140554DBCCB4648302A2D
                SHA1:640D91FC167AD0EEDE9BC71ED0341EBEE69DED36
                SHA-256:B5B6A81BD1F77DDB2D4A724E99BE2055BB5DAB7A63F2CEE1DBCA6A04B9CD97B0
                SHA-512:807038F32D13E51CE2F25C8741831A678A28A8CF04440349A369D6536E709895B8B5A278BBDD4FBEBDFDD486FF5905B37A8D129ECCCADDB87521CDCD8BE614E1
                Malicious:false
                Preview:..b.{..<...C..V.+{..v...Lu.....Q^T.-..L.~..".u........d....Y..=..a}|...tZ.x.w...y..OZn..O<.@.7..{.>J^..8.c..SH5{...Z.d.23MD....... n.VO.....q......(..pdh.A.....y'.'4.`.Z.94.qQ..JQ.N.......I0:..B`2...i...V..3.@......................7(k..] ..l.h.QL.....P....dR..."./..~........E.@=...$.b.........=....%.../..*..CQ..0Cv.....K.F.C...C.._.Si..Ig}..$.....$n.p...!..x....9A........6.{..f)..2.1.ji..9 ..|S..|^D.w...M3|...w.'K.P..md...q.)..../...Z...@..B... ..I.vx.........|z9...z..m.!..W.0.-...g{qr...".@.........$..j...8Yi3.<^.{1..a...B.tJ.b.q!.....*...k..?J.t....V&.l&,4.uF......t..c0kh..:.[+.jO.-....Pj...l+S~...#2H:)Y.f..IH.nt1...G..>....<......BVOw?.....0.a.w....&.B.#...?-%...u..|..Y.s..h\...?H.HR.#O..B_.>D.j....U.U.j.1yF...].. )}~.y.j.P...(.!p..}v5P...#c.L.58.<e.........P.....yR+;.....n..[Po..K'.BV"t.Y...#1c..A...h;.nd...!.)...L.a.d.D.(.0...4.x;9G......N..?..\!.....'.u<..j.W.K...x.R. ..\.p...<.m(s.v..,:.W..xq....y"n.9.)1?T(=.8N"..".a3..x..8;n..P.,;!.,..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.969300623348929
                Encrypted:false
                SSDEEP:12:QbcC10zP7kvSJAmc+tGEFGZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:Uc1/c8P0LZVZjH0TH9O5Ye+QUiln4V
                MD5:9F2BCBCB50FB5A2E2148DC9DA41D5238
                SHA1:DE8BF24636E7BB05517748BC4B1D174AAFFFCE32
                SHA-256:B8E1D9D695222E19A709604577E1EFA9A8F6081FE89CD677AF46330EEF932F97
                SHA-512:515756DC115DCC09FCE9A5BC961FF19EA7CA38C4D228283F780A83BD82ECB9EF44136DB1930D50B252E1630158ADF541842C9751FDDC74F922924E7F8A5567DB
                Malicious:false
                Preview:...'.:........Wn.).?..7..wI.D[.p..LT..;.8...E.4.2.L...|..S...RT..GH.....".].v0.Phf..|..jts..LW..v...&.." ....ur..v..d...p.vb.T..y23;N-..U....N......h.?...5S..;.gp.n.'+.p[..m.9..c.B....|:.....}.\..Dt!`....1...g...[...#.vZ.V......m...{(.P_g.Y.........vY...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1099
                Entropy (8bit):6.7911392783981235
                Encrypted:false
                SSDEEP:24:a8ZsUx2YDY0nGeBZLor2PZVZjH0TH9O5Ye+QUiln4V:a8Zs6I0Ngr2xVZDNEBiV4V
                MD5:918B23B36D94CA179E53EBBED3592749
                SHA1:F6D40A39293BA9312EA0D819DC52D5337466C59B
                SHA-256:4AA643A266D7E0ED5AA95BD40B74CDF583A829AFABB04D5E111555462E541F09
                SHA-512:D1A347C6EC09063EAB6AEC97B3696AB0209BB467578D0A6C68940C7173DF4E905FB50555F6610EFB0D6AB6F3AACA57D9DF1850C349595DDC54CCF212A7CF515C
                Malicious:false
                Preview:.y.r"L(..m.@...T....8R\..N.k..<&_.Cr.w.&.g#....v~:c.U.fX=$(O<.h....-.p......b.....z...u..N.......~h.W\. .nt...s..s+.0F\R0.W].x...n{+.0.K...)-h*M.... ......X.E6..}-...iE.Z..K;.I.....`.fU...O...x_.......~..)3{5.EK.ok..`q.h.Fh.w.j4.....iv..#....X...K.\.....6.P5.fK.S....\V..=....x.us....J._. ..dP.B.H....2...:?.:g.b...p. .<.W_...MW#..fe3)...H.fD%F1H..5..:.!..n.y.\Qv:......uY...D...y\.v.OC..........Y....4.H..]...7..G....v..uK...p........j.n....'......z....$.}........6.q.Q.jo+......r.R..9...'<h...G......[.P...]n4...|.r...6r.....?`zRQD[=...........1..*Y.8.lUV.U..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca84

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2342
                Entropy (8bit):7.627752265738773
                Encrypted:false
                SSDEEP:48:2Cg6oiannhYgY+ziQZJbeWQ/7GGmyQixPQrnZKpTVZDNEBiV4V:0dZnjz3b7Q/eyQiy4peBiV4V
                MD5:6314C35F2AFD21D6744318C36F5C0135
                SHA1:B8F4EEC0E699A4760C55F93A8525B95E73DFE30A
                SHA-256:4DF2B9B6C0681B7E485C8531B6D53AFAC476D178532BD5CEFA417A8074FC4CD7
                SHA-512:2963D03B6734B0B9E2FAC2DDB8647CBEBDA6B66A24D6DC5D3DB9662A6609372741F173372436F57EF4F53E66AAA2B17CFB962EBFBDD887B4D79E5DC27BEE0605
                Malicious:false
                Preview:.<../1.8+.u..M'....._...?W.....b......K7...1..Wo.`.n.....(g8e7.e..D_.m.v.k..^....5......y.CC.V!...E9.TYX}..C.w..H.VI....u....D.H_.s^zRz.i.......^.2.x.#|...{.....'l.V.%.K...q........N$1.(....m..}+....,...._[c.R0.b)w...z....t=<.9.!...r........nD.u....._!(bFO.5./......F..;',....|c,[..[...3.e..}y.c....h$.z..L.r.......x..;.....M.d_...Y.A..r.L.W.kk".......=.po..F....fZu..].4y.....\.....^Q.4.....JQ......y....yu.N..|V...]...U.._...3.\.v.!...a......w...5gwL.....l.....0..4..7.? .=.Lj..L..6....d...{.mID:u..oa).dl...7P......I..].?..c...q.......y.XH.......d.../.@..Z...X...*..U2....Z.<..C.C..Z....i....j.....,....M..../G.S......6..N..-.^*............w$t..{6..h.....v4t....KH...V.c..;.6....w...e.s...:..k.%#..u.g..&-g#.K.LRo@...;u.9nN.....HC.h...k..',.e...]s.t5L...a.zz9.4.8.|Z..g5c..U.N.d...T.4+.I.....g....../Y{.|.R.vl.....0.".."....x.l.V^.M.w....:...*.x.,pMD.6..D.mY.......%U........$.j.p.J...k.......i..%^...f.S./Rl.;]..!.T;.l.h...p....!......Mk.=f..r

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2964
                Entropy (8bit):7.746466109577555
                Encrypted:false
                SSDEEP:48:cuPV9NfGzdl2PWwTC1YHq0Bg5WKSk3D2xZ3gJZVZDNEBiV4V:cubNf4dAPLGN0Bg5W1k0ZwJFeBiV4V
                MD5:E6E0C6076D38B9424FD52D715E9F3F08
                SHA1:FF4F0E68374A594671E950995E40003A4C4937BD
                SHA-256:2D66AE03580284B4939EE41E91B3DCCF7DD93BEA2CB4607276B30F724622D07B
                SHA-512:CF02C761437923643098EE735B7D97F8E7622BD15020FF6D42B5D6D1B63892776CDEB6BA3DF3B8E5A1899EE915CDEAEAA10DE420928CB3D804A4C94370DAAFC6
                Malicious:false
                Preview:.ao.. ..F........|..........Z#.....Q.z~..X..'.u..n>k..L.SD...nj...2...d....H......F.>.e..$.m<C.^.q...z.Z..:*T.j.?.`...|H.g;|~.o~.X....d.r..].A..#6z....Z.L^/.N..+.G\.f.h..../.Gi ...6..On.+..=...5....(...Z...v.L.Q%.6..oO.C.`..Ps..CX.Z.C..F...e/..k+A.."XDF.!.[!.<Iu..dG'..Wy5*..:..........t......(....1..65E...w.......B8..?z&.....]...C...A.!Y.T.P\|..l..!....Y......}mU....zS.I......A._u..\..52-,au.......-Q..DF.&......i..t..kN. ..%.{Y..D......g>........?~S0.Fn.s.'@.....B..2eOqK..,m.......z.e....+.E..0.N.#"..L{^K........p>...{D:5..........[ .#....Z.R).>..k...d.4..8.R.z^k.U..w3..._:...O.Z..[..>A...M...#.[;.R#...O..1...L.7.i.....S-.!.F...d.s.....9.|vj.!...0`@...R.W.X..cHD.9..<O..,.....|.....+M.......b5...4.w..4....|.G.....R..2....+..t^Ah2.Pya>Y.B....6..t..)..1N.l*.KM.Ut1.;%w..;.7a..,..,.......o&....t!.....m.e.;.D})...*.....>....N..D.K...eB.....)i."`.Ov...C.[N<.j...Mp..SP\...u.J....*.X.s...}.+{.L.a....`q.V.............u..O...0..]...K.^.q.s......

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.932035358238633
                Encrypted:false
                SSDEEP:12:3yTURBpDch5+R9UZInTkKMvZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:3qfCkInTkxZVZjH0TH9O5Ye+QUiln4V
                MD5:B216D74F2BFAF9CEA7EE9E39EEA8F423
                SHA1:80359CA8F7475C770B35D48E0D6D5F5DEA39C912
                SHA-256:47C09107ED6186B8A089209715FE68EC742418A188B05747BF57C082A2DD9B8F
                SHA-512:1501D44001BBD84367A99C9EF0E2C5A4030FF77C5315F9AD8F208994DA0AC6265C9CC6D2652D69EDBEE8C1B0644BDEB3DBC786C3C718A1703C240E86746F2B13
                Malicious:false
                Preview:..F..m\.!(~W.....<{...)`.!.TeG>..a.. .I5.k.....xk.{.O...%..35/....2..RK.X...(j...j...rx..O.G....1......KB.e.4.C.lg..~.C@../...`.*c.:..;.P.+.p]....X....M...$..=.r5.C.....5.q.......xw.a...j[......L..q.u...*... ....$.g.....I/...!.*Z9..~l.W....U....>%P.?1.#..T6\./rK..l`.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):764
                Entropy (8bit):5.8241366068121225
                Encrypted:false
                SSDEEP:12:XYgmxFV1squd2pG6UBoMGjZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:XYdFPWd24JGjZVZjH0TH9O5Ye+QUilnq
                MD5:7C1F03BF562DF9C0D94AC9EC8351D36A
                SHA1:27F99B413612D49E38E491BBCD580938EFEB634F
                SHA-256:97432049F44A6FBB275284B44FBD1E9E64E9A6FA4B0E7085FBD21216B0316666
                SHA-512:57E9947840B7144211F8AB514C7C46B4473DC3A1085B95F471822F31CBAB4950EF8051912041D822F6AC1B22F65FC1718D0B8455CEB213BD8B8224FB7C3B4B71
                Malicious:false
                Preview:.....u_3.......x.i..D.E.D..[.:.t%D.>....t%...d.U[VWM.8..}m=5O.7.H0..J./.....Q.q;.....z...z.C{B9......V.i..@..m...rw..t....;;....^\...q..5.xu...e.<..A...c....lk..Y.B^.<..$..U..?QYs...V..>H..LU,.8../..c_T.J.\'-:'.fd.#..@%.........4.._.S..-...-?.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):879
                Entropy (8bit):6.281459990152895
                Encrypted:false
                SSDEEP:24:2jVKDVPgnkRwikGAytZVZjH0TH9O5Ye+QUiln4V:2jV6tgnkWidBVZDNEBiV4V
                MD5:1C0D4E61DC02F26C6393374978DD5630
                SHA1:C6EC6454451D3AEB2D1964928D8C62FE284D89A0
                SHA-256:28647ECA66E11993D57CF906C0AF4B8649A35D5F7B89CD747BCF64BECCE63961
                SHA-512:45013F6843B678514A2EFB5A31CBD004CEFD3FEB5D3D2CD030F399F0BFB384D36F5E23ADD9B898DD5B3E928A18B6363FC1A8489D3F5D782B0C5FD4F44BBF361A
                Malicious:false
                Preview:..9.Dow..v..X..lc~.yZ.].p....]Q....pF.8<a....-'..IwB...i)...>.....H.L........&.....T.N.....Y.xGQN#.Et...(A.3.@.(......-..........R>.n.xk..P....y@.f.rZ..o...?..P.s.Le....4.X..S.pc.j...Z.'Pm.....-t.g.B..9....>....S.[......~)...a9....H..S.u..Oib..M.n.=......=.jL+H.R.>../m.`....$....6[W.qz..gD.[].r..*5.j.....1........"W.Q...p0....w....T....'.*...=P..r.v.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):7.015210969694021
                Encrypted:false
                SSDEEP:24:r02MHHisU1qjlk/mJ4zHe4AJTwXrjZVZjH0TH9O5Ye+QUiln4V:gvHFpkuqbefTsVZDNEBiV4V
                MD5:6A0CD473E14365339025A366B4B654EC
                SHA1:D56F8BF4DF10DEE83A4299C3B9F853A80796F20D
                SHA-256:7BFE1B1B64F6DEA54E2579792CB2404EAC8CCD8B84CF3675C362C44CE834A965
                SHA-512:C93F197C57971BBDF537C5E80C4DC6208AA285DF4C6D65C054BAB4A5E659CB86EFAD0D9F37CE31AE01E4E4E7008FECA34E88590129C4F7D7AFD3041A5A79288E
                Malicious:false
                Preview:..k|.l\.<..k..T.+...r.... .....y..J.p..^.........C...Dr.Dv...bD..W/...^/b:H..Z.u.U...M.t...g...6p.e...6.1G2.j..`i...O...LS.. .G5;H p.r..@....,...K.k.......\.[B&.....U....P.r...B.....4.."w.&...].f5.b.8.w..2....q..2......!..o.P..j.....<f..Yvi..{}....7..\.6..R).-y.._.p.Y...=.\....@}...h..o(/Z..T.4....f`^.....[G.;M..t.W...S........L....I....8M.@.....JYF.zM...~....*C........p.7b.>xP....`.....P....7.x.].*.\:S.....>....2..j.~..l..7.;..!..|...B...^.r.?r..4>\.....Z....C.}.sE1,.....]&.>`.:.:>n.......k...........On.....7q......F_.].=........ZQ...X.3x.P.B.S.F)T6:.......i.C..p....3O.C.>Vk.&../...w.*Q.t2...U..NSQ..?tUn......&MX..i...@.....Fh.c.d...N...0..z....b...l..^@!....}....,c..:.t9H..G..H..<....uV.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.957442082799866
                Encrypted:false
                SSDEEP:24:/oco/hBEZ9m9mhZVZjH0TH9O5Ye+QUiln4V:/w5WZAAPVZDNEBiV4V
                MD5:BD16459393F47BE0567A397F49FA40F9
                SHA1:FC1F61CEA591DC00BF13CB8B6401447B60D5EA9B
                SHA-256:541446CABE653E9A9435E60231F8A09539A8CBD2BF5BE4C64794C305F77690A7
                SHA-512:C6FC4E104BBFB1F136FA5ABD4E71D2CF6C1D119CD426E9F2B2E7CD09D0DA655D20A03304032605CCEE2352758A7F349478E4D7CAEC418DBEFD84C95EB694281B
                Malicious:false
                Preview:.eis.....z.}.p+._D>6....V`.........!^.%*._..t...fR..|dP.K....:>.........3.>Z-4H.;.4.6......+...Z.d?.........C.Je.3.*Q...u...r.r .....x1.G..p.........9.j'(..6..fO.u.C.n!@4.&..<.B.y.{.]m...l.%7.9.D.~..b.l.......K...}bl...S...v%..[d.....sw.[._.F.._Hkg...d}(_....$..M.Go 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.848132861497693
                Encrypted:false
                SSDEEP:24:Kpf+dFLsH3qVZVZjH0TH9O5Ye+QUiln4V:Kpf+fAMVZDNEBiV4V
                MD5:6240AD1B5DA99788576D34E282D7CF6E
                SHA1:20B4EBD77F18A4DB4EFE50F3FED1B4DCF8AF6EC9
                SHA-256:DE116BB140B1CEB8355C217A7DE705C72A354F529FE1EF21587BA5D7403151F9
                SHA-512:4734D67173798411986DC7356A15695AEA7EF295C50D62031DBECDC8FEA0942331AAC2952B8632B2C47571ACCC9A567F7EC21F3A796E68D7C751FA1F2EC137C9
                Malicious:false
                Preview:.{\.6`A..8.J..o..U..B.+.....d...72;..t..]D.v4..`.U..........w...;......o..BAJ...........O.....PH.5.}...m........I..O|.a.R...p..^..i.....8.q.J....=.y.p ."../...5.0...$@^..h..o2..C..d.....x..p....P.R.e...2j.F..[.M.G...o6..5.."....=.QDR..!.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3813
                Entropy (8bit):7.829261498865288
                Encrypted:false
                SSDEEP:96:vDE3pMjEzlxd5860MejctI6hkVdCsbMPmckeBiV4V:FGb/8lwISkVdCnmIo+V
                MD5:77CE36049ADEED6569333D8445FEDCCB
                SHA1:7553FD086A0E902202C07EFB2C2C61AEE19E505E
                SHA-256:840E85F88D5D64377F0BB9B48FC2F572E33218F6CD172A94F8EEF295174AFF2B
                SHA-512:6069CF672B917DCE8735D67D6AA4356ED458D38B8C93B6ED18FE0F8DE9677D7901B33DABB7F864DE838217D7E99C54C2B95AC367EBEA5EACCEE414E5253FACF9
                Malicious:false
                Preview:.....L.ak....s.%.9.6z..i.a#tDK.....'+...........Q................M1..u.vb}.6SX.bw.\.~O..........d.../.x.q.#.Hr"..4....s.....+...Lw.....hm..k.#L%+. b0.U....%........$.$..'<N.o..6...P.v[..*....!Bc3.E.3....C...Z..E5...it......st...h.....`n.~.r\....\....n[..j..........b..D...u.....5...jS.Z.fc#3.oX...SP...g.q.......cc5.q.v.}.*"..p..Lwv-o....0W..`.@L.......+..#.@:.x........x...8....3..8n.y.`x..D...Gs$.x.D..P..&."L.Uf.0M@..[=.Y.sn.a.......!...Q0W..6.....*..9W/~.8|.F..H.;}.P../.c.........M...]"N..e.y..uRI.Ej..F.O..+..yw#.OKU.. wf...y.....h..L...!O3..........e..@2.q.../.I..4Q..`3Pw..v".w.u..jt.a.o.....jW......QL....p..:B..sh..7....r.........n..e......5......Y...U..;)m..9B...8.0.........}..)B.?..^..s.(.J4M..B.&..Q.}c?.{..g>.5<O..IM...6$.d.+YTl......1m.jw.=.....f.P......<.....Z...S..L.E/..I.+....|..+..:z...........m........9..xlJnv.O....../.....KV.D..Tz`...q..X...z..Y|J]%hE.t......e....G...w....@y..zNm.....B=..F.l...Uu..0.........N.....6...=.=GSo.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3777
                Entropy (8bit):7.8294742210933945
                Encrypted:false
                SSDEEP:96:ZU8/YoIBvOiFpNF0iEqvcRQBevosjc6SeBiV4V:ZEOiFpNF0BqEiBee6no+V
                MD5:38AB328E770045B0389E788DABE8A917
                SHA1:D5E854816BCA4A9DB36A857A4B559A61C01E2A8F
                SHA-256:550D140042FF09356306C0918EECF075A45843629FB32B6A404868679FE6706B
                SHA-512:516D3D531F714AEC926AA103DD732F36B4EDCE19BD7FC1E904E7AD051F2349687A4AC1F925768A67F913B1D7AA05D548A9341D78865B32EABBABD8D8B53544A8
                Malicious:false
                Preview:...t'..E6...C..<Z:]R..c.......m=L.c.h"Z..XzU.a.w.&.|...h.>.L0....J.L.S..o..../FR......!.I-....h.........(.MD.|`.z......Lw..7..~.........}Pa..U.F'....cCs.Z.2.~~.rA..</.. *.h/.S..o.Xde....k:.z-..d_.M.f..........3..P...3.a..U9.z..?.x4..:J.D.[k...Y.;...".,[A.5....K.N/.^+.\.....|..'.#.#.X...b./"o.L..U^.p..v.'.)).!,g.F....#..n*Y(....Z8..\R.......v}OwA.......`m.@.m.'w)....w...Q`.=..[k.w1z..Na..J.f..D.6;W...p).1...?Lv.!-..M.s59....V......8.s..T........-{...U>..?...x.W\+..F.g.bV.)..VE.!&*.`.K....R..o.......W..R}n....O.^..b.>..$...ed..v.l..{SBx..ca.@........H1>..6..]Xv^<...'.V..2Q.....kZ.@...dd.v...P... \....B..L.k.....f.P.Q....y..mR.5.5....f.{(...gS?Q...........>...s..D....P...M.O.z.50..t ]./....y!...z.iB............=7...iC.6r.S.c!.^H.(.E..W..J...|R..B.$.<...;.r\.........>5K5..c..|..2.p..;O.."...<...sk..Vk;.JX...L....O......o..9..>......G.1..B:al..7...+..sy...m.K...ta2...A..S..r[./....itk..G......W.E0<.N...B.i.yO..\......p..&s..=.e.\.n. ...(.g.n.s...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.983552760709714
                Encrypted:false
                SSDEEP:24:jzOI/L1jgvh4ZVZjH0TH9O5Ye+QUiln4V:jJ9VZDNEBiV4V
                MD5:AB69777B61AE4CEF91EBE108B833F867
                SHA1:373F3127F25976238603626CE7488FE74798542B
                SHA-256:9B37EA702C7B6FF78BE982851C998D192070D4776712149E3E624DFC7E6A3ACB
                SHA-512:74D97B78117CBEB744C2C545CFE06161210A4DAE6922D74F92BAE14FE114EA3C2E0BE4696A3F1A7F0DCEF0187F924837801BF264B57717934EDE60BBFBA2F4F5
                Malicious:false
                Preview:..dW..O....m.UWK..o...R..(...94X..P..<O.....F'O.!5C...=Mk$.q.#..?+.w.n..%.Z.@....tH!.J>.+.7.M.9o...<..{x.z.......(p.>@.E.. .Y.E..^K.X..=^....5p..'|..KG.*.B..u'...r...~/. #6k.U....G.8..W.......p. .".....R.[d..K..Z........3-..:'.G.Qs...\.u.[;..{..a'..A..og...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):948
                Entropy (8bit):6.461200357996786
                Encrypted:false
                SSDEEP:24:Mel7kDLtskKIK0ZVZjH0TH9O5Ye+QUiln4V:KPtfKIVZDNEBiV4V
                MD5:75B431113B9E5F12E3C08CF4D4F75F03
                SHA1:E1E5F1945B7CB7067A7F7CC8AC8CB3277FDD7B29
                SHA-256:7B06DABE6D91121B0067A026B68D9D2E428A57F1C9BDADC330EF01642B4314B6
                SHA-512:B5C3A498ACA63AE80A223A5620CE4B5B114F2DC03B1280E76D2075E0A43F541D796017AFDD45E4A27F64430E21F8782242F72867B0958946FB8569D00DC49075
                Malicious:false
                Preview:hJ.m.\[%A~.z..t..T.._b*.6...7....3+Cje...F..\H.U|pF3".`...dP....{......J....L~........W..\%..h..@.Z...e..!D6j...b..,>.......V.Pc~.....6...CiZ./E..-.FM....2u.rXH.X1RFj9.[. g..Lj7.Qg;._.n.5p..Om6.4~..^.~h...Z...-~|.j.a...'..#..n.~..%.l.=h#w..o...Z7.!{~..cC&..]...'.mG......3.|...v...M.[.......o'.:C..-ST.j*.Y.%=_otGw<....z.........].n..."^>....W.`.8.. W.....Qk..q..e.x3+..C.X.GY]._....r.n@.,x.W...s...W&./YN.:.F..txM.l....z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1455
                Entropy (8bit):7.2334211871412215
                Encrypted:false
                SSDEEP:24:c4i4ZbBN3WZIjysir9zxViR5pnnuw45XMBTbqnAHXrQMzp9ZVZjH0TH9O5Ye+QUD:cAZdA4ysir9zxViRnnb/WA3EWBVZDNEx
                MD5:8214746A4A4FBB361B2480ADBAA49A3D
                SHA1:0D14174E13E61143D1FA4935501BB0739511B541
                SHA-256:A8321D8841B77574DCB17E6020CC66DD162ADFD98F1B783158222CB7BBC869FA
                SHA-512:13C30264593C2BF16BAA69B563B386D44620116ECD9E83A251C1CF509D47F262624F9FE07FCF94340DF8E7922CCBEDCE66A8EF951E15DB188F110EB0602EA420
                Malicious:false
                Preview:-.!....l.9..}"t.f.|...AhMA8..&[.$..a*".c.Q.`9r.n.'..RU........KA.Z_Z0.....jN,.[.l^(...;..U..7f...[.._.N.SJ.OI="".L......V..8.o..N=^L.F.8...&3...5.2....4M..).x.[.6W..P.H...khW|..0.......i.y\*D\c...lL."....I..".....3/J..y....~_m.sf'.i...f....b..........w.a.........CJ/..]d......FT.g..=`...e..v;Rg..jL....$..h.{..d.@...z.....!C.I...4. ..s.......]..Xp..H...Q.."@.Z..+..L...J....o_...oj.8..v.....~.+..A...#K..{C .....`#.>E?.c.V..&....C..Z.n.\m.G.....-k..L..O...(2...Nbu+.p.0G.H..~.+...$u.[.l.JR..p..iSww9...sv.|...ju........?R...\....&6.2[.f.A.%.AF.n..).".Q.z..P...G..".g.}.J.{......q.....=.2.&M..-...]..".4...9.....(.}.....9..+Np..`....@..kW.?9.p.aYo......C.a.o..\..C.M..c...S<.(..@.RG...aBo].D..=.,.;U|.,.7/-..C..T. .C....+...|g.z...@.7.N..K.....[.u..H?.p.}E%.......H................Nc...+....._.#8I....`..t..))....LWbS.'.....*..jC.O$\s....k.i.hm`s`..I.X.p...{....S...jZA?........{.7O...`.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2151
                Entropy (8bit):7.5660676614678435
                Encrypted:false
                SSDEEP:48:mdS2v8kWKBmCK/7HqspBkodsSoTshA/YYc+XR0YbAmVrr7VZDNEBiV4V:gv8kW5Ce73pBko/oTsh05nVX7eBiV4V
                MD5:9003A349DA58FC89E3C91C31D674FA7C
                SHA1:EE27C33C9A07CEFA9D713BC4C05EA169289ADEDB
                SHA-256:237E475268D0710730E44882B93361FF5853E88551ADAC4967FF995CDC5AA3CD
                SHA-512:6E60AB3F88114C7EA46F0B9DB34586975A6BCAD448A672B25FE92674D7D54450324A4A524AF35B08415B22C2A96360FB6EB306B1F569ADF9542961D888B3DB4A
                Malicious:false
                Preview:..SW.IV$,..P..|...C.u?...vZ.I.*.8./....J.:..:K.R...a......#=r..>...%f....e2.E..P4r.....O.. ....>.C..%O_..__Al.'..........q......b;P..g....0....a...W=R]E....Ev.x.tW.7m...bJOo@.1F.(w....c.&P.<.'.^R.u...s.R..5?,K?.*...o.....[.Q.&....r'AU. ..3h...l........>..P..p.[...tD,'.5].\...b.......S7........c...}.d.~Y....a..2..........cT.%.o!.-../..}.........T..t.<.%q.Hm.....H.D..T9.^o...K.8.c....r2...K.Z.+...d#....qn;.[.*........f.k/l!...5...3..=.'M.(..:.+).T[......".p.K..l......s.....z..G.=[w...jY@.......~..8)..._|.&.......mn.. .H..a^d...I.g..P.....@..4...Qg..a|.......\."{:..?.......`.$.%(48y@./...i..X.._6..D;...K..:T\.....*.fL..V...+3.>*f........&xuKI.~....K3...k.2....e...y.1..+.....$.{....X..L'.T...^....@...s.6.O..B]4 ......I..N...m....w..gx~......!/h.3'.tvn...."..Sw.T.Y.c.<...W..h.A~.D.Cu&5Q.OM..|....246W>..a.u.:...u.o......;.......GZY..1.bF....[...$.ndrQ.e...H.1.}...&....&.V...;.MF.iL...6.B..".w......%..".9..%.n1..3.;-.d#........4...x.0.....<wbW...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.963289290511076
                Encrypted:false
                SSDEEP:12:K1GDPKZ6UeuY936uvmj40w2jZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:wgKZAmU0wmZVZjH0TH9O5Ye+QUiln4V
                MD5:BE436166078798A12A2F0F12B4C2901D
                SHA1:1A5C1BF069E8AB60E8807259A0B7BAFB51198A44
                SHA-256:B56ACBC6586B3A41FD79CDED30F70F9C94F1533D8A61A5A9DA03A82A9663CB04
                SHA-512:8D79D24024F8ADF2A5C00CF1DD22E2B125BE699167411DD2CBF60C4F155EE39E79222D8C16CAED87DF7C7B70EBFAA1F9BA495368704E2254F37BDA30E33BB754
                Malicious:false
                Preview:)Ao....{.....K...>.r....s........m...f.{.?.:S...kP.....j.;..CP..>]O.H........... ......L..d.c..Ap-.;]....3...,..q6..&......[..b.f...!{i........$..~x#.y9..sf.8.9..A.CD..::.;......._..T^k...{.v.<...oU;..l...9(....K...~t...}...7.7.RB'K6..Et.T..p...YQ...a..zf.....i;.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.892399333807413
                Encrypted:false
                SSDEEP:12:qG7LiZYhhgMR/sLiwCRoZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:qsngiGiw5ZVZjH0TH9O5Ye+QUiln4V
                MD5:0E71D789D2AB4E0C43F6A8394FFBA623
                SHA1:1634B216E8FE1546E89C926BC9A843F2B4BF3598
                SHA-256:A6216715E4B10C32AF32D91CC56522078596AF28444579015AAD10267EF9DDB8
                SHA-512:9A22FD5304C3A6A3CF643675719DFC132969C7721054F727B8A388ED98332D8B992B2A63AAAF158E7BB4350E75FFC6C5988895A06CEEED6D5B4E9BB7CBC9F931
                Malicious:false
                Preview:.n-.....+-%.R...Lo.....a...}....w...Y1...y.]..G)..f.Z..O.0..........M...5...h.b.-..j.Z....X.T.....&!(`g....R`..<..5..7b>.@.t.W.6....o.5...M.|Cdm......v$n..r...{$H|........"..Y...v..Rghl.B...W.K.}.l`....,.P........&kgZ.*4W....r.@.%....f~...t.$#.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1384
                Entropy (8bit):7.139377704727144
                Encrypted:false
                SSDEEP:24:HdDugr68fJhpPADMVoOUvb+DN+tCw1O3fdZQ3iZVZjH0TH9O5Ye+QUiln4V:9DI8W/OUvIMtC6OPd6yVZDNEBiV4V
                MD5:0EBE4E9E7944F895BDA68F4AB739657A
                SHA1:83CF2B06CBF9A981CA2E58C65EB78EBA16842286
                SHA-256:18994A0A62637005F2F9E7A48C43571F98DCADEC5C3180C9D641BBE04071E6A8
                SHA-512:C636DF3BD4D5404497634CF1ECF25D57062419291720489B6382F0DA8D0E475B6983CBB5693B2539F18DD24FA8189005DDB939DE1880B89B34919A0B69DFBB24
                Malicious:false
                Preview:.`M~@.F.fGa. ....^JX..K.rd.meK.{....E.n..#......oE...v.-.E........K. .zy...L.....z..Ee.eMY...jB.d..m..0M...y.t.%..../.U...f9P.P....e..gB..9...%."...Wf.....6.......aC...:w....5.+z..P..d.p..+................:.%Wi.t..j........j.s... A.w..a.....#...7......}....3....TB..2.b......K....@.L..]...`+.uz.N...?Y....F.w.@;..&=....wN..1$..8:../..D.\~...c...1......n.zp.N...$..'!.......o..b......!.&$.wD...2........nu..g..a...&k,"}.~..y.4.nWT..9....R..)...$..;U.....C...m.........S...........Rv.{..v#.F.........]f.....8...)R..$....pug.DR..Y..`..3..~..MPq.!...{S....Czp..@,a\....^./.8.].D(f..a{[A...e..z....+U....;t..x.?....U...Xj.......8..:....)M....]..t.iXt-..s..TL...FL5.?..i.&..Z.W....J.~...[|.$v...`.......!.0Zp(......9.o.C..uu.._...c.V.Y.../..Ns.{.....j..B.......f$.......sU..rb..my.M>...].S.se...4../....p....8o.#...rXV^.K..8...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1959
                Entropy (8bit):7.487582068271595
                Encrypted:false
                SSDEEP:48:q6SdCYbMHT5cefzjhCEcGarhcoteb/VVZDNEBiV4V:qBdCYgTGefvh1cGarhc4ejZeBiV4V
                MD5:97F4F9C7296D7E1B530F7844D35D3023
                SHA1:7DBFC3C6C757703AEED46CD5645CD309CCCBB87E
                SHA-256:9C466377A45FE492A0E14B5F2BD2CFCE8673FA9DE05DE396D633DC8DA12DC759
                SHA-512:E055E489B7300FD00492D19AEEE62B159CC9C88E4362868176B6CBC94959BEFAAA0003F84D33BD2D38953DC549CF3B97ADF37A5A3ACA3493822321E8D7BC0AD1
                Malicious:false
                Preview:_...Vr..=.u......K1.P.6Y.>..q.._e...NO..........`..%.U....8NS...jBr...."/g{.<L..P>2t$WJ.......b.>..]..^..`xh.H[Pd-....A&.^.....u...._Q.%.....r...*..G...Z.Y..`.(.I@..c.b...i...W..I..sU\3i.......:....P*ca.U..I".3k=.l($..M..(.c.n.[@=...o....f........WC..W.H#..s%..U.l.......4..8..#`=.yd...]*}.4..;.......^2./.z.s=9..'F&M.?...}..OF.="#.^@.!.i.\.^..6.t..;[*....~8.6C.y....Y%..e$..=.._m.>...=Otq...m}..F5......7qT..$.......U..8t...c.%..S.....,..-..a&.B7.X..^._..G.....%.-.U..{.....~,5z...e......k............l.*...).-....\b.)....4Xf_..!fJ..u.4."....i...z...Id:(.A_\....#.2.....h..|./q...'....(.s-Q.`[.....P.."uJ..#^ .Sj..x.:.H.I-..../.....y....X..]..${.w..Z........}./..IJ.?...=.......\........p......H..,.fz&.J\...`........8....0...Tef^.e.....**U.T.@......:.....]..P&..sI...=HI1.W.5f9.....C......:3.._.8.0B_.p,.3.."Z.k.ri\.F....[q._..PA..q0b...*.....#....H|........15$obcO...:............Q...3....../.5N<..5...g6..*J+..".cM)J"m....m-.m.[..h.&.s..)..B...4..i..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.898064424879527
                Encrypted:false
                SSDEEP:24:rZkk8ttKjoI4ZVZjH0TH9O5Ye+QUiln4V:rGk8tEjoNVZDNEBiV4V
                MD5:9F6FB24B346630F8BCC1BA4A39DFEB9B
                SHA1:ECF87331F3A4511B11CC02B0064D0AB29DE325C4
                SHA-256:488EF2BA7CA598178A93669A0080D49FC72BCB24CB4786794979A88693C91072
                SHA-512:EAAC18621A70DD52810EA29F23A8CD92F1A6002B5C51824AFE0371A3B05FE78C6398E39012D35A992E873031CDB6D8D093CC4B0F406549AFC3C083B43D551874
                Malicious:false
                Preview:.8.Th.2s..<..H..'/O.X<.W.../K...q.Sa\..M.@........ ..~...;..2/.M..NT.4ERf.x@J...J....\......=...~&{r...._'..a...\F...... .. ...F.~....d.w.Ew..`>Q.S...6.A>9.b......}.n.e..u.+..+.z=.&.G.....z`.......@<...L.TJ'Z..*....m._9{Xz..,.M.f..7.........6{..%....{.[.6 #.OJ..P.u..w.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1119
                Entropy (8bit):6.772922946528207
                Encrypted:false
                SSDEEP:24:o3jpO9R6nMy1xqep8uhfGyHGwZVZjH0TH9O5Ye+QUiln4V:o3j0R6N3fHGcVZDNEBiV4V
                MD5:43AD51708D0B59CC301B444D1940124E
                SHA1:B1E1DAD175E7EAA7CB85C76D4CF1C363ADF94142
                SHA-256:F695FF1085A14CE47387115F2F8CA4384C0F9087A4A099FA6AE6C6E6AD84EE9B
                SHA-512:3E26960935C922E3BA8B3D207D358B575F7665DFD0320CF8EBEF56E3C9CBE8FD7E2E6F76E874F317840918F7E05C52EDD31CCF804C0B4FC8A67F680D4D3F1769
                Malicious:false
                Preview:+....?lM.NPWU..[..-.6bA...,.Vb..../v..<..e...&.......M........3.....g.h..Z.=./...Y.^.))..<....I)Pyb...pn9.R....n...a......]n{u.1H..R....;.-..{.=.}..x.h4....V..U-...+.5..IL..V..f.c..k...q..Y.v..b..c..XBjcQ.0o+..g......!Co.....*......R.S..<.>...dB...tz.....XZ5.8/.<$..]*....:.F.....M.X.....|5.~..d...Mn....D.4.-...Uw@.;.J.h....8#.+..53.&..HQ...k..8.!J....^6..[.]...{.....8...D.O.p..2...b..|.....6.=.J...}x<ib.[B....../.y1..kcp0.y....h... ...>.p..f....}_.....6..?XUn....V..-jK.....M/..<.T...V..TSm.O..=D..)4...2.uHH.YF....\../...7.?......)...~.N.=.F\..~=..c...jn...H..Gy.(460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2344
                Entropy (8bit):7.607053714012189
                Encrypted:false
                SSDEEP:48:LUijrMzsvA0K4r9lq86Gb2lkrL4VZDNEBiV4V:ACMwY0KybykrLMeBiV4V
                MD5:6FB92EBF754F9E1E5CE9DBFEDC2F55BD
                SHA1:5AD49C5F071D669733E704F45ECA023190A1CCB7
                SHA-256:5A5E1E2C5B872C1466D7F5D999B7F6C61A58E72253526E4FB61C8D1EAA95DB59
                SHA-512:FC5FF1D9FC91DDBE0F67A3843DD7C700BBD23208133FB4094D860E804E2269AA392411B431DEC396D66749A126DDD28A0548B4FA4097DA4C80A7D41B7469CA14
                Malicious:false
                Preview:...\j...3....XZa.D5..v..d.I+.6$..X.G<.4iK....Wx..4j....s..K..[...k.sx}..c<.^.2.z.1F......%}O.2...<...h..Vd+[x.$."C..d(..]#O.......i.q... Vf......(E...B.M.0J...h...b....%..G.W.+..m........\`.......[eQ+.F9.8...0...D.{%@.Q.,.^.3L.+....4.....~...c...Ws....TS..$.....P.4....*. ........rC...'....8..}..&<....,.O......0.:\.V./...d5J....8.[oX..6N.1o.QD...L......Z=.S....0K}.....~".).:/.......?.B....7=D.odcK{2]x~.......&\.....S.O..B...C.........>.qEq.*s..].4...^C;T.....,w...!a..p94.....n.DAq..K.....&..&2.5M.6..C...)p~.Tw.R.a,.D........%...-..?.F.q.;.6./..q.....}..R.).1.R.V.F......z..x.4..;..K.....-%-..#...24..z...K(...S..&..i...a...6.|)0.J..s....Z...G.Bk.)[V&p..W-b..1....:a..+..."...j..=.<"r.xsH..q....p..j,j.(...9f..Y..x.W'..?....._..#3..U.....E.y.G.:e.%.g.{.,A.d'.*...a..M.C..m..Ym.....M...I98.."P.T....D.g.....T`2......k.$!.AL%..>.8.2...6?>.D..9..l..B.&.|}..V ..F..;.s<).......?.d.P5....5..y.[...-k..X...1.............U.."I.......1.N..C.....'\..g...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\1__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2829
                Entropy (8bit):7.714999071850339
                Encrypted:false
                SSDEEP:48:K458GVvnbIPfvd0eWzkR7Hb0ftoLE9iHK9MQr//AHiJtVZDNEBiV4V:K4Fnb0fvdnRDb0wQiHK9MQrXheBiV4V
                MD5:CCB0845981716797736A1864A272562F
                SHA1:B06E4010D2F44BAF96F24DBCFAD8C5D929D8AF4A
                SHA-256:EBE54E5B9AADD3AF3F3883FFA482128C73F668EACB12688EA3F9645E68E36F04
                SHA-512:1330887C551863BA813A1E5F7E6D99A26032EEE8AE7A67F1DC98FD75333F39F22605A5E305E4D159322CD23109241B5F42FD6D1FFBFBFB0E9063AEFDBDF86A09
                Malicious:false
                Preview:.d%.Hl..&..._.B.S.......[.L..t=e9./..<.....&....f.'..\....G......%.w... j........dI..{.'.....d...8.+.t3..j6F.......@..>.b.6;.#@(zN/.L..7a<...B>...8...'.$.-..2H_......^...\Ys'2B....r.`..*....0.H..t&.....'..W..~.@...ul..g...*KL....r+.B.)_.O.f....l...A.T.T.FT+T...}....2....+@..(..l.@.<..Ww`O?b....b...k.lX..u.r.(T.LV.Z5.R.}_....u./....&/...\w}.....^C....<Q....1|..F.'~...BT...K...........|......>o/.:...X.>.R.......9^%....>...Snf....9EFu.....Ix.;.fm.......*3.... .}.....4\~........oG..4..NZu.E..._...t. .."J.^mC.:8.......9...U.Q..x.J...!.60.{...5.yEN..H5.2M.......PIx..v.H#.A.#.7..kB.w...'...".x...4.....qu_....3.M6.N....|....X.n....p.\|..U...)..9.6....|...N.....m...r..2e.r+.....D.I..........1G}M.r....gV...]u\...21......m...um.H....[#k.......<./3.......D/.9...)^.C.cle......'..7.L9........@..^X.k..f.....j.^.....i.j,i.1..!.....(../.....> ....&.)...q....X....j..bt...ff..L..J.u.....E..U .81>.......b.3].... .....B...pH.%..d...F.....I..M .-'72..X?4...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):4940
                Entropy (8bit):7.88373268161798
                Encrypted:false
                SSDEEP:96:c41y9fVwR8NaWkSEMwDeRYrQNomjKwplu7Afap/eBiV4V:B1cfOukSER0H7Dp2vGo+V
                MD5:61C8B9E438F8D1A1953F37B21C4A4B4F
                SHA1:F8A8BAEFA4BCA73A1A7851460174E7CA4730FFCC
                SHA-256:7861E1D363F89AC4689BC0769C8DA7B91E61D7B45372EEAD3F6F325C11521306
                SHA-512:EC4D2045F9FC25F4B3222EA22448B8E3DFE6B3734088CF0B0663418FAA210C4A089E8054D08FF552CB1559DCA6B97469CC1FA2CA30C231030562A02F115871C2
                Malicious:false
                Preview:.9F..G.)}....]...u..<... .t.O.z.U..3.n...-..k.V.F.....t..c}o0k%.{....b....<...@.=......~bf...o..%... .L..2DH.!0.:A........X..]D.,.f.X..t..fn.-..v\u.)p..R.u.0..:*...f.Y....>..kT...*.v0..U..n.[}p... .5...+.j_.1.V.mI....u5.R....;.Vi.h?.fX..R..(K.j..=L..e..R....MJ.0.h..H-.y{..Y..\..0....|..(..jD<A...\....\.!...Y%.&..o.n......K..A.....0.CE.....SM...`E.X...p.*.M*.=y7.}yf.o.<....w..z..D.+3.-**........bD.U..h...R.....TQ.6...LR..h@..."..7=.@C..8....o..s.....N<]q.@...].;.L.}..C.'r8.6^S."...{N....h.G.1..nQO.,.........[.*K..O.0....*$l.........}.r.^D.|o...w.-,...H...j.....Y.H...pO.w.1.Q.jCd...........Z."...?...d..a.e.Oi..6....L..:x.^>.xL.M<I...e.H..i^b...(.,.k.z.....n.a...Vs\.b..'?..&...Z.pX.....>g.n.h.1.|IQ...^[..^E...)...!(s..A...!......D;!.......*..^.....%..r.j8...NK.h..8.*..<R..C..s&..Kr.Ac,X...&Zu...%...X(M|.J..........\..F..A^...FB..-/...TB..&..Z/...4.5P!..2..N...Nj.a....L..P......$"..........{G...:.ghD.......Uat._.7..LXs..&.....).

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.940357039373671
                Encrypted:false
                SSDEEP:24:U65PgQOvikJocBiZVZjH0TH9O5Ye+QUiln4V:U65PpU3JocMVZDNEBiV4V
                MD5:B832B4888E5FF8CBAF72C95FE3798A67
                SHA1:F7ADCDEE699B17B4A1C695D0988CC5B08E1E7DEE
                SHA-256:E24400C157F65D08095AA6A5D23821D7BB462F3F4C661F896CFED7795915E512
                SHA-512:824DE8E93A575BBED846E97883D3FDB59B0B4476A44876D359DE9DDF4D638E6FA58FD3B9E0294E32382FC9E49C182CF782D7C67490400CD724DC5355B3DF0BC2
                Malicious:false
                Preview:..f.-.f..6.\$t......+..:F?.F.V..{eP(|O....4.L|.~.@..e.v....#...e{k.... ..{L....W....j.s^.6....t.....I.RY...\....B..c.25...0...E.....{..KU..3....b...o.Zud.-.......;:...4..K..F..u..d..q...J..H....}$.'..L...$a..o..3$.V..Y.\6.4.-....$g.....zN...,.....T.........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.821347723574474
                Encrypted:false
                SSDEEP:12:tDRA5/3lE7n7Ymt6gzuXGbZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:tMuD7YcCXAZVZjH0TH9O5Ye+QUiln4V
                MD5:77A16C94A63779BBE4AD036606D98C57
                SHA1:AD07174E0B1B1BC03D514B62FA492EFA70536E0C
                SHA-256:BA90C22B7D71EA9DC0FBC0F2C58E389F50FE5E8C626F8CDD40CBA5F264F47148
                SHA-512:3D6C4099EB0C11CC0C682876FFA4D15A5ACE835B7B2722FBD3F4BB4C2E5A434F6F0FD8CE9466CC8B125227E687DBE45DB3811FD76DD6853E42DF6A101F435227
                Malicious:false
                Preview:'XBg..S..e~.?.qqm...;.....K.....6.`..".......ay."+..52.X .......L....%...].7v5.pd...5.....ZBZ3hb.3..w@~u......G.6|.".lvk...o.O)lR..g...]...7...CVj.e9,..9*f..[........{T..|.:.xQ~..j.J.+....Q.....D.R..T...'.}..(...7.H..okl..pf...|.Z....x.R...8b[...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3828
                Entropy (8bit):7.827933856853937
                Encrypted:false
                SSDEEP:96:0TjyrxWDYWisDahAwn4+9cFHVuI2PBHtI3t3MDxAmyLBh0C3eBiV4V:0CxWUWi8gQ1uIEqMDoh0Jo+V
                MD5:8C423614FE51EE93A6FC3BA06202CA04
                SHA1:70DA5DA48412B5AF6E622D9E78F765A5EC91C79E
                SHA-256:E56BB6501120D9D5A75185D3D7E875F8FD531468B017F0B2AF848F803D3D23F2
                SHA-512:74C6461561A3E97EF86EF3E672AE1AE7184DBD50E086018A8DBF2FDB483F1CE9AEE5DD03973B7A87AC6AF4781A59B7FAE5532ABCD4D34772DE85A4D62E6CC6C3
                Malicious:false
                Preview:z+.)......3.;.....4%...j.]z.._+u..C..p.Q[]L.N);....<....D.....%....Y.N..Y..<.1.....#.l.`.0...x.......3...).C..Q..y .)U.[.i.......k..._...0..q.E...v..5.F..=.[..4...c.(.?oG........t.7..s.Y.x.9..b.zs...U.;.0K....Jf..`..$...\..-..jb,P....M.J>3.8.........G..,.a>77.7.OQB_.[.,....@.^{M....$a&..s.xz.:. u..?....9.a.....{...7.z..&nq...X.\....UiZ.;..jg..aN.....L6......4..6...N.....].?k.V%A.2.@B?.....).^.....s.x.s.4;.......9.;.<..|...S;.....L......C.kp...>5GX..u..._B...;....~$Re.!.A.l...zj..!`...B.1...s.QQ...]}[=.._..u>o..qu..kOG#....~...e..].}.bD<......l....`.J...._...|I_J.'..N.u.!..a.m.k..u.H|...d....{V..."...a+.J......\...8........3.\..YF..x."E...O={...M....*.....k......:.v....4...T....k?.d.]7.?]_...kY...}.X...4f..u....L.k%.;P-..E..fd.LQ...U..V..#..'..K},..K...}Yq.1f.):.&.@.:.0...;.q..K'2oc!...H..e...0.d.uM..8..ym..*X3.&...G.7.u.....s..K...K..n...y....I..j.p.=..2@..bj....n..O..QGM....&orz.{$.b......*.%.n.h..A..Uj.+rp.0(.. .\-.Q.....).... SL

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3837
                Entropy (8bit):7.813285628892252
                Encrypted:false
                SSDEEP:96:HaOFRlHM1z+DPI5uEf7F7jAKEvWpSHkmzRL4YeBiV4V:HNFRlHMVGguEf7F7FV5o+V
                MD5:969EFE9C9978EA414973445256EFE126
                SHA1:4316E19277C2AE5FCE3EFEE7C7D3E14467307FF9
                SHA-256:EB63DF42D34BDD5AF2DC225BB042289211A931FC48FA45AB4BF842D287AD0B80
                SHA-512:C6F00E2CDB5941C1CEE0DD6486A449687DED1733C5FF7FB5C1BBE58D3A88DE6D737428E5EB0D49C0B6C0A503ED2D2D139D18326B5D5D50F75910B130D3319677
                Malicious:false
                Preview:.....%UX......]....`.|.[J].a.M.4.._..Cs..X.H.vn....|X.G....1...*....D3z-...u..-5}i.t.....).i...&........(..*.......y...F.;^..9..g...<.).n..Uy..$.i._....N~X}%..9..j.....KUa.G...-.}\.Nf...L....3.~!.X.q...U.......a.]....k{..J.^V.L+8..UM.QH.z.n....2.:..'.-.Vo&.yH*.qr..fC.k..G?.>rP.-.\...x_...KJE.G.....i.....GTqJ.)^#e.Qp....Z.4Yo.d...co.....>.{.E..c.?..\...)!..0:..W.z7nCp.....ls#e&J[...G.3.B....N....p.h...*..yw.u(.L...*k......e...|..u@.......2'.)...Gse...W.......1t..j2+.. .....R.<mVf.j...c....5R..C`.:....=...4.F.{._l..9.)O...v-...vN.d.E.!..I.......t% ........m.$...e.v\mJ)...l~..Q:.p..i..4#.._.....~.....:t.t$Z.,..2.....d...cvC..N.?1N*A..s..9.c[.....;.....A......y...f.$..{..tMa_.M...X.bi!...KQZ.;sG#..*..qF......D.+FF.;>`...Q.#.''e.W;.5..5..j..9Glk..* .n........9[.`x..h..4..-;...f.15.T..i;L.Ju....$..w}2i.T.dA&...S.),.......Fr...4.#...wHFo..r../M.#`.9..eT.KC.d...:..&.....w.O.M.......7...:#.^$.Z.Ui#..2.;oh+U.......L........U.....FB...vm..Hy.0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.93275142980575
                Encrypted:false
                SSDEEP:12:jhIE0q8ZV+mT4MYo52rqJHKzrdtZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22XzZ:j/8OmueeZVZjH0TH9O5Ye+QUiln4V
                MD5:CF5FDA03A4AD71BC86D45DDDBDC5E80F
                SHA1:4C840FB6BC36826C3EB061EDA7E556F3546EA6A7
                SHA-256:39A34088D0938C2785A7738ED0126C738DE0F1E9EDE15FD042AEB1CBB466ED1C
                SHA-512:7592A1E8880211DBBBCB872DDC2CB8699AD5AD48348730291BC767418F28522CBA9E2F9A76D5BBABBD32472635563A681C2DFF16D829791EC42EEB1C851BDFC0
                Malicious:false
                Preview:.3>0......i.dFV..tY.V.,....2...,.CH.u.;.l..4g.n.9....S.7Z.s..O pO3.B..W.1......3.....O.X..![sA,".K..sj[3S..M.^..Pq.!.{ ...$J..Lz..(\.....b.).."..o.... .Ip..Q..P"[/$.W#&.ZC.=..=P@R.5.T..U.(VW.W:.8..M.e^....i.....C.....M.D..M...2.yd.d.....A..l......P.......!ivug.J...&.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):778
                Entropy (8bit):5.838793555189804
                Encrypted:false
                SSDEEP:24:+A8cyltBIO1QJuCUAhZVZjH0TH9O5Ye+QUiln4V:+tcYLZ1QTU6VZDNEBiV4V
                MD5:91666B659D7FE34D7C71A6388E8DF648
                SHA1:FFC48F7FB9D19743169BC4DAEB386B921601DEB6
                SHA-256:826DE237143DAF62767A6C82DAF33A4D0B3EA126BC36ED6109796E17D115CA7C
                SHA-512:F9DE827C0C9A4809D69355545577F949D8AE42E2A0F6B4EA64FC2B2B29D5FE49F2818F9778CE4894EE03536A9B7906377B78DD2A3C45724536921E23F4C80E37
                Malicious:false
                Preview:.....\.........`.<..,.2O...o}Jz%.P..R....K..<Lu.s...Ob)....@Y.S.V.7+.....I6.....(.D.S.z<a..[..._...~.j...k.t.Y~.qet.@..l..cM.....g*..E}.aQ..........%.}LXF.,0...y"+..H..Q..%.5.'.vl...y..8M"..H...\.e...:..J....,.s9....9....Zb8J.!r<.3 }.K.t..@.|.[.3...p6.O460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):983
                Entropy (8bit):6.53718405813542
                Encrypted:false
                SSDEEP:24:GI9/AAeIlh8rOya2nmfiqm8BjZVZjH0TH9O5Ye+QUiln4V:Gw/AAN822eTVZDNEBiV4V
                MD5:232B162CADC7BC8461D3DBB06836549B
                SHA1:005449BFBEAE80D55D60A058C08DF8DC45AA2808
                SHA-256:AA053DF5FB98D926A673D2D2873E33B9F8920850D9AE04E07AEEEFF3B7932ABC
                SHA-512:37CDB63A1CF5B6436A6D42E1949DA5241CE02674A3598B0595C4C2FF460936D08890AD796C963407D5A2BCFB6D820C5F1A84410E30E45B6345F267D850DEA635
                Malicious:false
                Preview:x.pG<....Sd)....nkv.8(ZY.p.l..t.6..sn..B.}.ky.u%.0.........W.y_..k.6....^.).W.....j8.L:..<=h.Qbij.......F...v....u...{.\.jf.w....$.._R@..o.......N..r..!.........*s.CO0..#.. q...C..f.".y..X:.sc.3.H....M..~..'.\.`q}.f.)..|...n..f`...q....s..A.V.v....*%.(qbC~..~...p.Y.....ih..=....>J..5...;P......7.C....f.Qa...;Y%y.......(..=qWh......K69..WZ.......oP.%....N.&.-.=.}...3`.fg..;..){..r.q.>i...@J..+..c.r.....LN ....O...\$q.ka.1/<g.%..p...h...1...R..U...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1365
                Entropy (8bit):7.189059519266758
                Encrypted:false
                SSDEEP:24:m5inisSMMJG87vbtlplMxLH73x6e5Q2iOZVZjH0TH9O5Ye+QUiln4V:ginijM6fpWxLb38EQlmVZDNEBiV4V
                MD5:53F05604E7DA3F29A0BDB6BDBA524C6B
                SHA1:A85D30F2A319A773B5904BB692FC40C09CFF6994
                SHA-256:4EDE268BEE5FE5179A01DBC2DB0A5226BFE8F3A568B1FA7C16D14F4CCA119BCD
                SHA-512:76FA74F9BB9E1E7E4DACFFCC2B761731CCABA8FF9AA5281076944C3E2A537D314C01F23897D9F53E685E10C5C0CE23E0EB90C2337B6B582E2E8F909007097415
                Malicious:false
                Preview:..E:@x....gx...L..o.?.y._.p.vF...Q...U3..f.....-....%..u.G.%..3x.l.....I<.....^l....:..&(U#...i.O.jR..5\.B<Ze.|.}.)..k{R(..P..\.n...lf/.......$.N.....M.............VY......f..g...#........b..qN,...M..`.Y..c...;...b.9\..j....I.!.FP......:...%...&.).R..a.YO.F......~X>.....K...ow.>..=&.Y"..'.b,Q;...vl}.N..)3......@i.I..)dC!.KE....}7>_ .w'.....'.^ou...Bt.=#...T..Rn..Y..J..Ka....+k.v.*..B../.|MiA6{..E..... ...............<...E3.m.....y...tQp.X......"O..L.tO....U...K.at............b={w....\ab 7..)Ki..!.H....,.o.(...t......."_.j..I...$9..1..L......_..3.U."q....3.w:..A....I..N$\U..F..x.t...Vq.p.VU.....?*..t=K.dY...P...McL7.T.p...........C.........vv.P.m.n.]../....C....L......D...a.wG..%'Kze.i....k..k..fe`.V--...s..';2.[.8D&D.5X....l.N.K..d.$..Y....'.8........c......F.W....j..`lC..n.z.#,..Zp^..pH.1..F(...g.*]..jm.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.937069544459508
                Encrypted:false
                SSDEEP:24:J0hHULYfsq2nZVZjH0TH9O5Ye+QUiln4V:s8VZDNEBiV4V
                MD5:B119271831447E94ADE2017465BD7A7D
                SHA1:D443C0CB9157CA0AF0F1223723488F4DAC64F41C
                SHA-256:072BF0C321A80B48087EE5A9D8B9B02437035D791B19A3B8ED28551D3C623129
                SHA-512:15BF74E8DA8DF38E11915D74B6D4AAB9F0D19592421BDD308E25817A08901F4E995FA4EDAE84512A05D9ABCF146974ECEC4B8E47ED0894DBF0551B870E7A8734
                Malicious:false
                Preview:...........n..[y...'r..R.|....t5.`.....y.Tvhh.M5J....sp....J4D..W.*.a..^.O.).....s....M...=...qh`.....cQ.8].g....#T...kP.,txf...h.UK....*1...g".o..k...."2...Z.+.=.....l.z.[...a0.9!Jw..:.F......7*<.|..c9..v.d.T.>2=..V.`...A...9.pYGixQ..j....85E..k]...=.]..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):778
                Entropy (8bit):5.9029238124265175
                Encrypted:false
                SSDEEP:12:ohmaFeU6hWlwQBpsh/RWfcvZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:oaY/psdRyWZVZjH0TH9O5Ye+QUiln4V
                MD5:5F77F483EC7367197B7649B9F07F0B93
                SHA1:CE0BE652F11B77F616AABB83893313BA24F3321F
                SHA-256:8AF784BB427F292DA78FEDA0E5F447CCDCC3DECCC7442156CE2D212412733134
                SHA-512:41BAEE3CC3363F275D5CCAB82091A4114F916B3C84459BC9B463C2F5383C064251E0FC4B6F98825D2044C8235F7F66B1D86C1A9384027A4DCF1047161463BAD6
                Malicious:false
                Preview:O..}....O...._..R..2*...t.Gi.1%.{..[.Q@n.k.7...u.V%.z..7.n?.......u=.W?Y](..qx...&....9v.0.C=u.+..-..a..JbMV.C<....O..a...F.RezH].D.....J...@E.z.....O..e....3=q..;Oj....Q^..0.y.:t..$b.E`......p{Pa..L.w...b....A..}.'._..Zz.ybb..&....!...<.S....rm.;.`.vT.x.+&.r460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1059
                Entropy (8bit):6.698909071262931
                Encrypted:false
                SSDEEP:24:h97+rOcK9HjBXoQy5NBPGuuKzd0iNeZVZjH0TH9O5Ye+QUiln4V:hR+m9Xg5DPGfU2iAVZDNEBiV4V
                MD5:9078EDB29870C0BB4EDF957250EFCAE8
                SHA1:D6C38728E3F6020E2132F920DBA1D3705DEE476D
                SHA-256:4AD300A97BACB2D988B647A77B0876F2C3492FEC44897DE21C74032083047C1D
                SHA-512:8EFDC3B183E68E46E8A123F31A25388654684B7D9384AC8CADDB37BC832A5DFFBA6CD7052751C7D917A860E5816DC74D78CD09E17145AE0CB2261F384C90F72A
                Malicious:false
                Preview:\bh`...kFy...p0.....l.`..v.g}y.|`..m..A..?...+..p,.w8..`r\..w..%Z.8.l!..R...G/....P.x$.\.'W.U.B..@...k.....1......;<..<r.....6....N.Fd..3..,.a.....Fht..K)K;...QkS.....S...l.3.a....e.E....".?^GZ....D'"Xi?..B.bL..C.,e...e......?n..v...#.I;3.......Gj(...w..7a..y..,}./a.w..k.j~..T^....,].../....B.R.gT.{.{k..P....a.[...X`..R.....9...y..>{.9.......... .&...1..4*:I.n....BW:.../...I....2Pi..t..lT.9..U..|....xW.t........Qp.}(../X..=.It.(.Av.....s0.A..8P.W...f!...h.u....x..)..b9.7...>5....k..tM......1Tbz8g....B...6.hQ.z....;2.J...H.~d460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f5208

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1416
                Entropy (8bit):7.174012102690096
                Encrypted:false
                SSDEEP:24:0vIImMfTm+IcFnJEvwxnLz4iuwEJxW2h1m4u9OQAAYBZVZjH0TH9O5Ye+QUiln4V:z1MfTuknesLvVwh1m4uiBVZDNEBiV4V
                MD5:4284D050CE0E717B2D84C3C1AA318AA1
                SHA1:A6BE3A87E0E12899CFAF18207C1BB2D7E33EBBFB
                SHA-256:3337D0C1CE151699CFD90790BE42A87A52FE8EB9223813F5A7E919FF00EC00B3
                SHA-512:196C833DC880A08624F581F880F0DDB324B6F39121D6556EF24FDFD028916F865C733DE982230392A81507168A5B00DE647B4DCA22874D1EC79FF0631A57D719
                Malicious:false
                Preview:l&..1!......n.........J.,.......-j.. }M@E..dn..."O..N5.d9.nAM..I...............CGUl....g.$..R#..+nM..t1..A..$..u+...v/..z_...B.p.........._.....Gdy..6Z}y. .c2.ym.d.......N..#..d.|C.d..........kfa].i0.?.U.ZX.iN..ik....9._.d.paF..*...t...`.a...Z.....~...4.C...... .(.j..Q...Y..<..w...:.tC.mC9.{..b.+......8w........z.9..E.{...[.W./.....N.t..PO.7...(.6.7..G......#"..Y...F..1.........@...p.D..)T...jA..ly.....A..5..Y..].Z.W./.]@.*...?[..t*.;..;......F..b|-_.K..]......w...8i....{D#...l.w.}....:."(.}..... \.AS....:...k".XD1....F..O...vS...?..:.....T.l9?.G..n.d.Tn;m..T..Y......0.H>.D.-u..Y.....0..&.....G.#3......^.t....oymVV...t.n...).xO.J...p...f.....nEE..FnBvG...../.X..K3....G....E.e....yV..pj.j.7.t.:..KP..Z.;%...^n.y...u%.um...<`..6..9.....F.FN....~.C\..........?i..[.Z.uZ..c_..5.8.~..i16...].......~...5O..)m.z...`..<..A.~*9..;.hU(.3....F..x..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.895594188406812
                Encrypted:false
                SSDEEP:12:5EqTEvfVdUj7kCC7bnr1ZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:aqCV6sCCbr1ZVZjH0TH9O5Ye+QUiln4V
                MD5:2C1B8E2BCF1C5AC34EEF936686ACBDC9
                SHA1:10D8027D6E21B8214561FF844EF1BA20AA5F70B6
                SHA-256:CB9CC9FC388A13BF29F862F2C1AC5123B91C066115BFE8A1A1C0A5D5B95A4D75
                SHA-512:39B36A7B9430C5EFA97400083C6DA843BDBB64AD278CFF9BC62011BD15C97B42017857A4CC2E5A73447895CDF9A9C416A6DF26195CE009BBAD551B37600380F2
                Malicious:false
                Preview:^.x$....==.N...u.Eb......w{...'.9..,....0.@.S....a.4+.......'e..."..Y.F..J.B.x.^.V0sv8T...~.a..6..zp...`dJ7|3H5.D...a........,.`Eq_.i...\V.rE ..$P...Du.n.....h.$..|....6..'.B..%.....r.0..+....wGP...i..\..S.......If..6.5.#.K.l6g....m....PX9@.|..................E.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.491841180197778
                Encrypted:false
                SSDEEP:24:X6iYoQFQP135JGo/TmHIRsEZVZjH0TH9O5Ye+QUiln4V:XIoQFQ97/7sYVZDNEBiV4V
                MD5:2DF55640643C45014AD6B49B5C70B521
                SHA1:5BAC7D15394387C6B1EB076A2AF0C5DF04994F87
                SHA-256:D44D6C24F41944F6BB7214EA9052E21C86E1190EBDDB8620D2B40691B6138BD7
                SHA-512:00D40FC6E1BE53A953BE044EAF545EDADC1CF3F51496AFFF5EBCB3C84305E55E0401171DCF057E29552D83CA5BDBA9BA59ABC2E9ACD18A4B30F030766435B4FE
                Malicious:false
                Preview:....9.S.'....H.>...~.....$....r....'M.6.w.....b....kc....e...>.......T..r2c,Zn.d...2..=h.....u..keX..K.1.*...Z.l.....8.*...2Ut^...7....H.....t.U.E..Z.......8.p...@+.{(.K>.::?5.......8.^..{.........J.S@0.G-..f>..S..:..uo..{...I.C.D.B|1....b.....l.U.X.g{@.K8.<.kjF...^=......2.*A+GyJ....%.^...r.....ub1..'....v..]...CZ..O<...0R.j.V..M.0.{.....2.E...9hO.hJ...ed.Wl..m.&..ct...:[...(d=..p.r9.,.9...Wd.S8....".......|p.4t..P..V..........\...;...x5$jx..f.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2168
                Entropy (8bit):7.607999374949129
                Encrypted:false
                SSDEEP:48:RrI/dytKVwuHc6lhOuFypKI/hydosVZDNEBiV4V:TcVwu86l0SeBiV4V
                MD5:C15DE7890CF0658EA2C4A642E7EB6978
                SHA1:4BCECFB7ECE6BD5BC33454586DDF6F6E6B154A8A
                SHA-256:EBAAD0FC5A9A3BF00E8D279423EE79082D490703EB7D9719A1D99E500010D991
                SHA-512:1F625C32600C6B4A7C55E94F227F67A9EED4A9CDEACECF31FDA2DC951BBE858FD80824C39F9A85F4F74AB889B1645636B5FF0C6FCD3D23D541826DADF796329F
                Malicious:false
                Preview:..\y....d.[\,..w=Qga6A..:..:...z.r<y....7.....H.zX4._.+.qo..JoI.....l.....n[.T3..V.K..-.X.')........`t.#2....j.f.9..;8........=..lI.9..?.X......H.O.g..........|......A-.Z.-@?S..*.!......d........"J.T...SJ. ....0....)...R:..mZ$...2............K.6..!.N....=s[../...B>adk.u.sc../0i,l&.k....9^.........yeI.......kmg.!4...%F.,...{...].s.h.Q.....f....m.u.nu;..-.Hp.0z;g....._..s.$.......(....._...g...@..J/w..N...o...z^..\Y...~7...e..&.B}h.KL...c..!?....Y.v..-h..).......#.J.XP.2M.I.....h<^p.g....C........Cy..iP......1L.k...I..,.....S?.A......R;.U4....7v-c^|.O..;^..9......y..H^.X...q....H..?....vM......%FC2.o.8..R.q.].uv..JG.+C...............`j.H.Ed/....7..T&...&.g...z....3....M,..SR....O.s.[}.....0..I...e.VH..!..:.R./.HlZ......L.&||..M.FG.-.S.8..:M.#...O;..\."....X,g.".Q..L.I.L..R.^.s./.....oAk^$m.q....=.............?........L..v{G=..I_...d.V:\.6...#.8.jQ........k...;..ls....o.ul...C............`]_~..1....r......;...Q..1D..}V..7....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2767
                Entropy (8bit):7.716947712457765
                Encrypted:false
                SSDEEP:48:pMfaPxTVB8zUblP+xydQNR/D1QryEh4LyXSHlnGugNNVZDNEBiV4V:pCMxf8YbAv3/D1yhfSHlGvPeBiV4V
                MD5:92E85C4292BDC10B6B20564E8AED10A4
                SHA1:71679DD4BA944DA1BDA9D70BE02F44C028F41F26
                SHA-256:DD5E0BF40D2326A6160E6FC497B6187DC64D5DA10FF9B1292154ABE6788AEDB3
                SHA-512:0704923808DC7E6BE6B80362C2A073864EFC2C3203175BAA33D69CF06DFFA32359C39F3237ADDF4B3B9A570021BF0C591A2BFE22C9D82FF14820F5F0C3953E73
                Malicious:false
                Preview:.%.c.)....+...........{P#..&......8W....O.j9.}V[.....w...|k.".....s]#.i..i.....[Sa.\...$...b.e.p..j.O.UD..-..=........S|.r..{......4.U.9_....\..p.1:..Z4...f.s#K.....j.....a...]..z........9.jKv.....N.6.%.w..{...k`.&*...X.q...d..+8..8...;up..o..=...O..`8I... .^:xlE...o....2F.Q.....]u.........kE.....u`..g.G3.L@lEoO2}....j.5s.`.'%4 ..K....>Q...[.R...,0%bm<...C...w\N0k...S..EY.b.G.u.+`,...V.z..F#g..2.n.{$.....yG..A1x.R?.....oV.1A.........rW...}........A@..Y5g...zS^......p%Z..d.....n....c. l.0u.m...=....E....S..|R../.....a...Pd.. ".\.......%.Y.V..?..z.....r.CMo..4.#...:... ....kRX.:.V.#w..zb.$9....]....H:y3.....?q#...zJC.....}.......q.|gi......D..X,.....m...@<YSn..].s/.N....6Z.>B...w.n.....v...p.Ut..o..K....-.po.. .q.Kn...Qv.k.VL.G....-;..+..0.1...Ox:..M..5g._....G.D....R.....M-.%...*..:....V9./(......m..>*.!.*\I...u5).5......T.... .|.3'..X=.Cq.F.>..8.;..*w...~...&......Fx.-..t...c!..\.&,......A..@fS).....o..g_p.".../...#...Q.(u..t.ci...@>...&."..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.940197788907052
                Encrypted:false
                SSDEEP:24:lvIybQgKhLcLuZVZjH0TH9O5Ye+QUiln4V:lvN8tLcLGVZDNEBiV4V
                MD5:BDE1D966A197CB7D139295B60E4ABA83
                SHA1:96193123EC9E115A8B273463E5E0A061E054C872
                SHA-256:F5726AC2983094EEABC5465B6C2D72C34586378669407EF6EA7678AE91DD3475
                SHA-512:2817F96C0D1A6C1617EF0534D168C8E91B5B001A580DD680EB4EE0DC28F78407C3D3A5B88C52C585D2729C5E4C92FD1F06448E5DB3252A23E315B059D116F529
                Malicious:false
                Preview:@i..r.*...D..ODp..+...r..;D....0.C..h..F..u7..J.I.XO.Q.....r..|9...Nu..8....C....yXe...r...DX....2..._...GK..'.>...E}."ji.........~5..C.S...F..C..{..`..gfA.F...72.7~...k)..Wx.v.....L...x..h?..1..S8....!.......7..~..W".......2E.CgRY.j..D.k.r^iL..Oq...w..E.>H..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.508397125789325
                Encrypted:false
                SSDEEP:24:3bFs46Xil4nus7+gnFb/XxPiaBdZVZjH0TH9O5Ye+QUiln4V:B6Xi2usP1iaBzVZDNEBiV4V
                MD5:28130C3DB6A2781F277F9F8D3F764FAD
                SHA1:F0B543152DD754538F1343A172C832015E3BEBAF
                SHA-256:7810BA1AE9D14546D20CB74CDC366360710B21D48ADBB919CDE849A89B5F9AE6
                SHA-512:38DE15E905102622FE3B527F4DAAEAC3B121581FF09EA08F7231F289305E82715D81C9C7B537E615B57EBB5A8CD7227EF477EEB67D26828A2C85AD09F44712F0
                Malicious:false
                Preview:c-nU/#...GTF.Z&OXr..z.0D....@.B....?m...x.u$4...ZQp..4.q.s......y.(.*6...N.oK.......{..9#.Kf........ZaZ.e.Rq..f.(....LVM ...?L<.XyU[..3......?...eN.p.}.`.#..... ...+...w.p.N.f.....JC..N..X.y.N.K.+..s`./N..G.......c`...7$....=.I_..=..u....\s.X.....?.~P.r.._...3s.....P<K=..X.g......7....eS......@.s.;..J...k]...z..ry.......O.&.....4.'.|.D.g._.(.V.T.....e.(..NJ7....v.Td.).9.|..&.' &c..d.."..{..OA.C]p....X.H.@..]...=..,.].Z.Wc....D.M4.7...X3....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):7606
                Entropy (8bit):7.9450155873799675
                Encrypted:false
                SSDEEP:192:TOSXlFK4H83WwKnQ2xDgI6kZMmUUJIYk5b0LD4saKNKBLRko+V:LK4H83IdD/6k6mUU6Y2gLMDKNAKV
                MD5:7F52CCC28701222050B5DF8235FD922C
                SHA1:8F564FF0774AF3C92CFEE10C3A626CFDE1990532
                SHA-256:E1686856721FA68DA32176BBCBCD8BFA6F2C1DC465138652D910592BD45531DF
                SHA-512:00B698CA83750C983DCB2DCDADC3AABB10A411E5DACC9CE5AD0480232D413C902E27C1450ABAFEC3CB27B8B6911B1650DDF935745510F2E8350A113511ABFA21
                Malicious:false
                Preview:mw.W.h...^,<X..N.g.....1.9r...\.Sdr.......6.{/.!~.H...D,.Uz.#u.``j.!idk...!..g..N*...O.J...S%....['..........B.....=tBU...+...b.hj..^.b..[0Q.....["U......~`.%...4...,w.*.7..1/..J... .G.f.jZ....E..:~s..BD.e2I.s.e).].....<.....Yp...]Kd>S"........m.G#..V1..D.u....8$.2.{Db{Q.9.-..j.4.*...j......j.kJ9..=...s.ZR..=$Y.....j....S..._.......?...yb..\..[t.v.>.1.}\..v.y......pB.7 #.te..1...@..._*q.:h.....WY.qn{....r.CPF.}...?........%....,j.D.6M.5.t.....L'....D.V..,.x[.$E.?#-...<...si..p...S..9..8Z...,...U.D.,........y...V...-..T...+./c.....F...#..z.S7.$h8v.......30.......3.z..{.t.,T..K.7...g..2.\...s>..........2..........<......~*...#..At..H.....3ww.9"h.._.+<.......5...........x._......H.G*....RU\.r..i.1[...y...}5vP...y.~.[^+[.v...H.9.xa..@...o..'...&...%..~?......iG.(..Y]G.........H..dP.[._.L...73D|.f............g.7..9.^.....P.>(-...8].]8..3..../^3......aQ....W.)..3....;]......52.=R.....L..D...<&..b%/l..*...1[.|.+y7.....y.\....c...E.."...K.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):7881
                Entropy (8bit):7.9413915813174825
                Encrypted:false
                SSDEEP:192:NE8Oma7IoYkMkVlwybi8R+t4/lPbEVzwko+V:Nkma0jG3nR+MlFKV
                MD5:CF71EAF4FE5CAE6B094B841F1E216DB5
                SHA1:17EE4BDA7E972D09ACC1B904A346EADBA35097FC
                SHA-256:4ED6475ED34BBEDAD680E64963ED01E483E1DB6693FB0168BEF00F01410B44D6
                SHA-512:AD0C035F09D9F0750EC360ED7AE06818456477C521B8DA3EF01FF616CDCB0D55123432F125E721F4018848D102D3EF0C0ADFD3D96D68667095D6A5E39C6569AA
                Malicious:false
                Preview:&.]y..b.5>.p..EL..f....A...*..;_m.e..j....C.J..{R.u...d..?y.. .........'`........y.~..Q.%..H.g..DI.h...t..j.J.Y.v@{;7....j>.z..Z............f...z...`..Lm.{...FU1v.v.'.{.sy.F.5e.......TJ.r.......%.....w..W.Ow".y.^...+.....Kad."F.....V}...q..\gg.w...y.{...-..#.8.n}.s....Z.j...mwB|]X1n;.;..v..a....x...1VD......E>.4.....!......|Fn....%.b...wHZ.9g.>..C..<.......q.....jl4.G.qZZ...1o.!....\.,a..BGOe;8..}9...>.b.5.?.6GL..S.F.{\...e(.g...r...P.e.R.us..G..2.=0.QP....,N.).{.B....b.."v.8.8`..."fN4..Vr...B.....0....H...y.c.f.Iu5.8..|P.@...Z...PgoILVe`.o.'...M5...Ik..6.(m.?.cg.`w%%..,....S].C9....=l..:!l.l.U..c...{..yX.._...c.x.&.Ds5.@^...G..,..>jP.e.\.......'.a......=x....0.RkC.'|..J....}..EV.9.9.Z.9a...j...K........<G....^.H.r.I(.N....n..{i......[..,.L...6T F........O.?..4..q(H.;...[.XP.P,......`B..k.N..W3..L..../......BB.....fa..D:W."!.9.....X.j..h&....|s.\.p8./.C.....;....\>(0..x.u.3..0.J..x..*.0....%.rz....t]Xq.N.KUG..J8MBT.[.......o' m..z..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.947468312763017
                Encrypted:false
                SSDEEP:24:WYzFSKH4bKYPhSEZVZjH0TH9O5Ye+QUiln4V:WQhYbZPhSYVZDNEBiV4V
                MD5:30AA7477E5708623068FC519BDB0A66C
                SHA1:C73CCA867B417ACFAD419CFD04DF9EAB02170916
                SHA-256:5A85B2CFC8C5BDDD5B3934B9A0C52ABFDC6F7B71B8FF0C1E0E52BAFC93F1FB0B
                SHA-512:C7BEA79104E0F311DD83A63B170E59E37B8CFCE06FE3A0030DBD852FD7C50C42476198D6AD51C1667C5DB631F1806634B719C80CB20318C947482F5F663FCAA0
                Malicious:false
                Preview:...X9.m....SO..+.[.tv.3...A.!"%.v...WT.L.)@.|......>.2_L....S..`.*U...;S.h.0..~.J..=>..%.Sa...C..FG`H..w..*nM..Z(..l.Wzf...Y'...._&..t.s;...B....p...A......k,..o..b.4....Xb9!1...Ux..(.....Q...B......8h....&.W.m.tIsv.sW...Z...z6.(.b.V.s...........?4...E.};d..a.RtR.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.88792168505104
                Encrypted:false
                SSDEEP:12:inpAMwfjg6FngiIgipZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:CppGFT3ipZVZjH0TH9O5Ye+QUiln4V
                MD5:A451C56D248BD763D0FF48309841034C
                SHA1:96E02F7B8DF17C263C521547BEAEA90F63C4B414
                SHA-256:624A9D4EF16791D717EDACE89E1F7F2ADBE47CF2E88AE5FA52E44F012EE59F97
                SHA-512:DEA16F42E56D59F2BE4632971CFD69F1F5221FDC6F1EAE10D4D7289A941A39BC78EDFBA8688036C8D12A4602056C7F040AF4F72FBCFB459A0C4600F1F45C5AAF
                Malicious:false
                Preview:.<..^n..j.q.?wO....zxRNf.t.M....wL.g......,W..z<....e.o<.....Xz".pd.......m1...)...3@..<....A...NG....}(.`..|.......O..n.......1..9^{.H`^..Q.l.t.=.XFJ..d..a..Lpq....l...D.#...z?.`3.V.."[..*.(k..*D.6....e.:.,6.. .P_z.zc..SGr>f.$.U.A)(....z.!....K.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2328
                Entropy (8bit):7.630030868051137
                Encrypted:false
                SSDEEP:48:i8N2yNmSuHGnleWLRAduG8YYAvJP6vZK8IkaCS4uP2VZDNEBiV4V:i8N/uHGlZAt8tAvJmIkxuueBiV4V
                MD5:36F45FFD496819EBA552D3094418E7D0
                SHA1:3174EFD064EB0B5F793A692193C22DE10E0E596D
                SHA-256:6715A56112EAF01BB471A9F9A724A0CB8DC313AB54943C23CAD02B624365BC30
                SHA-512:E29B7BF75AFBE29FA5C29005B021CE03FD4122A934AD622130B7D095F06807509D7116DB362ABC9AA4F5C1688FADA37D27D5390018200889F7C98F64F00D5E7E
                Malicious:false
                Preview:..3..m..v...R!..Yx.e.....*L."./.....&...6........h@.O......i0.X..Q...?..6q..t.:p.._L...w.F.......@!...=..`.S...ZQ...02......5.C77F=.s$.9...T4..f.u.;...DV?{.....o%k4+VX,i....a...v)9.&.I4..V{U..{...na...s..W..U...>$...=..q.R.&.....Al.l....q.[..o....z......L.#.A4(........A.~.........?P.@.oC..&g..C_|.....I~f...`..n...qn..P.[.<...4....].@.?.\A.mc.^5.9z...}.v....#..{....t...p......2D.K.J_..........-.Wx.}X.;...:S..3.Z..}.phbU.q.+..&.^.......~.ia...b>.Z.=a\..`.G./u.3H/........e....w..M@./_.NSJk..3..;.0/..2..../^......~#....;;.>.O2......ZE.a.5...6&..C.Jx..=Q.b.]./Cc^.....8PP.fD.z.....;!7........D....z\q....g..D...N...$...N..L.4.M..nB.Q..3.Q.v.qkt8%.OM...!nD...>.e....G.e~.e.......3....oH._W .L...oPD{%+.C......c.<.RF.D.2.....T..3.u ..@..m.!......1No.-.p.0..:Qc.-.7.&.....G.j@.2..R..drJ.c.[..(m..|C.{(..$...zK.4....#...E>.2.U.Rc.....Z...Mb.[R..?./.....$.+C.XM....z....%"..#.}.h.E..#.z..Y7..G;*T..o..k.X..B.........Z.."..ZmQ%..jv=.rl......0H?.. rF$..L

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2658
                Entropy (8bit):7.680594124640585
                Encrypted:false
                SSDEEP:48:waScwnKBf3Ydn0BUa74JfPQKAYQ0uF7p1hGF3leMVWjxAcA+C4NUpVZDNEBiV4V:w+Jf3Ydda74mKAYQ0K91cVeUWjxt24mw
                MD5:77C34AC5825EB833502D8F6E44EF165C
                SHA1:50ACC4904FA7B84C5A2EE135D4B7C1A17003A8C2
                SHA-256:8D19DB4EAD5DCF21607060B05B4223ACE6A823D81D0F00DA246C8DFAF8822404
                SHA-512:18BB945A09A0BD959A26F453A19180912EB10BB3C7148EB6739455D91F55B06A0ACB2501B97AFE9ECB9B2A265B690D8ABE63DD85DC12B31F9DA16A2167136A1A
                Malicious:false
                Preview:/M.nW.o.....X..}...."....$%J.;.1.(gc.v.nWN.m...........T..{..vR...-...0].%I.6......".u..&X"....e........9.vN.9`.y.e..^.}.t$nw.\?...........{.p..6@.:...J...Ki.u$....g?....a.~o...wCX.....9s.....0.bh....a@.7..W...2..].....u.P...c\..*9.....~.&,.\..G..,68ZD*.,/Z_+.[P..hT.-S.P..o....P.e.'2.f.85..N..Q]`.n....C.+..Z...B.=L.RV..U[=..Z'...,/..:'`....c..Y...[1z-Rz.|.T,.. .\,...0V]."..V..../".........;.w....L...ov..4...I.>6.k.................)}[...........Y...B..7&.....P..WV../@.(.;q]k*`;E..<...BO}.c|..Ry.mb..t^..f..f@2N.)9"|Gk...Q-..w}Q.{..J.....iB\.A.U..y....98.5]miCY..f.O.e..1.X6(Zf..@Vi.U.mqq.~..|..+..C.jAX.[9...]..KIT{jy1y.R.$..a..PnP.....K.@..g.z.....?...ty..x.X...&]k..NB..\.Z...^..+m.P.V..(A.|_...?5w...v..w..$.s&9..z..[.,..,*0..l...zJ....B..........2.&;8./=1.O...#.!..>..\..LG....!E...z.!...7....'..L..aow.|..V'9G.s.o.'BQ).....2.y2.4z.|....{....!j..... .(..J.....n./zv.).E.g}...XU..x....F..gl.......$....d.:.P....|.....ef.....%$...6.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.9730769726701585
                Encrypted:false
                SSDEEP:24:hfFRxo/LrlRFLbmZVZjH0TH9O5Ye+QUiln4V:TRO/LJfKVZDNEBiV4V
                MD5:11402E9D1E9E1561AE7947F9CB48C04F
                SHA1:2CEF51DF6E6DFBF6514E6DC24DA0B5DEFFA34609
                SHA-256:FD8BEEC8F6E7F22C822E87210CD46AB21F4AA8E9688AF76CC8CE7C5132DCF17C
                SHA-512:27C6859D33824E1FFDF37DD8EC2FC322B2CF1143877426906122EF151590B22E016B73D5C1BFFE92F0546D6FC18F07713807B841A6243747A2B3B3AA34B29F11
                Malicious:false
                Preview:y.A..mI]. .QQ...b(...8..6i?...FD.u.(dp......#.w..j2....O@.s.J..^.r...o.^...O......&.3p....(......$0....Th,.P..;..o.kM|..Uo....e......R~.....Q.*:?q.X(`'GBxO.T........>..!.!."G.3..&iI/aV)B..V.|.YE.<.. .Ki........{.a$.q..h....6k.7F.kC...;...o].V~k...c.).w....D. tL..rA..G460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.505542681960011
                Encrypted:false
                SSDEEP:24:LEoHmWJrVE830cZSo2ZVZjH0TH9O5Ye+QUiln4V:4oHucZ6VZDNEBiV4V
                MD5:785CF09FF06EF77094435E0C3F471B14
                SHA1:A33313788765234233B5A29078E5055602E3054D
                SHA-256:2419ACA5CD202A8643536623C9EEBCDA2684770D5A4E50865398FF4F8E719B70
                SHA-512:274A317E36D94D72563FB658509D63A96B844A3ECAD7D2F49AE919C16E741F3129147D220EBC1FCE8C35342443FB174E82CBBA1B9C8DC06A975EAD47301C820B
                Malicious:false
                Preview:..7..sd_o...gQ....N..G..qA..P.l#=.C..DR.5...5.P.W..T.%.+.L..P|.=.7..S...^P1..>d.D%.....W!..Z."......v>.9h.6.1.Jt.C.o.1._..T2C.?:[5A}...lS...FVr.....y.z.....{./.r...........H2...8......o.V....}....0..g!+..Sz~-J.5&.4PF......;WW..2y..}..$...9..Q.-.....8m..a.QL.O.bNh...-.%..#)..Pd.....'.1.Ct.{..rZkg.....)o=..OVt.T%.Td.g.$.p.....g&;.f..^-;5UDKj.O.....I5./v.p.M.4..A.t9Mc.J.'lo..!....U...gw..u,FvW@B.@.YL~...j.XNi..R.f..C.0z.oyk.J.......!...'$..#z.V..H.r.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2155
                Entropy (8bit):7.5780240072929015
                Encrypted:false
                SSDEEP:48:0CYTQn5YeWos93iqPY+CHc7VJMvEDLr4jAzBC9VZDNEBiV4V:0CYKI93Pr7AEDQstCBeBiV4V
                MD5:F53F648589388889AE554183017EC16A
                SHA1:7D83E2CADB892309AA974210BD4C64AB5CD0A492
                SHA-256:3AB6E92E3F4B64F35A7A275505CAC5943C355807BEBCE18C39B92DABCFD8E7B5
                SHA-512:14BF5A5B2E706276FCEDCACABEC502E383C89DC3017F6F050743A9E24C45C7CA04A2349802B34731687FBD77CEA0A30219BBF536D89FDDC74EF4B27EAE9EF1F1
                Malicious:false
                Preview:d.3?`..Li.9.&..>...Y.c......%.o.L.2b.H.z......6.V.e.-.Qi.....*N....d.Y...S...&y........\....n..D..x...M$...E...t.V.p....^.5...M.$.p..2.+13.[.G...V".<......$#.;...Z....59..5Z.....Q..".Y6..is..R'9.....X.{.l.............Q...(.f.85n..K.*...3.i..M......8..R.]".....C..oZ...._.A..!.....i..-.O.w.Vi..W........_..x..:s)...o(n..\..*.._3jY..v..z.....L.Zyv..f..4Vs.r.../.UIIuIn...TQG.....u.p..c.^].<2..).P.y...3?.^..1.5u......*]H.w..k....[..j.I....=..l..5.X,....@..>!...n.I..N...?n..W.\...+p..P[W...e.5.Z,[..@......Cv...o..X..j.Q.M....j\.h..Y.....(1.b...........1>.i..4.....A.$..>..'5..`^nK..o.#N\.a.o...$Y~..X.,..-..{.....P.:$s.G.4.(d.L..._...EE.....f.}.q..b..3.W..h.v....[..0[.P...evM.gs.E..'[.f,..H.I.g..^...0A.".Z...mS.C_...:....O.....X../....,g%m.c....q<...:..o..ni..A.Za.^@.axU.L....n..8.'.=..'.g.......2 m..}..RO.w....Z/3y.0..}......_....Q|.:..r.....Yz.7..LXcq..=|.DS...?.~.w.h........Mj....E5.+F......|L..cv....m........F\.h.._.q..K...p..........EjUQ=..r.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2749
                Entropy (8bit):7.693441285558952
                Encrypted:false
                SSDEEP:48:goNeAEC45Cbpzoprad1sdau0j4GDvtqwO9MxY/InNqmWftTVZDNEBiV4V:beBC4kbfyaBj4GDvtxOH6q/ftzeBiV4V
                MD5:70F2FBBFB55C9BC9426CC36BF536DF1F
                SHA1:B8BC5CC4BD84C25162BEF9681BB22C3B87DF55B4
                SHA-256:B945A258441C9B79518DE4081E20CED2C5B657227ED36643C9BF0769EBA2BABE
                SHA-512:51A1C05C39D5A00AB2353429C757BDBF49D287F637381F3403D1B6FF1A6D31E47D536A6FD59EB02C28E9FBAD3285AFEDB1326FBFFC607253A07510B66F9C90E4
                Malicious:false
                Preview:.?.9.K".B...h.AH......o.].....~....O......../...~.....e.......g8.....\..m.G.V.._...]..K.PcW.......?...P.E....H1....y...8xZ7.:Z+.V.z.}.0....."sx.$...j...z?./..u."n.+KU....k.?.:..D...=...\.X.S0..^......'V Y;.4o....*......Nl..e.2..^'..........n......_.%.......4(..xZ....B..M..-.E.9..h!5`l..R.v..z.l.....0o...../...(4....{..9.S..xB.....h[P....>............6>..8..r*..........YkQ.me....w...d.;p..>.c....q.t{R...$O.=....K..Q..{.lmX.!...h..)...a.]...n.b3......B.Qk8z.....Y..2.}5...Kte.C...R....c.]e.a......0?f.{.d..2S+."lKld.k...C.+@$..?._.O..A=Uj....1kb`A'.\).Le.(.".....d...>Q.........^a..o..Q..|./\K...H.c.k.(.I9'ea.....=.L.K(Q.Gl..B+..%.......V.4.#.!...h~...1.....\..P....le..4,... ........{P;.Uf.x..s..Ms.. ......]KV.L.M...l......X.....7....../6.I....._.g.....u................>..d.%...G..i..:i......-dR.u..6..-..Q{$.,....v?.M*.H......U..{.....x...cZn.T$*b....Rg..~T.V2........l....F......o.'a1.......0...O'.....N.Nf$..........9..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.987489264447537
                Encrypted:false
                SSDEEP:12:V6+U7zZ+iV3BivCLdmZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:MjVxD4ZVZjH0TH9O5Ye+QUiln4V
                MD5:2644191074AF841D1D4155207AC12EA4
                SHA1:EE3377A476C7BB7143F5863DF9F0FF6792B38D5A
                SHA-256:A49865D1F096A3CE92885B37C47E9E5E72DC812DEA92848203A10E4235017993
                SHA-512:E8343BE0456EC1DCF8E44867CDBD9DE6A161414D0AA0DF0EABAFBEBEB143DAB97270DA90B291F30D7D9AE66D6748552E3859BA499611C7DD5785F140AF27F021
                Malicious:false
                Preview:.QX...b...Q$.*..eF2....#.'.`.{s~B1..'...Ee{.....<.`oi%..p.4.....2..GI.._).JVR.b........P}A......'.vk[...<h...(..I....Y.0.C......x.....c:......O2t..Z`k...S....]+..#..]..B. ..FupB...CK.kthy.sx.q4.k ?.p.!.'.d...O..W..b.@_............\7&..{{e(]L,D...W.z..x..O.n...t.|.M460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.96445687007467
                Encrypted:false
                SSDEEP:24:EoenVaWwBBy1YB2B8QCwSL47ZQouBRZVZjH0TH9O5Ye+QUiln4V:EohRI1Y56SLgc/VZDNEBiV4V
                MD5:7EF0989D8259D6E6ADDB2B5734F9C18F
                SHA1:ADD971F66B44ADB029D09B31B6ECFE92D6EEA6DF
                SHA-256:9943DEACC118D7F19B2A5B6B660A901F3539DBE1D6D84F799835076B15232245
                SHA-512:CBC0D00CC164E1F6F4C9C6DB3D77DB6370E8BFC887BE834B3BB363746048B6005451F5B532BB15F160A663D70F3110CA2B254D0E9C0BFC8A670073AC236321A4
                Malicious:false
                Preview:q.e./.#..G..3....@.....}...d=...A.P.>$N.iDo..y..........V. .- .c5...t.?LM.....p.Q...%...f.DX..CoI./<.nnw.!E...,........7...`<Z)m ....D.,w..z{\.../.n.u...=`....o.N$._].n..|/{.*..D..S.....K.......E..GbC.u..}.?g..l.....g..*.......N.C.1b....\.dKZ"_...R.P..C._I(E.H.|....0Y..z.#Am..x..z#//..S...."p.........h...{..k<.L.}..R....>5s..-.C:.j..?.n.!z.2....>..9#.{.Ju.mw..c.J:.."$.0...~..2k.z..A...Tw.?.(8%.....T.4.+..._.#D....*%.......g.eg.m..qpZ\....@+../.c7.....i......F..v...4....QM.,..o...F..$^.).lZ...f..Q...up.8:x.....Ax..?s!..|+2#^5.l:.....qV.$f..x.'...,=.b]7.G..].E.[ju,..\H.`i.V16..z..b..j...#...-.....&o..A.g....H..(3..3..w.].=NJh~!O..c3r..m.Pf..#.8s.6.S.._U....i..r..Rd.7.@............460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\0__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1909
                Entropy (8bit):7.4963008320419355
                Encrypted:false
                SSDEEP:48:QZxy1BhXXh951wlnq4WXWqAiWTAXQVZDNEBiV4V:iwBhXXh95yY9o4EeBiV4V
                MD5:FAAC2F6A822B54F81E546DFACA11C3D0
                SHA1:E3A9E189F3D431DD71ADBF603F9E5251ADB0459F
                SHA-256:70E020BEBD4D0C04977EDE0CF598061FA97DE883A38878CC8B495A032B6D4067
                SHA-512:B93358F265A963841C8FFF066919D98E5EB98566EDDF50E7EE6050F5939FF24EBB4C358386A7D6756FD6E789C929F1E417E38EE3E4712219380AF9F0737A3FCB
                Malicious:false
                Preview:...hG..+.ry%.*&..iJWK.-d.?..... ...Z..R..O.... r'....M..*7.{..Y......Ov.vm........:W.s}..3..16iH0.D?......".Zt._f.....f'/0..._.x..H.$..a2.l.&..a.J.7.<l...+$. .....00..!.,.AK...dm\...0.K.M.|4.....r...+../.....".L,.....5J.(.9E..)..9...t.^...x.3.H...gD...>_R=o..GY.U..k1.C~..U.*a...)8.........2.fWE.H.,..X...`.X3.G.Ti0x...$.&`2..BA".'..+...1...@.....|....#$..?..v.....N"5.(.-<P..Y...k..u'k...m..i....j|.dk.Q7\"YS..>....h...NU../.yt/........\......TJ..n@ZZ.d...{h{.G#..IJ..H.........)]A...s....xh G......&.y......>i..<......Q.K.<.8.-.9`.l..W.4.A....dZl.5w>.)i.]..H.._...4P..=.....t.Q.%.R...%.w...+..9/0.!.@..[P.V...j.d..;._:...^.%7+.....=S...o.....:......b....P.^........x.-.%V?r..j$x.....b.0.~.zlu....d...Yp...x.._'... :(.C..M.%...I....ZM.-.b.9.F..s..R=..\+ ..L.5.E.$...V.E.[z.nw..,... .U"...V=sn.^F.t.@.....yj.p.P./..%..G.....>O..y.........l.Y.........u1..Bb......A:.8.ZU.3.....t.=......-..u.#)c.m..Hd.^F...`.......R.C..2........Y.C..I].s.b.X.....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\1__Power_Policy.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:DOS executable (COM)
                Category:dropped
                Size (bytes):1909
                Entropy (8bit):7.477289328483719
                Encrypted:false
                SSDEEP:48:5Q31i2jPlByF31V4v9DZSrJxhbS1HTGwhDCyVZDNEBiV4V:5R6dsUuJx5YHKtqeBiV4V
                MD5:E4C7B6EC635F98E8B56915E8B25ABB6C
                SHA1:A9A0E432382857C6A91DDACC4487117865AE8104
                SHA-256:A1441D9B61CECC942FC1C63BE53BA2BE7E3E1C3C8C09C3DC038819AC98B7DDB3
                SHA-512:A8FD46638212F0C62B0B81F73390457A6181CB62DD25FA1F01EBC300EFDEF53DBC70668B2D611F44D850E4867322A08E2ACD10BD4DF91A2DF53AF5F24F5B902B
                Malicious:false
                Preview:..>G..,.O.7t..O...w.jz.2a...I*.n.a.#.qjm...0o..iBP...7V7;.ey5.......X&q..`b..:.s~.o...-C.>b..mCQu["uj.......Y.<..C],./A.F@.5..LV..|O...P...C.....\_3...8w..X>(......#<.>}.ek..-..6...c.J...T.....k..-V..1....."...Qri.y.8B].1...R.........(.)...,.....*...z..^..0.g.B.Q.V...iN.4..o>.1.....c,...P.!...$ a=q..w..,y.d....hc#...71....s\..a9....Ty...P...Q^.br...bLs....w.-.x.0..)..<....g...H..QJ.XK..J%{[.a..=.-..Q.B+.J&@...gY..PB6..OL?..d...5+.H..b.g......J..%.<...."y......7.=fl.oKSQ.B.K.|.r..>.=..5Q..e..:......~S..~.....D..oN.Y..gS.`..#z7.....yQ.../c....0K.....^.Z;X..K.....+.....*.3\..k......,......Q.........y.k....M..`P(..=1.]M..W.Fz....D|....N..M...Q.o>.?..z..;X..A...E.&.)>.C.....V.d)...RX....,......$y.............$w..Q7.%1.....f...8.;5..3.wa.5..}...Yx.WY....8.f|[.... ....e....>.u.@k.|...:h.....A."...~.N...+.:..f9P.w8.....V.M...~.."...?<[&. ^2`..`.......x.ne\......M...{...*..:O.^.I................m..+_|v...'. za.~...c]..5..I...x.&.P....T....k.&.p.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):4077
                Entropy (8bit):7.85103981040673
                Encrypted:false
                SSDEEP:96:hjkGCRSLPEDlMLVgZM3w/4rOMIebFfTdeA85vneBiV4V:irmVVgZ5wrnFldeA85veo+V
                MD5:A2041E30700F8F34D030920100DDA747
                SHA1:6097C04BAB15AA5543F22F812B9A9CE50DCB648C
                SHA-256:66677F958B9B8A7BDC38A2DF72B9608C0E88C0B6D3B2D4E4F9A72AE61B3F0413
                SHA-512:099655C09DA2FD6FFB93AE3F01AEE7CCDCB69CC18152CE4EBC42383D385B7B0B556CE48F0649704691F476D0EEA5F20121B6A15A43CB88FB0A139DDF173AA0E3
                Malicious:false
                Preview:g..0..-.{.N.W..m..u.QD<$...<9..Q....R...T0}..P.$.|pl.B.....:.%.:.9.D.LG..B.?7$.&.L....g0#..>{O<.hw..pWM.(.......hg..D,.A_...62....yq.i[....j0.M`.rk<.{I...o6....=bl.Y.......T|.K..{.e?>g..K....6...MwP@6G.E.G.b2R....\...........wo.<W.H...8^.q.K..a..h...{).-~.....]. .9._.F..z@..|.....u.yM`.).U/..S...^..)D#...&.#. t_..,4.X......vj....%....'...5.a.v..m..W:C.2Xo...7G.u.H.......!..zp.K...S.O.u.....4.2.F...>;N.c-Rv....}.Z.]....E.3......d.P*.d...>..g./.Sr,.l.n.d....qj..nb....I..y M.sf...R;*........+..5. .,.7S6{.>e..RJ.+.*.&q..c>..F..f>=E.......'mi..|Q.|...Y.;.a.r..E..A.i.u\...@nm.t..H"..pN.b....W...W.b.X.4Y.o..|q.z...7.z3=......{..5F....A...E..h..&.?..d.....+..y...G.%..L,`.sV......J..&.........;.h.#.B....&8.,.q."i-...%~$@.>...b...{6...MMNm).Y..8....;D.(..o.w..8..>g.1...&.......n...^..........X.W..M........lhvnxI..l...5Z.hNGl..53.>.... ..n.i..........O.1..M.$T..d..+.....Lt.c...).9.\.]o8..:r..W...6F........;.7...}..'..+N.....vE..G..Q...1.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.902634219086953
                Encrypted:false
                SSDEEP:24:NtLA1hERC5WUEZVZjH0TH9O5Ye+QUiln4V:N9A1eoYVZDNEBiV4V
                MD5:03169693ACF189B030428F56D9DA379D
                SHA1:0FF948F700E08C12CCE019766B57EE2D1981E7C2
                SHA-256:8E07332AC84FCB4CA4DE7348ABBD3B31688950787FD44BD04799B5E604FF6023
                SHA-512:D4A0CA634DDDFDB583A84324DADD80FC978C8EFBC266BD45DA8DDCEAE3EE9858167F6F558A9C4518AF50E49F2377B35BC90880ED56ECB2784382E97E3AFAA014
                Malicious:false
                Preview:..+..8).e...xZ:..Z....9.L......."...i...v.z..7....~....,H..^...e...1..t.e.f9..+.;x...ML......;...w.$~......5...._.\.R....8|i....B;h[...k..6....-..6+]. ..:.Hj....E;.D..)c5.t...F.+ ~R..S."......M....../.@._..@....k...m.%.j..%..Dz..q.4.M .%i.a..[yc....W..3...8N*.X027T...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1066
                Entropy (8bit):6.710947013032687
                Encrypted:false
                SSDEEP:24:ABE4Rs50IN89YVDCCV1OJD+ZVZjH0TH9O5Ye+QUiln4V:ABE46aDeDCCV12CVZDNEBiV4V
                MD5:FB18AA62DAC7958015D488E60F2DE4B3
                SHA1:A24766952BAC09929AE96C74FA5BC28195AC8DF8
                SHA-256:0FE5D5DE66F86ACA35776FB70BCF0E1A6FAEFC490BE9F018835056119CD4A850
                SHA-512:D50D39BFAE25257B6FEA029681416A532BC34C8B5EBAE07925826D4CCC22E940FB013ABFA6E66617B0A080F6E1DB9AF26D9304FCE48E4BDFE17C51088D694F72
                Malicious:false
                Preview:....$z.WM.G..Z...Q/...P..^ev"fd]...}YB@...e^.....I.....".J..k.yh..E4.VE.x1...F..V^.t.]....5......Um.$...@f.1Zz....c..w..a......5.....5.\.y4OA..P.]......a..J.y0-..?..w...._........GJ. ..,:w.,......d.*su.*. +/....`....V.}...3z+bj....v..]....}.Q.F..B..$Q.1..T..G..p.&.I.K9..F.._.*[.,....5#^.s.E..>..OFaw..v.BN..f..)........,;X.;.=....d........`..#0....^...o.R...~..#.....#7...UDA...`.pg....../._...5..?....1.D...]...R.....F..?.m.Vf........KJ.5.....Z{Rs..).S..3!...vc.1.".k$........L}...P."}.......\5.>.y.h.....u..[w......U..M....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1197
                Entropy (8bit):6.936160697801039
                Encrypted:false
                SSDEEP:24:WpRuMyRR84Nl50iI/EZVZjH0TH9O5Ye+QUiln4V:EsMyRv50iIwVZDNEBiV4V
                MD5:89F538D7DA18E1E6B4849DBF3EF1A00E
                SHA1:C6E26E60F53054A87277523007B8CB22A23657AE
                SHA-256:32928872FAE0F38CDB95C27671100455F5988865FFB5EC59CF2A84DB8E7489B4
                SHA-512:00864F287EA04ADAD6394DB7E872AAF51C00A8FEAC737D2F736E8BE74182B7CAA329F1CE86D7965D551F6A663A63299D200371AD7F1826E557B8E534B24A74C8
                Malicious:false
                Preview:...........f...).J...j0..k...pk.i...|.'D.nQ.._..."...0.XC.....|PPz?./8..!..3 ..7X..Ud.-...G.1.h....\Y..6..v.)...O....9...y..r.&.q..P.._.*.R...PB6.mY......z....Q8.N&.&bh...S..k<..i"j.3.s..I../.w..KW%...`.b.?9..Y.Y).l..........-......=.7.0E.>.9.&...lX...._&...fyFY..'+G....t.t..J..o..vH}%.s.|..n.$.x...N...s.....Yu..U..}..9..<.....G.(.....Q./W.{...t....v..T..F......U...m.....4)6e.jo..?..1.F'A......hg...6K..`P.:]....ThZ...[...!.................h..............ZK>..:...^...3..Z/D.E..wU.*Q.&...2x3..{.fz.V....b...k.nff./..=.6]a.Ee...y...(<.......n...t.. .0...YC.F`...<xPN.|........}...&.Oo W....(.O&....._.p."W.).v....Nua....,...}...BP.1X..../.I.t....x.....B460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2179
                Entropy (8bit):7.587089431568584
                Encrypted:false
                SSDEEP:48:f4gTOWP/DtOhFB3cimYtxCDL7wsuSzSVZDNEBiV4V:flNt4B3XTUcEKeBiV4V
                MD5:6F2E38E5971F8BDEA29CF7954B41AE79
                SHA1:BD7F5BFADA11279079DE0E8CB0B7D5998A6DF31E
                SHA-256:9260D8D17D27C68D252C4E76FC5104F569A241BB3F6DBCC85F7EC9C40BC40E7A
                SHA-512:411F5564AC33FEE47805C571BC6519A902E7CAA1AE3EF5C1ACEFEF7809A5A5008AA63B023EE03521EF53FDF0E03E35E70CEE0BE6EC4ED52AEA9FC13F044389D7
                Malicious:false
                Preview:h..6<.37OgpK.../......Y3".H..k\.XEB}...lv. ...C....Db.....W.$..(?................+.x.|PqY.E.A.u..ZY3[.9.Q...w..$.b..'...a?........loU..b:;.C:m.4.|;.{......4....x..#....&v.......bN..ps..J.|.8~65..%.....%.?D8...-U..SW..w.C.d...r.I.)a......+..=#...c"...7.7..<.......S........j..V.u....'..v7...5....8$....i\..B....+.y.l.6)..M...Y....j....X6o.}..|..f.2..`....k...^Qf..Ru...T..AtSX......q..E.Rc%..}.).A...D...n...Es...V.#J4.....u..!8..$.. .V......IW...C.v...N..........K..N.7.G.w..g.].(..#.....Hy..".....NF..]......M.o[.qJ.R..+...(...%<..,.yr1.....uf.._.^...i`.&.?........7i_.s.0.=0...J......t.1.......-o....sg.T..2..2=....x{.o......C.._SP..w%....I...i...X.+1^-?...}.&...O..2...;.{...>{-.TFf..;r.(..$I.4aE]....t.)u.`P.!.....s?..!.:WU..U..$:.?.A5_K...8VQ..?.1._..q.o...5.I.{l....I;0~.;.MJ....r@.o.Z.jX..$4...8......%x.....\..4..'W....z|S.}.s.....7O..8......<.).V.....m.8d.H....v......../.dE..x9qs2...p.XH.....]|...Db.&..:.......\R.........`.i8k.Eg.3!..cG*..;...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.901252976700034
                Encrypted:false
                SSDEEP:12:CUMOci39JhJmw/MZWQZjQtpao9xH/BxH9O5Vs82e+QUXSlM22Xz5r:CUx7391mw/MZVZjH0TH9O5Ye+QUiln4V
                MD5:4D0DDEDE75AF1C7A3073E4CC0B816229
                SHA1:B35F7006EEB029CCF8CE690E37F3DB4FDFB6D9CD
                SHA-256:701C4B777D64982C79424C2FE0528FB424221E8D01DEE6A944A566E7B86D5F34
                SHA-512:4A10BC9F576495C1D43E71C05BBF76EB092034E633EA8D2BD59BCFD0443873975A13041825BF5C5F47675BEBAB2BD0CA0F5A35FBC1061E0D678800A53E2012A9
                Malicious:false
                Preview:.G....a.~......a..r}U.........}.\,.&6.f.......C......9.k.B.c..t1B-.f.X_Y...-.8..}..I..R.5.F[...6.;.}[..].I.0n..b..PtI...Z.....d+c.Jh...F..HJ.nWsU.._i2..H.4.O.X.M,k..N...R.......&.9.E...z....$f...X.{.......vQ:S.f...>......XU/.....'G."....... ._..-(PW^?...v.a.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\0__HotSpot.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):816
                Entropy (8bit):6.076085178164504
                Encrypted:false
                SSDEEP:24:7WMzY9LjPMALHZVZjH0TH9O5Ye+QUiln4V:7WM05BVZDNEBiV4V
                MD5:DC75B4F34920ECBDBC0509FC5E82A164
                SHA1:4BD5CF7ECFD793B82BC7D9E5281E8E224CDD8DDB
                SHA-256:B85EEFF6E82742F93367D72D8982C8E4D40874951865A608DDF508804E9176A3
                SHA-512:9B2BAB91BB4B50EA8FC169212971994E7FBE059E6B5EEE10F494C03ACCD57CF9634A1F263C2B67794ACF4FB426511F8703A7E2163092DDD0A5E5049697D341C3
                Malicious:false
                Preview:u..\Qb/..(.+....i%b.......j....N..M..Jh..'....E].e..(.8..C..uhg.2..M...V.nZOi. ..'.`...7.O'l..X.M...<:K.jZ......g.-...Ph...&.v,.`..X..t..t.._....V.D<.... k...I...|..6.r....D...[..K.I\we.>..[.,...hes..(5.x..Rj9]...5w_..p..$.;&G.%*..Jb.....o..PS.....rq. u.N..O.yh].7.-.....$....5.E...\jh!460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\100__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1235
                Entropy (8bit):6.994370212280972
                Encrypted:false
                SSDEEP:24:g8xzZ0Km/8wySi0G/WzyJHSZJPVqJrZVZjH0TH9O5Ye+QUiln4V:gyzZ0N89SQuOFSEzVZDNEBiV4V
                MD5:49010722E495384F4973BE56A1EA20E4
                SHA1:6611824AEB0FA0A605374EC377E707A4F89F3022
                SHA-256:BB65C681DFF1424B1D7C8B1D414C833478EE68F57A49B3AACD88F359A47D755B
                SHA-512:CA07D5DC11E38B243AEDC20235D922DC5106899F19F43E9F5350241698B63856B1EB5BF7FB398581828C8A8BDF520A730268578E74598A6AB6F64DC4C785DA9C
                Malicious:false
                Preview:....w.4#..p.f..5..^ ......&......De.X. ^...3JA.".......U.'....K{..z../s..4..$..L.......t....+.g..*..E.G+,..$..r...a......Z.s|...$9...e.....)..~.E..-....h.:uE...'$r..@...hq.$^.r...I}m.O..}|8m...l...t_x...5.....h...U.d}%K..5...dE.:...jh.]....y.....V..%..q@.....N.%m<.?))B.{EjN.(C.-`.....Eo...2..!.<i.N]...t.Wd7..,....s...&1...k.@..1.a...2..`..h.7.N..M...u..#...I.....^..`..re..V...t..`.y.d.I.I.&F.....m..;.N.i.:i'...QF,;..u.0..;..w;.....m.6.......N... .._.-Y.....4...=.V.1...8...-..N.Q..xPG-..#.....zo..F]...4.Zl....4.u\...T;.k..kO...R..0..G.%u....c..2.......eS....".....j'...K....={.n....L.AM..v......$h.../..\..L.SF........?s..'[..EX5..d..`...WlCy.x|..<z......XD.uV..`.b.lR..A.d........d.T.~460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2feb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\101__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.758243094508521
                Encrypted:false
                SSDEEP:24:eJlGch5uiWd11mcuUlcFHizO9ZVZjH0TH9O5Ye+QUiln4V:+ME5JTUlkHizOTVZDNEBiV4V
                MD5:1D1841AA2D21BBB0CD908DD39B39B35D
                SHA1:AB4E61D9AA9B049B7674A8B76EE121FBD9A3F172
                SHA-256:2C6606EEB35A3A1DBCCAB5C1C8072B1365B19C6A90EFF838F043844517BD9A2D
                SHA-512:3B25F8A3EDAFADA7C0A46E3826A0DBDA9BF08A7EAF4306024540BDE0E68C5B2F646C5C88C72BED2899122885C0A84ECC82D9944CEE7360F1FCBB53F23D05C6B8
                Malicious:false
                Preview:..M.W......gG;.f..0.3I.?.?N..9.9#.......m$pg..KK.i...Yz.L. ....}.s.[.cVz.i.. ..(..v..._...6).u...d..8..,...^...<8.:(J.$.*............Q.2.....J.L7......}61....q.(.B..5..+..i1|....":......bS.S.....F.r.m..%...s.....&...|5@....g.\.#.M.i..q6..Q.L(...<z.........U..#d..^I.....o.|.x%&.h.z.9Z..z........'*..A.........b..f.`.A.#E{@.P.D{..%?...ht...}.....d..u...:>..m.4..iq.6(eJ.;.w...R.....&....t...2....V...O....k:...72...g.=....NrgEwB;|f=..Iu...O.o95...4....(0.$.} ...E(;R...d.u.M.......,..............9..k..."Ew....H..I....uD.D).Ss..@.*..m%.....l.(...!9.S...!L..%...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\102__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.673488097006094
                Encrypted:false
                SSDEEP:24:FBK9JYmffZhIaMk95W8NLY7p09iZVZjH0TH9O5Ye+QUiln4V:FE5phMmLY74yVZDNEBiV4V
                MD5:1F097DCF0337324CD04581DF6FE761B1
                SHA1:1F2296C56CEED2C0CE22F79C3844EF9CABC1DD5F
                SHA-256:3CA9C8FAAEED412192AF97AAC9B8A5539A420D30374EF2BAC46B2EDE5002896E
                SHA-512:06EC2AEE41CD8C6BA6DA2DC61F543FF64C3E5D6B4C6A955D552FE8F607947D2490DC41265E60BFB293A503F2A6FE97612F535E515258F0E2F7EFF90B5A419925
                Malicious:false
                Preview:^u...k.U{...)7K..|#..).8........rs...F....._@%R6y..I.3.`.q..0|...mt....`.d{4..!.......b....38I.in.......y............0..Jvi..>V^..e.<3)..`.....z.j3...T.._..$C..Y%\@.@P....Saa0..L=...`2.\....k.....;.....[.V.@B..&eR...Lco.q$.....I..g;f..Q..E...-l%rq..r.n_./L."..C!..E.,....s..*.a..)..%1.>.U.....(..d.u.x!Zvc..Ks.>....$ F..W!...r+`...".Q...D!!.d....t..\..._.:J=.S....V..2In..y....}..^..<a.......?..iZ9....GE.V.|...y.v..C.^.Y....d..#.............mS.......~m}x.~...f!../.SY.(.8..F=.._..G....@.@.l.....A]OsG460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\103__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):967
                Entropy (8bit):6.557495064795296
                Encrypted:false
                SSDEEP:24:IzpGirPqQPOuLlacC9zibifdkZVZjH0TH9O5Ye+QUiln4V:IltrSQPvccoieF4VZDNEBiV4V
                MD5:F2DB992554891C39210473803DA42F6D
                SHA1:63DDFE394C84F3B425338A8DAC051E39C77218BB
                SHA-256:963C6FF1172F2B79C71B13467227985F44ACAF1D103FDC375313F010BF0D3159
                SHA-512:ABE1DE116FCBD3FA276874EE796144C4284662EF0765212F7BF161169D722E0F994E453E6A0D38B8BE9A372499DD022DAD8E2A146732B681C765D692648E42A4
                Malicious:false
                Preview:...>>..DZ.....w.anD.F..y..D...T.....l.._..r....M..9V_....8....1.N.G....R..a..WN.o.......:1..Pk?z.GGQ......+x.......y...].c..T.L".d.,Z.......q....0...g|....fgBF.R.R.......U.SK.'...U.D.)...<..`...^.E~s......./J.os.r/Z./.~..pC..c\...........=~R.L..Q..<...5...'....;'..)..j..d`...]mA.u..YH8..).9......'..C.T.....%=...6.....h......b[.fL1b.._i"3..ng....)-S.v..]..%...Gh..;m.}.v:...;CL..N..q..k!.@...n...I...3......U..S'...GcW{..)R460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\104__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1783
                Entropy (8bit):7.456716653396949
                Encrypted:false
                SSDEEP:48:j4qgOasMUv5FT21o1b0a5jurYx6lPrVZDNEBiV4V:jXEUBF0o1bp5jF6VreBiV4V
                MD5:B589F156B2983A2EF5BD71BE8D4022BB
                SHA1:CA760D35ED47436177377A893B6AB01DA905C5A6
                SHA-256:4659F1213C6BCCCE58E89FFEE6B6EA343ADFF836B191F6A0382D46BD4824AE86
                SHA-512:E3C6BB03AD0D87FBE00C06DCC1F923CFE25DE390695EC47EF97BF3FE0B6A2E404E723A5C6B1ABF932E47F114D867AB29BCB32B46A6BFE7E7AFBB0A976979B58A
                Malicious:false
                Preview:.*.u.DUj..:..5...Z......<...p@.p....".R....g..p.....<.I.zW.a.......I...AI.f.Z.jW.m...pHmLJ..y.......7.....p...S..J-.7.e..))6Z.6.T'..ZdiO2..A......=k.*!M.....S.4-.r..Xn...,...L...m.kX.?z.NO.1<.1baY>J .u..VtB).....u|...9~{..GQqO.......I*VM..\[...'...~.<[....../^...2.}.k.VN!.t..E...x..k.v...d.R:.a...&n..Wj.S).X6.(U:..G..}.._!H.Z_....|y....j..)+e....r.....H.d`T!.R...O."\.8.f..c....m}.....y..DE.;.xs\.Yr.A.JR..pw.._y.Z."Z..t....6...Z.TL.,......j8a..*..@V....y..Kt5-....i..ySQ..9.Oi.d...d....#.8..*(^..U:%[...C...7,.x.=#P5...X.......W{...M...Pb.Q.:.9.....;..\......j.A.f.h..D...Z......?.N.~KI..&....q...;.Q.e..QZ<..fA.~..,.`0....]Y.D.._a...n...9....)+]I..D..,....B4G;?.,8....b..E...s..s.`....J.S.....,.G...-.Qi$3..h..'.CY.!........$..q...\.G...../..#^.!.XK..}..)>....)...>.u.....C.4...v....Y....o.....I^.A.,.....|(.q. ~.[....Y......I.#p......"....U..o.y...:....p0.......{O..H.%Dl0.\Q..#C....L..%..R.......Uf.....l.....qAf..p..|...T.Ly....w7.4u!\-....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\105__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.949220955351414
                Encrypted:false
                SSDEEP:24:B63UiwwIbcx/p9LUaJkcQTCq1JHSb6/ZVZjH0TH9O5Ye+QUiln4V:B6GO/p9Q8kcXqLAyVZDNEBiV4V
                MD5:DB7B6C9007A9EA8FA1DC34D886C8A0F6
                SHA1:E077C690F9C0C56A0B930AB56BF80D4D921E8400
                SHA-256:C9E599A93B45A23A68EF98BC8AFEA581BA5F2E6C080243D301EF26D6BA9E644A
                SHA-512:90B74AAC9430640A7152D3DE010428056D1B57BB9FBE46AAC9FC2F7DE32D05ABD610B7F29A864BD4E730A2CD9F3D3C4CEB4A9ACC364B0569A9DF58899D2E9966
                Malicious:false
                Preview:..._o.......Y.'../........./......^2..g-(..,.Jo..[...r.,2.rs...$x."f.6L.8.<..Y....DXK.6-O.!.....:..t.n.7E...K...`d.../.....=.O-.P].@....8b...VA..6.s.s..0.U.)...l..hF.GW....|.._.q.)z...i(..`.Y...h.R.P..{.*.A..Fc2....@...l..................ez....TJ$...0.\q...n..H...[J.._Y..3b..J.a.2...G....yg...c6^.....2..oF..T..H.:.fr..z..$.Fj{k6....v.A....A.1.O.]V....H...=...d9r..3.\(.:.......P.s.^..F......H...+.4.j...d...n].5..!.....>.......%@.........>.yQ.'g!T:.[.4.Wb. ......W..>we5.Q...h.y.8..c.....g.....8/...>n.~0.H...m....3eJG..A..uTOZ%..}.J$.9.A.....J..TD@gl....M..p.Q.A..|.JA..G..Ia..r.p...i%.k.9...{.]...J@.8.Kw..m....L7y.g..\...L..T{._......su.Z.3....[oQ...nf..o!..........OtR..s6.&460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\106__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1268
                Entropy (8bit):7.040179649069668
                Encrypted:false
                SSDEEP:24:n1kZQ6Wt+2wu9EYrUuu4Qc4LBM85qmkvYewQieLQ0zZFgzZVZjH0TH9O5Ye+QUio:n1cWtZXrzaRkvyBsQ09FgdVZDNEBiV4V
                MD5:15304FC97544DF7CBC887E475BFC9877
                SHA1:135C691B5FD6B7FF672B959E20DD3A1B9F731BCE
                SHA-256:C08F9927132B0823A38A6A12D475E2216537E6DCE63887DC024BFA16643B6429
                SHA-512:DCE1A688E2FADBC0788F2C22F0332D6BB0FC06A62711F9C9F64FA2AD0AA47E4BEE3F7041F33878CAB1DAA0B21E5C5B80C563A80071BDF42EE6C82170CA88D261
                Malicious:false
                Preview:p...g?.....8b..N.R..%.}..r+y..#3...!....n.C.).n ...@.t....U=s.;NI.W$.`=.z.?m1.KD\.i..<..s.....9,{./b.L..GR.S.#.=...2.lbE...`.X..>...fO_..)l.-.2<..".T......wq]......4.o1...#a.....C.lTu0.I..g.We.......&.yA,..X.LBt.u:..../..p~.~.e.x.....m..F...E.$.`~.]|.<..o............8.t'X...'..'E.(r.(..^]f/..Q...F.q7.].%......X.. ..-./.^.q...cY.....).t.0G...e.^.d.....0..Q.>.....M.-)..A....0..C.F.N..m..@>....1...o8.J.aBtzt-..z...,..:BI....h.........B.Y.../..E...@|..".&.V.Q...;..@......3*lq[.J|....2^.t.TmU@.....:..)9*..!.......q........&AO.G.W...............ZM[....T.ko.0..0...QV...]..3..Pm..cG${..!g.k..-.[..*.O.#..C...P..VO.5.Yk.C4._J...E_.W.........$...!..4.N..,....#...A..F....I.F....O..u....rY..q\d..UMC.5..reY.:*.w%....,..p..>-6<.nv460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\107__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.760367174690659
                Encrypted:false
                SSDEEP:24:szNJh7s4vPB5jh69HxekTO+ZVZjH0TH9O5Ye+QUiln4V:odE9fT/VZDNEBiV4V
                MD5:55570116C9B43DAE3763D6E7F3FE5B15
                SHA1:822A9D703F1E47F32C27677BDDAD739CC72CDA34
                SHA-256:7ECD3ED774AA74158A6993B07293CD2D07AA26A50EF2F1DDEFF283AB2ED895CE
                SHA-512:FE5E2EDEE2554DA5315C93BA0C5678C6190A1D372FD5F009CF3221E417CAA418F2780322A02C0569E0DD2573185D5B1A710BFC18CAC85D966D293CDA909268D1
                Malicious:false
                Preview:..........xl........$.../_.......3?x+...<..t..EY..4.#.(....o91y..0.n............,..og...1b....Y7...NF=......F.7@G.W.@.yz.oI......y..[c...Wk...Q.W.8u...~j....c..w......X..4..q5..7.VS.&. ....x\.....J:...I.=[...2.m..d..P.z....A..\J$=....T.d..y.!s.k.p..<_V.=.f'.Cn}fo.FR~...]V.:.....(.K.s..o...^0!...5....d".R..Eh3}..Ns.a......d...D4.#.. .,.w....[... .n4J...... ....:..2Pf..+h...z.s...r..Ik.s.....|.[rI.ptx...M(...b.V......+x.t...v......o...%E#.E.. nq.=...w5.-...h.DI...I=;8].tC?Y.f...K~..... .....J.(.........r.j.......ONo.4...^-..?...J.;.lz.X.k...e.k2.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\108__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.708863648223279
                Encrypted:false
                SSDEEP:24:Qd+sAoGpktZXhmWgmGgb5u3xZVZjH0TH9O5Ye+QUiln4V:K+sAgt4mGgb5u3fVZDNEBiV4V
                MD5:1FC102079C43A8454C7CEA747583F4E8
                SHA1:8422AF59A6D4E654125ED6475BBDF4BBC7716A18
                SHA-256:8B0495A95F64B0341D10BFB523685B34B3F1A135F05C27C7094E52E8F1892412
                SHA-512:44F218CD4D44923C8618852E3235052EBBE04E8579D2D21C4A0ACEC2A76A1AC9E2BF85529F18111315175911B8134F640FEE47F69C1EB8579D9470B07CA03123
                Malicious:false
                Preview:Y.x...M.......c..)#.<./:.:. 2....z=...(..f..i.K.u.%.+.J'/C.J@v...s....\bp...{..s..?h.b..u.....^.s....(a....3....>.8..|.g..<.*.;.$B......o.Q.....t...p.\,.."..N.J.....@L....j"..u......q.(H.x...F}.o...f.Fw.].>.L..Gr.....K...En..%[..H.........&.;%.v.b...Mm}.{.M.t....T..../.x.*.H.#..v7....K}.0.V.n8.HQo:.b.$........4...K...b../...........J.q..?j..`4..ux.O....b_X.?.b..U.....g......nD...I8.o.w.....}F...8..f(>../.....DA...h.}.?..u:..@.`.u92....Fa ...]......i.m..WWP...Q.rif.............T.......L...."460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\109__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.456605283694499
                Encrypted:false
                SSDEEP:24:9Zz/jzTV68ZIpLkDf8GnhZVZjH0TH9O5Ye+QUiln4V:9hTvjT8GnPVZDNEBiV4V
                MD5:68D7D116D148804912C738264E6AC74B
                SHA1:2C6C8BEB7718517395F0C12E7EDF4B60443E062F
                SHA-256:0B5754E2D4D17E154A16C638C216D8A46D62442EA0FF2665E2C92C79ED190600
                SHA-512:DBBB056796ACF7155968254114CC75BEAA79EB125D9D40C3BC4F433DDB35B0A0E45385B5331829685BBFC03B12806A72BAC458F204FED8B732E321D4E49EB7AB
                Malicious:false
                Preview:8..'U...`.v(..e...C1N#..&P,CQ6..p-.T...1`.g8....4N}.S..a.+.i.4.|.i(.f.E.O....=*.2f...Y.8n..@U...0.{..F/.C..A../.`|..E.X.8...+Q.).3....!..Y......|.q.B..Q.....z...@...5.-...;.May..s.wr..."....eg.#....=....X...P{..wG.....!.;H.m.`...+.$.-........0Qg}:oB..2....0O.]}..Xb.;U..OC.8..Y........*...y..V#.X\$.h.o.....b.Q.A4.Xg....yFG. pUG-..s.>.-..S.L...D.I.v.4....|.....V.g[..U.....X.=O..L...}.utb.=?{"....P.>kH....(. ....J7Zp.].=..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\10__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.968905601139881
                Encrypted:false
                SSDEEP:24:u9lHBP+r2ZxeQylSDMX8Ndm5NAPmKuMZVZjH0TH9O5Ye+QUiln4V:AlRtPeQyQMse5NRQVZDNEBiV4V
                MD5:F8DFD1D4D6F0393AE0EE428BE79F466A
                SHA1:7844834D918A2D32CFA5EBF1CC7343FAB72B6E47
                SHA-256:33B0CFE0DFAB75219B8EE99FE8141B527FC3BA700D38D09CF411D817BBAE3796
                SHA-512:D380C52A23C36FA7A955696A251ADB9DD2A5B029F119D211528D62775CFE1B266B01A6DE70114ADC36EE3864187DDEE8811C069CC7C6554040DE14EDBBB65007
                Malicious:false
                Preview:X@E9..q..y..J..=......p/..).r..3..N...Xn,.=.+hf...:.N.......;..aC......d7..x.p..8D.x7..........z..._G.g..59..D.q.....w..l.a...z.z.C.Dw;.6. .N..b.&......?..j...Pg@.go..@.i.i......An..&.....>4.....x..T...l.v...m.bTP.H.$eA.T...?....Wp.....O...d.E.......2).b..M,J;.'........J..G....".mr.t.*r....Z.)....e...E......qy. ./..J........\5......c....A.Y..g.p.Q....e.....%.>...-..~..#..M.3.-..GL. 7..E.q..Q...%.6.,..FU.&..=7..-..#.XIM.<._2E.e.l.{ZC.v.......$.=8...2.+2.....%..5f!F...,.]."....$..hUU5hS8.|.T.G587..L(.O..{;...vE..~.....O.1.Ry.;..a.n...d....X..+1g.,..X..+#.Hk.@.S..f.Ow...."..{...{...........+.dV&..Y.~'.*.....7..)..|.xB..:#l7.....eL<..W.vt........M.~.c.Ow.vWi..C..?..>F.....jL5..c460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\110__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):7.008009996153627
                Encrypted:false
                SSDEEP:24:QJXKZ32XvGYARHP+O9xLToXBEMc9YbEEZVZjH0TH9O5Ye+QUiln4V:4XH+Y2TxLToXWLJYVZDNEBiV4V
                MD5:F311BE645A5DEABB59AF99F234EA2CFB
                SHA1:4A227F2D7D8A9F0344559727747B9F1EF11CB0CE
                SHA-256:153BFE1DA0DED27028B10CF0210C3A976A36B760924D1FDB2C5D0E8D9A9D6247
                SHA-512:E64E9B357B3E6FE1BBC6F98CCD9B54003F107F5984B3014EC23C3D067B1766E4E8E3A37FF6D253B39B95AE2207A1E19FAC552B3F8CDB89E25AB800E927952D02
                Malicious:false
                Preview:K...}...M<.=.f"R..4-......vk...._+.Q....b.L]\..},..r......}1.'...S.z.H........S.=.....v.z...P..~.<.....X.d.Q+..../...:.C..x...^.Y....n.....`.1.Hxp`.51..x.![..V.O..:....<Q...:.S.D5.....^P...7h'...H...P...V..E1....T+..D...i.z.......3.%b[E...k..TH..../.@...JrW.\.G.Z..*?..Z...r.......k..I..64`..od....x.X..m,...%...k.D6...}F...uL..n...41.{tQl.&v......e{....k.........=..y....,.:.6&.....2. Eb..{@..A.>I.,C..tuE.]S..L..."~..4.j|.pO..}R`..NP.@..?.I3.rU..#.^,.U>.&..7...P..Z?..Ry.o..x.MQ..5.=.<..T@t.oC...e;H..Ce!.(/>+.f}..t...*....]...i.k.....@c..l....O<k...D+.M.qcq.X......m.....M6....C>.:nh.3...,qA._$'.".r..k.&....dfR/.21@....;..JAl4<.......w~P*.XA.%d.|.L_...?.....[....^.4.&......x...V.XiY.{.p.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\111__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):971
                Entropy (8bit):6.475162477335369
                Encrypted:false
                SSDEEP:24:FQJ2BMhxakf8fsiRNPmZVZjH0TH9O5Ye+QUiln4V:FQYBwxabf1PPuVZDNEBiV4V
                MD5:00BA9A15CAD0F6AD80B04E6EE7CBEE2C
                SHA1:06872778DE4271EE051C18C413FCBD280F048923
                SHA-256:EF229CD00DDAD37AAA95C321F4DD9149772D3BBB568587688CB70816193722CF
                SHA-512:99D02133295B057BA2360F59A856050687658CB9B4B9312E4B94285CFCF0E1DA347BEA5584476A7904685E3D81DAB971342F181DA753860768D21721CD1D3436
                Malicious:false
                Preview:...a:3D\.+.._.w.O:..-....74..a..@0n0..h}5tr<...90e*"U..>.....vK.]...%..a........>.....I..e.Z.3.....m%.X..-:.6.=.Bw.D~..l.\..... ..OG,"EGR.x.u......#.y.d...\.......n.9.M3=n.....5...o....N..?.H..{a`S.~k.t6^.F....3..{4.OO.E...7..T..GT.2Z.....Xt.A.....yg.jc.J.~...5k.1.dXG..o......&z..[.ec]t.'F......[.#XD.....R.P.CP.........c.\......G@.....x./>.bE./..,cE.W..Zz........m...*.)3"....^.F.l....[O......F&.......G..iq.........X.%...c....v9..U..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\112__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2847
                Entropy (8bit):7.709939790662401
                Encrypted:false
                SSDEEP:48:Tcv2XVfE/k9rcd10gfWbzULbDF7m7mxQVtS24EBcHHkbuP8noNxWgca6vWIb1VZG:Yv2XVfB900gf9TFq7mxQV8eurNzB6eIw
                MD5:484D0F1192744914A8D6885F5FC4DA9E
                SHA1:0242730725464CB8A047F595BDCFC41E0779B8AB
                SHA-256:F6D25889C20375CADAE57376513A97C0914319102707D9348E0F62C47764E639
                SHA-512:7CE515317F28F15BE34D707FCACEC3513DE99708DA7301726B355908BDCB637863A3907A56D2A016352833255D1DAC85672A20FB07038FBE4B11EC4DE1143C4B
                Malicious:false
                Preview:ZR:.B...4....A...<]o.|.TpZ....1ls.b.y...0.7.Yy.%0b..4.V....V7| $.....Bb..n.2..O....]..b.Y....65.!..3P3..bo.f,`.6v.v..7.c..:LX..K..q.e}C.."..%.e.#\w.<.:.[.-]...7..?...S.R.z3w..DG.$X.1...PO.A.[.._D.T........K.#@.....R.X..\.O:..".!B'#...n.<..6.y..eX\...T2..Q..).n....f.3....9........j|l...!._p....Rpk.AQ=v.)O..^.Nt..+.K....P..*.}...~.X...`..jH._..]Y..$.S.D.......E.-._.r0.s).;.{...&..#....~..~.....U..aL...4.....x'~3..5.w8..xt...H.......O.@.)w.j..G.tG:[u*g<.+...le[<R6.`B...:.@.O~.t.9j..l T.U..U...q.x..=.F..aH..%=`...\..~;.R..b.#B......Ml].....(4..."..9... >....sk..V. ..5.-I.....r}.._.kG1.s.X...!"j&....:.....N..Z(.g4=>0./...s.@.M`m."..J..t/|.F..+d..}....h.0...kY....uN..m....i._..N.w.L.8...............[GH..E...+s.a..Z...<{.+.|. ...pT|>.71 .L.L0...)..g./.....V..dN.@.(....p...=|1.6}wwHRB.]w..z.-.O..m..T..jG}7Ij..~f_..e.~.j..........M..=...sc......^....(;W'n(..yx#.<)...G.m....1PK....?..'!.>..7$.^...X)^:..\.>.v..!....MP9....S../Y)1.l.d.L8._.+N(1.pg

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\113__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1165
                Entropy (8bit):6.885036327203583
                Encrypted:false
                SSDEEP:24:XIKnpbHKqcneMXvft/k9D1npvU9wmQ0jFtVP5ZVZjH0TH9O5Ye+QUiln4V:XIKlHKqr01k9PM9vQ6t13VZDNEBiV4V
                MD5:8A272A9522D03CE4C1EEA9CB8EB5B239
                SHA1:EB92AD80CAD0C7D8C4A2BF09A8C6D725A44197C3
                SHA-256:E7F9FC162DCB1B4DCEBFF0DC68977336C33BC3CC09BFACA4137F5969951172B1
                SHA-512:D4A2A06865D5A096D3E6E40EACCBCE5A440D7B3849E1545221C2A41B48276112EA7C277315E3D07CAAB0EF687A4F31BDE37A4E8EB6C5EA2D1BB5D66AA6DF9A0B
                Malicious:false
                Preview:...m..@w......s..J$.8..4.vW./?....n.0...].=..K\ ....p....x.ii.F....\L......2.....>..J5{....._Y..C......Q...n.-...} l.._.S.f.va&..E%b.p.Z9.=..W....1.Doc.qmV...jM....TU.?.^g\2...."..}>.#.'f.8f.....#.z..A......L...g.U..B.t...?E../.T....G}$..Z...Gw.$..ob.......^..e.T|.n..}...Ec....$".."...C..4&..V.&S. .<.J].5..>.Q.[..?.)`B.._t..q.......N....G..HQ.......fc..[.P!F..e..^..@..."z...\8....q.ZP....p%...."?.`..=...qI..t.<.&#..>.!*.....M.....S....9.6.U.k.{....R_..66n...Aj.6l$"..w0.E.g...<.>..o...c.....V.E...I.;(.K.Z..=.H:^Ww.Q.[.Y..H.>.r...(y..$..1....Ov....h.0........H.o.^..UU..b.Er.....G....DS..w......?j#t-b..#..vD..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\114__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.9756848313090005
                Encrypted:false
                SSDEEP:24:UGx+O1vLflu4TPfj2uNURMUfvZVZjH0TH9O5Ye+QUiln4V:UGxn1v784DaxRMUfRVZDNEBiV4V
                MD5:707DA6CEA5AE1914E759E9A548EFDA6F
                SHA1:B56EA6F37158DA048A354D1C8DE7754EFB794314
                SHA-256:6F2D48F61C1CC4558554962AC2690DF6B6132D482A0BCD815332620D89A2DEF0
                SHA-512:BD0503E5B17079A7DF057170F5844ADE3CAC1742F75D4EFF0305A2677260E360C8ADDED164CCC8F29A05545AE4DC589FDB835BAB213A93BC6B05B5518BACDEBD
                Malicious:false
                Preview:.z...gp.7.F.i.....b..X....Q....e..4x.1.j.).G(t/......N......n.tWrQGU.P.DmPf.x'.....E.'......Qsg.G.........N{.J.c...q.p.N..j.xm....3..?..;o.I..]....A...^.w..<.mK..%:.O~8...t.BG&!,.Ze...J..j<.\Z..@...z.)..(...4.C..>..w`.....9G.YM.N..jQ(y.....B..>...<...<U...W.....y...u....../v...cq....15.n..T:r.Q~%...y...F.`@.O6.Zv.x!.L=...Vi..w..2E.v..k.~..k.a(.BHF....h.4g.Y.bl.J....1./..e c?."...+....,&cy4i..^.yt.DX....5..hes..Wfbft....V.vY.m).h.q.H;N^..f_{P.................>..(......4...R.A...`...<.<.].'\....Pt..+.m.....m.w.(.......egY.....B.........N+..y`RQ..H...kF.....E..9..K..h....#O.7?...Q...../^#.a.\..-P.t...) .-u.<.o....3....;..k....,...n.....nc.O...3.[........(/.1'.r..7.p.V460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\115__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.814100829572077
                Encrypted:false
                SSDEEP:24:Xm9eOLNRbiTe8rw4gS97xEutYX8vDzPMg0GZVZjH0TH9O5Ye+QUiln4V:XQeOLHZ8rR1BbtYX8vjVZDNEBiV4V
                MD5:A60E0B531DCA622FF2112F22FAEE143D
                SHA1:5185DE834A1237C2913B0F3652B47433A0AEDF28
                SHA-256:C1746664926B32BCA84D60B4EF7F981FA9FEC0FABB6F98A01E23571D1FA688E9
                SHA-512:15877FBCB8EBF4AAB72E5A9595FC1F3BA10C4343EA635645072177D80D632916D2A3DEBD681F3A954AD8AA413EE36B926249AD71361F25674359E9DF6CD26C6E
                Malicious:false
                Preview:J\w.......|$"..........+.\.U$.6._.....'a4<.`dc9..l.%[.EZU#..V.5...j.8....4..fZ.C...C"......3.z....o.'..|!...x.UF....~...C.:..v..d.V`'......w5...V{...1&........2NF..b..L...&..:.H.s.2x.L....5G.VC2~3..Tm:..4../...w..Y;....5.4.....@..e.....W.......$.v.}\..Y....,....IAy..}..mlRW.U.A.h.....$..}(Ay...b.=.:T. ;c c....J%:....l...c.@..w....'.m5izD...Q5.\qI}p.(..yG.T.+.8q9..[..Z...N.;.0+.T../F..:f.y.?.....Y.`. sB.p..Q_9.^.f.%..a.]2.'7Z...D..P8...I/.J......N4,/......F.4.../.j.{g.w..[.W.E|..d:9~}[.NIY5.&-.3......z<.V.......R&x.:Oj&.4.Q]N.%8..L.fM.\..y>c...O.@...Gkf0j....C#....JZ.C....:r$Nr!.eE...PF].L`.%`.. ..R:wR.:0....:.")b....].460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\116__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1176
                Entropy (8bit):6.891584682128642
                Encrypted:false
                SSDEEP:24:7k9cQw8KW1isIHwOfHnNpLZVZjH0TH9O5Ye+QUiln4V:5rE1isIQsnFVZDNEBiV4V
                MD5:3072D161C01103AF44D73C13BA003CE3
                SHA1:091BA54608CF2D4B2EC1B1C54BACC66457F0D027
                SHA-256:4987D50F3BAD94AFB78E341FEDC742B50D36372FC343312D47FC9437731D779B
                SHA-512:736B88B5BAC31854968E29C7FBF29DD19C94FE219B0F56EF6076E8042ADB330F9373AEFE8940179339CAE0F6363A43E817CCC96142E251301F40A2B4D420FCB9
                Malicious:false
                Preview:z...7.~.M2..#.ho.K..l.....|...-......Y.\.5..f..._y..r..}h.....S#.<g....f...u..oTW.:.K6/...L.U.)...Vo.S......\U......W....xf...D.J.[o.....8..)...Z[m......*...i.r_y...*P...R.j..+u..w....n...;.e.b.cjfPP4/..E......T.%.3.6....:.;.................?.........g..Cw.#K.&.C..4t.F.j.2}2..s;.g..x..f..K......s.Q<z........y.....q.t...9.v....C.s}..=...../.....0...6..9...1...a..{J...Gly.7o.1.EdH...9..f......N.X..=.i<.C....&..@...W{..1+5.+Ca.`.%UO..D8.8..y.tK.t..\..lu.Y.m.&.}....&...S.J.:....2.C..v,)W.f?6....u.".^E...%....;.h.....V6j. .&...L..5T..y4j...y{R.@..)>'.......!....\.p:.e.........*.I........6c....P&......!Kc.z..o....Z.+U460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d226463

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\117__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1664
                Entropy (8bit):7.342809364277901
                Encrypted:false
                SSDEEP:48:/BIz/TJvIirPblXx+x8+TDndbKLl14VZDNEBiV4V:GzrJQiZxD+vnduvMeBiV4V
                MD5:1DEFE4026C09FD881C68204793DCEF7C
                SHA1:1743F282EC8B4D80117876CB5CB5674517FF2353
                SHA-256:B51DFA786D0CB73750296F6EEF2CE08F7E2864A07256CB450E9E26172CC5D2E0
                SHA-512:C406D4CCBFD10010B10E2205D27C44BCDAE3C4A55D9FBCB4A3C9DA4B34903131E074A0494CB50193CF3F4A2CCC6BDBB6A9A135730DC9A377CCF0EB5F8B9CF962
                Malicious:false
                Preview:.....l%#..mV.....`MUU.#0...o.m.~..B...u.t}.M.J....`.y.\c.`..P...@...n.7uu3.Z.ul[6././.i..,v..u.|..._...m?x...~.{...+.......L.vq.z..........1.wl.......c..M.,..Y.m3.o9'.......\.A..5..n.]H'.,jc_....O/..V.....|.....B.[e<1.B^uS.V.k.d........?.r.V...Q......q.Lu.]..8...Hz}x....N.p.#x.Cae*.......s..y.Q.eS.c${1`...B>....|Y".^..v.S..~ZZ.[.d.7.a.GL._lu....F'h.Gpj.$..9A......p...@M.t.u....!..F.f.R.._1.~}....E.W..T..Ac...lx..9.F(.&.p`*.v.M..7,...d.:..z. ...+{R.=P.]......~..3$~..}.W..y.G.<.R....67j.*.j';m.._.z}....5!y.{....7...l+_.[wbj.s.r.E....h&..r.`.Zi..*X.VT../G*/.'...h2....B.Z.q.6.x.d....H.C[r..O3U..nJ...Ys...5.........z6.+..6.T..V/.2.<...0.$...B.]_:.....?.._..x....Z(4m........._.'G.."......bj.x....O...w..k...p......m........@X`V`.v..&!)..9/2.q.,.5...S3......9.S}.hC.]..{.i0...~iF...&.@N...~E......>.d..$2E~h....W._._R......N..JC.8...b...h..(.....8#.u%.Ps.L!...|)s...e.w.......$.x{..q.3R.%./...TL.w..k.."3.I.y.\.MY%...|..~..7......\|c5..4y-.Mgk.......

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\118__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1161
                Entropy (8bit):6.884657385409182
                Encrypted:false
                SSDEEP:24:jQKpImFg7EwD7blzcopc1TLSJEZVZjH0TH9O5Ye+QUiln4V:bImcEqapV+YVZDNEBiV4V
                MD5:0681758C812F8FB98032BED50B98DF72
                SHA1:E33F8769FC54C207A93CD132F411A6E359B39B7F
                SHA-256:BE0D6F0BDA66717C484E2B45ADE58FC7B5CB08BCBFF099351238D44428E2E3D5
                SHA-512:168AEEFFCE34B34412441A5E00F3CC104991AE1677A786AC073F2E1F5A5CC2933069D7CC7C576B1F90DD0E1C65584CE51A5935E1B96F68F7833883B46104EF69
                Malicious:false
                Preview:+.....i..?J....u..^.2s$....P+.`...5<.^J..mms......;.....c%..<....)Sn..Qk..9.:..!.*....+.8....G....G;..i.`.....:.&.V.Z.SK\......M..........O.;.8/..x.."{...3..`.P:.L.d*bc..9.)t'.|..L.....i..*L...N2.!>...d..h.O.5.3.X...W='#.....>3...=..F..)...8P..o.@.,=9..i@..?.;.?o ...gn...Ai...nNe.'.v..FBD..R....!/.p.%.P...A.I"...........Ya..J....}W.[.x..O~A.\B...n.}..gd.|J.....T.............|..j.....a............u.....i.K...G..G...%.#.../..*.4.t.8U...W}...st.k....0.mh...\..Z.#f...7]...B.D/X.-.m..r.W.............{%......@.C.t...0....n....+..WB{....#.iM`.o.....X..B>.n....a.8..:..X...@......z.E44.........Q...oA6&.>r7.'460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\119__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1247
                Entropy (8bit):7.030244045015699
                Encrypted:false
                SSDEEP:24:J2Khg2zzIt9x5bnIN5Qq5Dd8qFhZemaZVZjH0TH9O5Ye+QUiln4V:VD/It9QN2q5qqFhUnVZDNEBiV4V
                MD5:9521275CD807864C6839327582D7029A
                SHA1:E8EE4A38929C4FE62E84F9BBE1D7D4FAC8A43060
                SHA-256:09E948F4CD302F823CBD30DBD7ADF8A942BE08E1DCE9A109BC24DD978172B613
                SHA-512:3A17425F01FC80B083A17E92B7132B155E75441F93738C9CD1E0E0EB965F2E44C79BF0164CBC20C6FEBBACFC6A63C351E1C249F55F91C0180EEC31BC706D0318
                Malicious:false
                Preview:>.....b9.......@L...u..............]..D.........<I.%.x...N%.....2|....:5^......S1Lp.I........#6....areUA..T..C...C..c=..)...!(..>%.R./..U.a.zc..M.e4..L.s...l.:[..n'.x.J.W<}....=.G^kF..pY..f.Qs~.KF.;...;..B.....(A..{-.V .*...Z.....<..J.}.r.8.0s".T?..-.....KJ..um.....t...`.P <MTM.X.U..X3(].M.j...V....*..9 .......t!........,..<.?FcJ...W....}N..%#~............l.M.W..%.\...B|.....}.Vg.l.%.-k.a&.+.....Y.M...8U....L.[)sY.+.#C..{....*.....l.^....R..h.......O.Yh.^...j..........W>..p4.hm..9+.........._...j<...%.c76...@H.k_..v4..x...w....z.&..%..../C.@....[..v:.......iP.....G%.l<4.......qT./..s.}....#y...}..@.5./.gZd>......D.3.h.....4..#@.N..[...j.......i....mBD-....4Az.^f_.b...HR.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\11__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1790
                Entropy (8bit):7.442567304398706
                Encrypted:false
                SSDEEP:48:OcrSbQlWHXUSL7Sayaa1Dtwag6fof7KLOsIWTVZDNEBiV4V:ORN3USiaZa1DCfMoWzeBiV4V
                MD5:62BE5DC8009E7F515D834006C85FBDD8
                SHA1:1A8C6C966F41973BF0D0E8F28A7D581FBFF3E3AA
                SHA-256:470F68929F636C4D30E2A09A974B975031D5A48A3D30C656355C2D7BDE46AA14
                SHA-512:6440D4D713826AD89AC51A4B1218EBBFBC63B3B96189D70F35B8C20F4AE96D05032B250ABF812B34109846D686BEE85A9CC32908388CFC6EE3C20911B35F63F1
                Malicious:false
                Preview:kI ...............z....Sb.2T..1..:.L..l i.(..v]......N@...OB....,..S.oAp..N]K.../..V.i..-\..../}..!F......>.-.[oK...ot...<.....b...wXU....h)`...[._..i/.T..f..>.m...VI.#.....`1n..MI.....q..b$~..t-:.^9....|.....Q.Q.L...=R2.L....c..E.*l4%|.....a...8..L7:J.0 ...`..*.Y..y..~b...J..Z5...uU..sv..<-M..\..R...;..X..\...W...a.4'.s. ..R...5_h.dZO...09.b..+17.J4.AwBp.rZxX....G.ztL.}.A.l\....7..w.`..w..v7.lA;V%.wIV7.QR....\.:\.H..7&.L.)Y..q.....[\--..:D..;...m..9.s..wZ....l..8...u,...oXm.oy...k..DO+kP>@=...._,D....'..[......&.W.R...z4a*....V...........3Z!$..2....C<]....'.j.."..H)..>.*...K/.Z...1..p..0.#P.T.2.re....s..h.6?.....R...Gy......_.T^.oE..PKM..t..OJ..g.U.........=.g..{....@Ak.}U{.B-B@_.'..........u4t.0..T.O...:......9.!.m.V. ..e..[.hi.W#.{...x.O.. .].c.....r[.`{.!..G.).......I-z....k.2........?.....9.o.[...N....-.\.G.W-U.....x.....A.....y3.B...7.......L.^f*...........w.s.,b.^..[qvv...Z..=h.]3L. ..!-._L'...Z..m6+r.........<fl'2......#..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\120__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.967154110234403
                Encrypted:false
                SSDEEP:24:U44yr9ScGk0m2UdWJflnBmWhXKRaLcMfneZVZjH0TH9O5Ye+QUiln4V:9rYcG3m2UUdnB1eaTf2VZDNEBiV4V
                MD5:EBDFEA108CC47D6CB242C72DF370F8A6
                SHA1:E26EB39AB9E0FBC3ABA3589BBB048B285CFAE014
                SHA-256:7F77B2D42BD246696274AF035962BDFC541EF5F95C300FC848D966E34E7EE47F
                SHA-512:2F56B115D33746AC8EF5DF72F7CCE9A5FB9AE89D1EA3EBCEB7344D02D81D45FEF0A32BB9B1B37F0F0CD2397C66FCD06A3B817C12D8604814DFDCAC7D653A6833
                Malicious:false
                Preview:.md..C..6n..gDi.M...]...XQ8.....\s.M..M....j8..P...P./{..A..Z....Y0+.(..=.$.-.z.y.").........I<y...d..0...|Y.S.}I._.N....h....d...^j......;!..e.T..gV..f....[:W..{."c.9.....1,".!....v5.w...?c..........v....$..C......qV....T.&.....La...|..P....... r?d.W..;.Y.,TU_.....Y .f..Jt......bW..:g....d..k.!H9.....J...;.../..7..Gyc..]O.xS.rB...[c..*u....(..XD0.....sR.n.h.....{%.e&W}HWJ.z9...E.kn@....1....vL_.,.]..".?0...G.D.L.{....O.|....-..#.e.R....Lc...pl...."...'t,.!jh._x..Y...S....M.c..N.;q....|l..f....u....P....+..hw.......06..vn....0.P#5..bg.x.&..9,um....G..a..6;....@.Oa+W...q.nH.._..[I.&...C!{.P.,R..4..yd....(nv.......}f.(Q...&\......`...T..1.U.&.h...2.q...-?z...G.b:2. ..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\121__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.749930942740958
                Encrypted:false
                SSDEEP:24:4rKD9cLTt4A0fwWAT7rtSZVZjH0TH9O5Ye+QUiln4V:4WSftTxWAT7hiVZDNEBiV4V
                MD5:96DCBC08F5D2A20986E28856CD84BD0E
                SHA1:515BBC813CBE3CC3DFC12375C5BA21D16ACC5BB5
                SHA-256:2400DEE2B09BD00E34AFFE5C40CD822420F75F718015C3BB3DB89715897F9698
                SHA-512:03B4BDDE9327CBCEDB6CB5E2939824D171D27461CFEE08EBBA49C077E1433B9BC0E545236A76B24447B81675FB16538F0BB786F9FE316B3901C4A9752A9E127D
                Malicious:false
                Preview:..e..2....fAX.]f.Q........b..J...Dc.............D3h..N..@.;[..g..\...=..H..b..Z..^;Bf.<..*;.j.&.y..)E........Ko....xd....@.^.{..!.E?.1....n.....&....&.B7...y..`iXE..i.g..a.2..Ee...`x.\...#..9..h5n.'.......D.....b\G&..E.=9=T..Zp.8.....6h...q.. .../S@}%.=.(.N.8.8[..7t..;..X.B).T.pM........H.u.q.Fm.L............}..Y..$..|...A.ev..9?)sL.fz....T..>cT.....u.>.(.......6.t7.G...V..fk.&..0...'+.5.....F....Br.?.^..!.+.......`I.v..#.....Q3..........V..!i......o2e..]..f.X..w.D....CLW.....!0>7.U.@.*-.XVn.p@\U.....]i.?.T..........y<..Q8..L....s.@....#.qZ460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\122__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6502246729248755
                Encrypted:false
                SSDEEP:24:QRL/c6ul0qwGSXvZVZjH0TH9O5Ye+QUiln4V:ILkAjVZDNEBiV4V
                MD5:19BC15596E9CC5A533E03C3644F5D1EC
                SHA1:7B720C1A152931B332803DAD667E8793A762D6A5
                SHA-256:3C0DEF8E569788F83AA100B0B411F807D995A7420635188B748FDC95E5C79952
                SHA-512:F9CE192A07B670A94DC5253B0EB3C21F77410BEAD0A1756D8E5E133D39BE26380903D3A4568A21C2D4BCEEBFAFE47F4C9690ABA7E7EB09812C9FA14F74EEC606
                Malicious:false
                Preview:.v...`O...<..C.......c&..%.......).....~..*H......-...{.5s\....#.4c..P......<T...h...Dn..P...<:...bU..,..gD5\.Q[Y.9^.........W......"3....7..CS..U.-&......3es..,...\N.R......1F...4..4......t/Vx].h.A._..H9.i..M..........I...Y.>+.D@Sp.C+. .@..s9.....!n.@rY.?...|.._p.V..ZC..17......C..0.aV'........E........U.A=./.~.|9zQ.I......#C.....2...;..F!.[5...2M........$............*...f>..=.:/KU.......6...\Xo.\)).'...]ogN.v.%x.......\s'7..d.fWLE..$.\...7..c..u68...Q..m\...._Q.7..-..V.}..2*.pP..3....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\123__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.4470440598019945
                Encrypted:false
                SSDEEP:24:eZrmOrAG85xrFTTV4XyPR5fzLyZVZjH0TH9O5Ye+QUiln4V:eYa3gOVZDNEBiV4V
                MD5:A5B72C02DE38AE3578AAA3CBE17DC2FC
                SHA1:0DDC79B950E3EDF922C5D237AB9939BDD763569D
                SHA-256:C98158273ADEEF62BC3921772DE5B1E9BD5D884C66D467017862AAD88FCB140B
                SHA-512:0AFD43C234DA3B2580BBFB53B630BFE047655DAC9CEE76712200ECB70D0D4DDA0DDDF47D184C6F1FCE42725E3C948130DD203250C1B4F1C41F091AC3F1D0E595
                Malicious:false
                Preview:.\A..{c$Jo...`.._..?.{jr...<d?)..Q.\_.:...>..o9_L.1..q.Qrn...K.z..0/.:.K.'o..V!-"..g...P......3b..."....If.....n|..+.Y.j.....bu....`E.y.v...._C8.....m.)r..*~r..<......T.....y..\2...p._u.Q`.b1X..N."._y.%c...b.!t.......U.P.P.e....I8-?...k.5..L#......M._+<.A.3.CM.......m.....].i.(.3.0\iQd.Ey....?3D.n...bA...El.."O.P.%...W.I.*.j./~.E.^.....T?.4..r...Fpm.S..w5.0al../%D.W.>.+..........#.e...:."..>..j.f.y.K.#.U..L..7...mGK.L.#H;.5..|k4460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\124__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1382
                Entropy (8bit):7.1266504393274355
                Encrypted:false
                SSDEEP:24:J+wZZR/GoACxqvXJKixzTBHQBmpB+EFHuwujZVZjH0TH9O5Ye+QUiln4V:J+wZ+exkvxKNVZDNEBiV4V
                MD5:94841D43C168452602E63E38F50F42E0
                SHA1:8EA610006214EF88E52276C90FD56A5AA21F80F5
                SHA-256:922C7B8C8087A3DE02F4A6EEC59F5FB7B6D83036D8CF616C360B324B1577E34D
                SHA-512:DDC2EF62DC163457538A4ACE6B9C9B7E5C9E65CAA803E6CCE75283F44F75F13FD68378A7910BA23B895E6D91709894CED39F3392EEAEF09A8D2C596B9EDE53FF
                Malicious:false
                Preview:.}.Io_...,..\........w......G.........s....n,q..+..E.\.X.b.{..^..J.......F...9.s....A#...'.....{....i{:....A..xH.... ..x.....bi.Vx..oA..h.,t.K.@.g....,.y..cP....wH.......n..q...b.X..c.E.d....T.%.{..}.=R>.i.+...`d...X..........13...9.k...~...4..d.........F.(2.Q.;*...H.z.7.N.?.x........g.4.*2...b..W.......S....R[<...X.~?3}..x"*.ywO..@zr!. .......A..x.tB....7.r.2.....Y.%......nn.B.2....9#....Zk.Q..*........@F..}4.I._^...4z.u.M.*.......T~.3(....y.$..4.[:...v...v9.'...../oM...j.#.m......MD..F.......Z6~...E.....rWn....4N.q..6..b.H.a...K.=.@.#...0l.....Z)R....<........|..q....dB\h.%..............S+ji.alB..........qm..G...bXq...].B.8......0@.7.m...r#....D.@..</.."....7.../...B......m..1..<.OF\.. ....{#..b.....~B.n.....b5.G..u_E.<.IWe*.i..d...F.D....w......w..YF.4xZ.......U~..4.#Cf..=.E.bX...a9.b..`B.F...EdtW.*..1.ip[..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\125__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.998573222496638
                Encrypted:false
                SSDEEP:24:RYigYAo81mxybTmYz+pR4myueRD1doZVZjH0TH9O5Ye+QUiln4V:RPgYiiYzgR38BIVZDNEBiV4V
                MD5:70A438B8F8EF9CB0F5BEDF1265C01C6B
                SHA1:D5DE8A5F4132CA144FCD6BD1AAAF326B4116A5FB
                SHA-256:55435700238F2474D43D9DF9C4B63463D485F94613D2D00FED284B09C047ECE8
                SHA-512:724B33A62AA7CB5E26B8CE64EAA145F7E88AC5D3B0B75122B53D8194C568BF48A96C45411360A0DB327C95700B8226493CCE995EB97C1D9426318AB09B3521B9
                Malicious:false
                Preview:.&.#.....S.Z...X5ON.....(q.1.......w.Y.....<..'q`....>,{..3rnp...t...lib..#.']..cz....u7\..xJ...Y'...)..1".|....j...j]....l.$7.N...1y.q.C..eo..mPlU"R..N.b.}..d..!k..|f.p.G.9G.zw...P^8...#.m.e.....e8..`..&.{...Pj.).....&RR.z.......O..L+......VU\..F..}z...d7..yb..9k..E`.a....G?{4."..h.Ex..!B.Z..r..OE.!.U@...c.w....m)C..^L...'.R.].A..X..E.u.....M.W...}h#.w.y..t+..V.F..(rM....>.Ai(.......@V..!....H.C.q..<...C@....b.....8g..k.....|...W;..R.;.Z.....j.wg.81.n./9... .......2.k.X"4]........O>./D..Tt..4....^4hb........0.G..y.1?.%"N........n...T.8......v............Q......l.t))..^......T.#[.F.."NAx.@.h.X.'0.......[v.......Z.N.H9)..p.2:.2.{..*Q.kb[...p.S.f...:...x.I..%..)..7.H.M}.FVT...x.`..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\126__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1705
                Entropy (8bit):7.399737199685107
                Encrypted:false
                SSDEEP:24:PxiZJNIxiMNXvnT0BWPuKmew43kVdDTvUOyCzp+zssjZVZjH0TH9O5Ye+QUiln4V:obMNXgVew4Uv3UwzpAsmVZDNEBiV4V
                MD5:4B00E30456E239F6C29D9345FA7A57B7
                SHA1:1EB76FBDAFD93534F9053C90B4D21F9DFF141D52
                SHA-256:903D76A648777390469B8C091670C0CD1BFC4E4704347FA8670D63F700E8C199
                SHA-512:1D30300A01406F9ED1C3AE9779F1C2A39709D34DD10B3F719ACCD577413224017396D973161F7922538B29E1A4859EC2BB557EF9759768653B3FEE650D0D7970
                Malicious:false
                Preview:..>;W../...p....&|.Y.#Q.<*....l$...]........e..ts....H....;.,B)[.Q'.l.L.....=;zDc....d..qjr.#.w.......&.}.7.r?S...{......aTG.`';.....:.....@....w\ ...w.G..A..-.]t.... ...~;9.C......5#mEp.4n..6..}..i.J.......>....*.s.p.....2<=..wK.f.....?k.|.....f..........grO0.g.q.*mR.........<hm\\....%.=..{@...P ..zB....:.&...z2.|9*..../_..V(.w..PE.I...}l...L-._.D!.c.......a.Fz.!....'..X..H.v..0K..*z.]%.......(.=...#.`n`..........].{.J..d.s....?."...@@.tDw.a.9....~&LQgo9h2K....`=U4...o.9..c).uV|!6....v.<.$I.....N...[..=."..W........9...3T.........^.e..lh.K..K.n..v..$9U..C...J.*...&Z.a4.Fg.......k...6L.A.............c:...a...K...*.....xi.7...(a...E.....:..0...e..8..._l.X....U(.....\q.....z.!....|....u;N...40_{.&.F.~...=.K.m.T.\.6...g.....$..V....*..........%p.?3..r.).......f.#{Zt%....K.....].....wj.V.O.7.&oGz.L..y.....xL.....h_..^..y.......v....r.#...u....{.C~/6X..|..!c.t. .'m...t&..E8.:....._..........n...pr1..J.g$....9..[+..mii$z1%?c.w.....Q.~.:.....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\127__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1249
                Entropy (8bit):7.011818552687888
                Encrypted:false
                SSDEEP:24:3CDfumkjfZGkcXbG9q469WrN0gyxNk9rAbZVZjH0TH9O5Ye+QUiln4V:8umYfjUbG99kq0b8iVZDNEBiV4V
                MD5:1B17C68DEB1D9863F96B3DD225D1EF32
                SHA1:6BFA457382AE057FE0220FD63C35786D3B14A4E2
                SHA-256:C1D4DE7630A07228E19CD95AA831072A70C3E97A86F6D0D0485AFFF3F735E900
                SHA-512:1CD885578406AC1BABD42B3A8610B6051AE189D920E5E64C1CCFBB1B159F1D4A32D42F2FADEA4529AC0636F1D8D9D59B6BC836B21B52141121619EB362365B70
                Malicious:false
                Preview:'(.hb...Yj.q74..R..P..uJ..I.~.x.....S....".o.6D)...\...3.......?.j.4.!....&."t.>..y...M.^h..}&.R5.......h../}..s|...m.&3.;..`...u....Z..R.....B..-k75.i..w/.......1..x4,.....K.s...~w..qQ.I..1.|...G....@...'..l.^L.2.N..f.J.-....Gu.B....U.$.:...xW.yluXV...j.d.B.<..'<...xt."..m..Q..8&j.S...<.F|.;.p.Qcjh.}.[g...1...8....D..........V...@...'...A... .........e.....Y......4.......1.30..z./...<.E J..kqn..<.Vg....R... ./p....3....."h{.y$nF...x..q.Qd..%8G... 1.zF..1.>h.....;9.(-4,.......T.o..,s...r....&....*..y.S.....4.2...I.=.[.rZ.%".....0..r..|....:....T.!...%..o:B.o.....|.I[KeM5Y.~.}.P~..t..kw..O....`^.. ..p..._~:9;.1.. v..=Z...8..E............a..B.8..o.J.M.[.......c.r.......9+....3.=+.j...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\128__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1711
                Entropy (8bit):7.379553468561668
                Encrypted:false
                SSDEEP:48:YGYHJaFRu69Cp6+Vq3nX9Fkg7LkeVZDNEBiV4V:YfaDEVSnNFkgZeBiV4V
                MD5:26DCCA96855A68AD46115D36135D93A7
                SHA1:0739369488412D59D8320DA9D8D0F3457C12F91B
                SHA-256:2567B79FCB3930B3BC0104F22E229F41DB2370D8260DE11933A7C003F7613E29
                SHA-512:091517C5A58BBC482B0A67FE4895DDD693903559FAC8FA97B693103DEE841E1C8A629B7D1C328245E7DEC910C74E159C38A923537746239D5CEA65A4CD45F2AD
                Malicious:false
                Preview:....Z..9y....jz......dFQ`.xF.e.GF.@7L..a.d.Y}..;..k.O../.(MD......0.#.U..0.m.8X~'O.k.+b.Lp.R..|.$iC..."r._G*.H....!........@.....s|..].X..j....}cnAym...Lm.V..l.9.<0..t~h.0N2{.#F.-...A/.!%...>M3P.~...@flF.b..v.`m..e#.\.1.M.v^kM.]....`gc...t.Y\.'.....7.t)....7.&+......".J..9.4....s.w.i.C~...w..C...):"..s.'.@Te..!u..\./._.R..z.XsX. ~0...=%....u.]..kmJ.:.(.P...#....|.g......d5p..5.R.....1a.../.5...?..Z7[.Z.d..=...[-........Oh.H..C.....` ...:.p6...!..K..EU;CL.)qx....V..V..Xl%.X.]Q...O......\..w4.fO...V....z.....[.........1*8.M..H.L.-.....r.A.....{.o...t.A.A%..d..?.....Zq..w.!`..FL?.E.{..m\..o....B.$ ....*99zr..4.V......R.z..uZ_........p.J.kF.....A.#.A..X...)...9..{....`...uq...W.I.jL!##.c.....#..........4..'..?....u/........FJ.'.v.8....HW....)...)x..bx.!..{;.}J...Vn.b.a.....f.........K.p6....C.`...S.8..^.8...(....H........."......jhq..U.+(x.C..2......f.NK.....i...&i.s.b..........e....)._.......};..k|...;vr...<.....A.FTDsG-......Zm4.D....qi~!...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\129__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.792887706417438
                Encrypted:false
                SSDEEP:24:m4oPt5lMYLhb5wYZVZjH0TH9O5Ye+QUiln4V:XofLBVZDNEBiV4V
                MD5:088ABA3A4CEB921FFE4A0D6442E575A0
                SHA1:8DA3D0FA387F8F151246F7EE0FE6A63FFA63C298
                SHA-256:FF33A74194153FF192408CED86E3FD18158F735BD059750097F9FF426A24651C
                SHA-512:DCEA74EBE2468781C29342ADF583BB6B855E566883276447193F944849A0AB8F47FBCB5DCF612BE6D99D7DCC5313D9D00A0D8AB10B72FE190E03C12E9CBB63CB
                Malicious:false
                Preview:.G2fP{../.bcOML.Q36.6..r....`..{'....._.9.U~..Si...|....x.. ......?.....)...i....;p....j./........,.Y..&/...w.q...>.=..*~..K...`...x^j..C4M..I..'yp..}.. J.&.......h1......|..g.zD.J.Q..m.".............$..1.?l..P..A.L.....y/.%.M.e.Zt..p......+"..l.k...].Y-D.w..(S.?b......UV.:....q\..`.1....]........._......H.m.t&..T^...V......~.o..t."..I\5.O.n..i..x_.G.rT...p.Z..x.:...(.}..g..W.o...z6w5N..._:xPrl..$....+.sC^..0.~,.._.5y.C(.)}.Q.g..[.$.s.........[.:...U\.w.N..@>....*]ba.B..$o....4izN...v{3...'A...5...Q....vac#..]Q..^X........A.R&.vv460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\12__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):984
                Entropy (8bit):6.516513073223581
                Encrypted:false
                SSDEEP:24:wNx+hl61Nnixs9WeqD4vPSwOZVZjH0TH9O5Ye+QUiln4V:G+hleNnFQp8vdmVZDNEBiV4V
                MD5:6BAB016EDF73C3F648296A2779863314
                SHA1:60933A385D5A2C1AED09B635D6208A3C87F8412F
                SHA-256:0CE001B110B910F3832515101A8A079B9068A3BBD435CF27CF55E099DB91BECB
                SHA-512:F4C932906456E67A3EC2A50B60DEA2809D14E8151F8EC6839A3AEBF1CC76D0E6789FBA3CCE6D24245485988D9A33248DEF1BA695DD427CF383F9A90210C3152A
                Malicious:false
                Preview:\9(..=.h...+.."......?y.,....>.3D...h..L...B=.EZI.f.f.y.|....)4.....KR...dnQ....K..b....... .F...,fK..4.U.X....R_....b.e.0.c....H...z....&.R(...D.........g....{.F....0X'*....].....4.j..I-#....;...G..6..Z...v..Y..v...".t.y.4..$)..'.....Q....).w...3L*X..q.:....=..t..1.....~.U.F.&....$l...f.........,(;.y.....=./O.|a.]..o(.m@..u...U.....6....V.{.+@D.9.;.,=.!..p.Q..#_q.*..ce...X..m@E.{$U...o..V7...5>.BN...r.L.?..Kd.L..*'x.....5]..~..bQ.S.Mg.P....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\130__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.673373682971205
                Encrypted:false
                SSDEEP:24:n3xnKdc0vv3COKRGGREfdAmhZVZjH0TH9O5Ye+QUiln4V:3xMc0vv3cGEE+mPVZDNEBiV4V
                MD5:9DC7FEF90BA9F77CC460C0469B783337
                SHA1:B48CF2B1DE48D129359062D5BD9003E57098F053
                SHA-256:F5A6A330CFBA9B107ABD79825AC7EEAD4149AC2FEFADDA32C4FC23FBBD5C23A4
                SHA-512:BDEF5F1AE556C459E967A1DEED3309AC35E52BBF11990152CD2F7241B2BD9ADE3562571B7E0D1CC3E7F191B8AC98AB23D8805A4039078A666DE42953C3CF44D3
                Malicious:false
                Preview:...TXcX.W^]`x.5.s.$....n......c.N.2}...!0{....H.W~3).....Q..K~.....D.........%.V....T..&d.w...?.,...1E....._.Y.D..=.7r..D%..5,..Q#..6i.....Z.`...8:.P.z....nLZ....''..?.j.....0m^..I.(u.|..m..T.5....t#Q.9....6k.w.P.lVJ.h.=.w.v..hT....a...@.br...<...{6.Tj...|....=]6.....U..I;..Wp........,.>q..R...;{..Q.Mz...._.o....2..].....A.@T.j....)._.X.e..l.r.J...U.(].L..q...k<....n`*..^...k....9..f....w.<J.-.A...x>.6.4..).=s.o....D..l...Zn.1.E{.q...gf...1l....=,V..?.Nq.....V..0.Tm.d.(5.:....M.}6.l....'l....i......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\131__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):6.518563552141952
                Encrypted:false
                SSDEEP:24:OnPbLJGuANwvadjZVZjH0TH9O5Ye+QUiln4V:gzLJ8AadNVZDNEBiV4V
                MD5:1B3C57E5F02CE0D430C30D8AC79D21F3
                SHA1:8659FAB2FD2ABA74EB365FF83398420B221FE423
                SHA-256:FD095DDCAD71F723714C15677E9BA0B184E1763CCE07AA3F972208E8CF925AE4
                SHA-512:7096E43A42D59C240883ECB7086B26A8DC9053F7C455718647065365D0A0FF5927FBD6A4BC66F2EC89EA404C11F67C73193F5DAAA593C48381C719DE52816C7A
                Malicious:false
                Preview:.<.^..<...8....j..I.J.g".....@~&.^l.U....b./[@..H]...J....p,]..<....U'.......}W.<[.J............./.,.JU..].....8R..f...g..P.......E.V..-.z-P{Ki._...z..|C.R...../}......+....C-.*-,.;..E.M...GO..~.o.Mz..3...(...b..[@....v.t!......L@.[.4..G..R|..8X....S..Ya"..|B..h.....Nq....)%...\`o.....R.......F..r;..M..5.H....;.... /.c.L...D@...".{.%C...1lB.P.7XF{....Kk/=.i.x.2..00.q..c#z1..{.-.l..0ii...K..2.1...u. .Q..Z..d.....4<k....Z.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\132__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1235
                Entropy (8bit):7.00932597654549
                Encrypted:false
                SSDEEP:24:dffOjdWPWVV1RYc3SsyE8SyURZVZjH0TH9O5Ye+QUiln4V:dHOjUPCVcCYSf/VZDNEBiV4V
                MD5:91DE436122943365CE84C6351A049C06
                SHA1:0223354AD84475B24F4F56F6A8453194FBF14530
                SHA-256:8684A4B5C52D7ADE67136581493A929AE6075B2B74C28D7401105FA050ED1E3D
                SHA-512:6C47FC0F3AB26B4550A991D1BB949ABBACF587A9148FE0C4DBEBFC07D5F3E6CE272D87878C87E05D76A53BA15772C8FF9E75AC70D65755224767F62FEDFB2433
                Malicious:false
                Preview:...1.*..V....C.Nk4..jM......D+...!.K.N]....>.2l'.M..hV..G~..w.u.7......Z..%..i:......3C..tQ..f..dr....Y$........H...A.............%..@......m.s.....%...6.V.i..v...@.J..A.>.q...O.......K...K.x.c2e...S}.hU...D....I.*...&.....n<..D.I.[P+/. ......[..u....J...G..M.Pu.S......(...!.B}.#;$..1;....D....o.5......._...{..F.....Mr..X..|.l..)..fEFH...*.. *>....f.Yt]./N.k....?.....~....s..QRE1|.8L'...[.(cN.V...L.lo.a..r.3..._../.<f..3y.?.S.N....=..=OP.`U7..{..<.."x....Q]g9W/.(..'0..#=..Yy...-<./5..R...Q.4.W"....F#q..c_{...a.*..)R...\.q.N_....,.......B...J.c..0i;.u=)%...e5.!....I.._.........#6T\!N.n.....J.._..Z8.;.._..@...~....p9......c.3..s...=j.f.F...V...u.*.Xd.U--.A/....~......!.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2feb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\133__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1702
                Entropy (8bit):7.393613613471589
                Encrypted:false
                SSDEEP:24:zWNJAj0PaG8W+SevycWOz94mbOd4ZZj2LTeqJFVM9ZVZjH0TH9O5Ye+QUiln4V:zWMjgaG8Dqkz9dZj1YgTVZDNEBiV4V
                MD5:8918C6CBABEEA402FD4C118E51252976
                SHA1:6E450727FE29B910443B32E7ED9AF8E725367606
                SHA-256:B1EB884BED7C84EDA573C540E61F239FEFFF181C3E4D32DC2FFDA702B98B2D9B
                SHA-512:024FFE38952BEE9976F244F857B2A7FE91C2F33100F68ABB0868B05B586CE5058A43C233A263A90CCE10FFEB0F86A9B252E1B6156C5C3DC4DC17C3B55245E979
                Malicious:false
                Preview:b.y.!gp;....!y.;.V-....W..........r"J......e...w/.k._%.[...^.;k.3.; 81f.w..X...i..2h2.MN#^[C`9.L_...o.^..D..$./4@._.5.MN.^....'5.....+G.A.$.....B.`..k>M.*.@.(}.o.jJ.j.u.+c@'.e.%~..4.[..i+w.X.e......c...X.bLA.z.:@...T.W..........."|<...H..@.L.....#D1..2.]y..|3..;c.. H[.....o....K.E.!.D`.ay.-..I.m.XB.-.g.P.-.nmj..u..B.....}.......3Q.....-.vq*W...Zx.,..R.:U).S.....b....-...........CBZ~.].....s..MJ.,.vl...F....?.O. ...#....pbv.r..........A..fF....ZQS.$.pb.$...zb.[.t.a...f3..|-..fa.>.ZE...ZN....e/g..)%u.-fqN...y`V*..!..L/q...3.v.-....k...0........~'s..Z..+.)..n5.~.q..3..H...... .....j..6...K.S^..<.B..O$.*.R...X.>.TMI....s.iHG\.'..[..e...I>$.H...........G....G..[G..;... .4*1...6+\......v#u3...t..h.~..9..`......Y..~..|......4...f.b+Y.&..>....Z..]c.ne............hl..J..^..vY._..HK.I.*...\.....(R...RcxD..rp.......U..w.....]S@m.v....7...%.y........fC"H..tw..HIpY..mJ.).....If.i...G.B.4.Q..e....+...*}...oxm2P.Yan8......A........{..2....MH.q6.O i.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\134__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.716346943868309
                Encrypted:false
                SSDEEP:24:zI7xI9e5GaFA/S7pKvCEZVZjH0TH9O5Ye+QUiln4V:zoSq9KdVZDNEBiV4V
                MD5:976F5382B432803302F0CC01220CD2CE
                SHA1:A9E07C53A9F7ABEBAA1D4746C83797D425D65DA8
                SHA-256:5F33A563F7AAAA156E598A4D104F2E8B404ECF2EE8B0B81979962186F65F627B
                SHA-512:C0826197B7EE27644980566F5A0AB900E0D75490CF3B47DEE083D22D5D1ADBC52DACA59CD7B3ADE21B33EFED4BF9BDD9F4F4D4E17A371390F8C37F9B9BF637FF
                Malicious:false
                Preview:dnt..c.....=$....?\.... ...(.Q)..K7.f.Y..O...d.S..O.1>...?..*.R5. 8R..wv...u.X.e.6'~4...h...n5M)Sv...B.j...:.M.Ck....F..@..p..Si...5.\..._TtF'+.....9..&...@.B.p..Z4/.!&U.7..C\.)...t.....I_?.;h..U..T...9.5.E...L..J2s{..m(@V2..rI;.......W.........5........ ..n.v.... .+.!.+.A(..{O.....=.~rY|..=...Fk/..Q.o..b.E..(....U....C....F.I...M..N.....Wie..?...HC.]= ?.]I...fO^Y...U.....xo..6*....8)t...(.....\0?\......g@:...s.,jZ..:o.h.?.~..69{..f...+.S@.......J..vg......*.OM\=..Q...&q.....>@0ri....i...........1...AR../..8.......|n"....0.c...+...jS.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\135__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.661180765586076
                Encrypted:false
                SSDEEP:24:EI26hRdmbSzd193B8OG7x4RiyrYT/ZVZjH0TH9O5Ye+QUiln4V:n26hHbJLqn72iyrChVZDNEBiV4V
                MD5:CA8FDB1030045B47CB7EB3D6C3E763B3
                SHA1:A0B282DD71C2AC3B21769C2F8214A9D411E04B6B
                SHA-256:6EA96BF8BDBDFD52A7DA79B6260884A33FE383071CB9A5F15A43AB04D8D831AB
                SHA-512:748EDC01FB47EFDD290C9EA55EC0E70DC33DC9AC208A8C33529E7AE357A8A10602E0DCAEAC8B6346008EEC8F132B600E9971FDFFF097320AEE0270716B2EA7FF
                Malicious:false
                Preview:..L...|.....&$..B.. ..........q.!.:...<.J..[...........n.(.I..KF..$a.B.vt..9.Fw...DU.:s3q&...'k...1...........zP....<.rE.mh8\B.`.J.8R.j.........A"..4.h.T.d...`\...t..HG.r.&.............v|6....8.<f.,..qp......r.;.p.}>Zh".Hme.U1.,v.E6.{...E,.../E.g.... s.f^m...P...,.ddLOt!..2Q..j.G.............8g..W....[...h.K../.....*...:C....x.iC..D%..v...x.....P"T..W+........t...7..b...>9.....,<..v.>9..4.....L...d..".,....I.eS..()...)...S4....[.h..Is+.y...A.%..@.%L..D...1|.B.?b.....g.id..-V.....k.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\136__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.392488094393706
                Encrypted:false
                SSDEEP:24:hUuKFFytjD/XzDpq8V4Q101ZVZjH0TH9O5Ye+QUiln4V:KxWDpq8t107VZDNEBiV4V
                MD5:7E32A230A473FF2866714E4AB14745AF
                SHA1:17DFB2CDE2E4D805992475B1E0E1E0323A239756
                SHA-256:2415F9A23A7CD9C827B4B8AD164C17EFACB33EC3356B40E43920F419D7CE81F3
                SHA-512:3DACB43AFA49FE07C3C1F6A66341024F5F3215FB3B4918C407877174730B74911A1299F195955CCC7B284B75AC0E930F4BB06BB534071DF362809F187A269639
                Malicious:false
                Preview:...x.m..\.k..Q....x.... *..C@.L.3*@.<:@..O .d)..C %...`.O.. jh..a+..V.}u.$W...c.b.+#`.....j.W.P<.....d.<j..[.......". :[.^*7"N..hj.=1...<.......5...Uy.A...iC.l....|.s,.Y.x.R...Jn.<...n..==4hQ&..5...c....`VD...P.:ed....C.[9@.s4^.8....../v..&.O.y...g.anRF.0gI9./..!..`s1"...I.V..3.hI...)......y......M..<5.e.q.fQ$...ZT...).....O....f.x....g.,=f.....nD..q..}..(..zT...0%9.....N.......w..M.i...5.*.A.|..a.c..(Y4.V.)...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\137__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1702
                Entropy (8bit):7.361171509980299
                Encrypted:false
                SSDEEP:24:rg9N7TSsqDnVwuWU7HKWKaNkVL4te2kv4p/Rv7x1aYC6ThOeoZVZjH0TH9O5Ye+x:q71OwwuHaNk+tex45RvESkVZDNEBiV4V
                MD5:9E38B048BF87D5AE83BAA800869E7951
                SHA1:A5DF987E19ABF86FF7EA84523E8BEE91501FCAC7
                SHA-256:D2569811C136093705B99AA7AB60FD683DD2DA433C577E02EE72F488DD539C0F
                SHA-512:7802EB53EFCE6EBBE6683391F62E6222473628296FE23CA23D973C2063FC22E01C430D9EFB616345751A0E7BA84EAC46FEF1303AF5574524F3896025473D7139
                Malicious:false
                Preview:..]m..g;(......cr.;..!..Sv.d.]-.f.k..?.l...s.{...\...FE...^....9.2]#\..U..v{.j....Q9.E...m{.P...,........`..4..eg.IcS........H....0.....A..X..dZ..0x..]..M.6..b.......S..Vf.5<{..P{..K.S&BD.4;. 7.eM....[g)...l3?.......T...'U2.....%.U.rS.Q.;..3*...8.9.=L...1j.]4q.p.$[Pb_...=.E?....3.....7..(4s......Y..}.....wgG!.}...yop.X.2A.....r.....|.>Vv~.oV.F.aR.S..Mp...).3B.._G...R......D..=.1.U.O...t]..[..T..7u.cq(<.^.u.:a......sl...M...-..A...-".&3..x..Yj.(i..8..;.\..T......KI^..}...m~.Ol_S>.?"nj'....F;-..Q...q.".Z9.t...L|..F..e..c^2...u.hb..G..K5.=1......+.>Bv96.R..).}".D.s8.&Ho..a.b.......8../s3hf.VB8.\..#..yl.f....{+..J.6.U+..kQ .J.:.V..P.5.[!.:.}........Q....c.x{......3...D......RP..X....?&...........Fs.....#...3...T.#...q.8..{..X....g0...R.Elmw....oR.t....^j....mBr...DU\....9c..!...m8.[../..c..0...A...RD.....!o.c.>...Z..X..n.....5................C.Bl.S&.oC..."-\.wx%......>z..........aK..G#.Ti,FW.....^.Cy..h.A.kfOW..Ji...^.Zp.i..F.n`x.................

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\138__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1646
                Entropy (8bit):7.352177089146681
                Encrypted:false
                SSDEEP:48:LqKr4B8z19BIXf5+GuBN9UcWMxY3j3RTVZDNEBiV4V:LqKrDBIXx+GuxfFxY3jhzeBiV4V
                MD5:2E82228D710A782BBFD868EB71B820C2
                SHA1:DE4C99CFA87DBB212D5B5558D14989C5B8AA3C2F
                SHA-256:D726692AD312870EB9B178CB6BAF50904CD11EB987CCE1C54F3E7DD7FFE2237B
                SHA-512:207DAD401A326330381866133324BFADF68F06122F6AF5AC02BE61F05DD387685C9F158E7F1AA159904F16AEADE30893517B8DFD18AD126698A4622DE86EBFA0
                Malicious:false
                Preview:....Y..m.M.[Cs........_.A.b.{.3s.4.^\....i...D..~...\z).W.....C..Q.C.Uf......~..!f.TbZ6.K..0...*...r....g.....|.qK.f.XW}..T.......0(....^jV....(~.x..152.@$.....(....I..1g.W....]..2pu.y..3...=.R.*.....h..)H.d.2....uj].....A^.. .1.v......1|.x..a.#.,.|..`..3...m...H..{.......6......v..<...u`..5.@..,.mt.e.......Ai.t..F...k.z...>.2X.._.;..F......d. ...N...8.....M{......o....3.}!.....`..P\...@.}-.<.-B.~.Zv...&.....e..._..%.>(Z.5...3....C.#S.....R.s....D-.......n..;&....[....k.e....7..|..2..O.S~&..q.Ew....m.Ta;...C..US.0vq..T....U_.J.#`H....w..0'..6.?...-..t.... ....~....>.,$8{.x.X.d.~...C]...4........,#..f..R.....Q^.jw...Vh%h{..~}.Tl.$@...cz.D...$.G........j.'.......Z.3..Y.L.....u<..../......PM|....4h.....g..?*. ^...Y-.F.....7.jh..A...zH..t_.....,.p.J.f.q....[...c.......X.?[d.Z-.:$.C..d.....rn....&^....w`.....c4K...m.%...,..6xppl.P#...j.......<D...*...<...ZH.....^-...W.I./.".l...R...y....:}4.yu.,h.NF......i#....l..P...E1......~v.5._.u^.>....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\139__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):6.991398625185553
                Encrypted:false
                SSDEEP:24:XigRz9thjJNqPZrr67iIX4mu+VQdNxAncZVZjH0TH9O5Ye+QUiln4V:Xiq9VMPZrr67iL4VQdDfVZDNEBiV4V
                MD5:6C42DFE9B611F58BC0B30ADD70AD5193
                SHA1:18129A5196FAEF8293EA2311BD1F93C623DBDB8D
                SHA-256:6CFFC1C25DD9180A430753434DCDC3C460E98BA16F73F8917E7F73AA92EBAD17
                SHA-512:F896F7FE2D21F7DC780AD6D3BC0598A85C2BBAD5FE844520010D6CB13EE369439458190496D7C4850D98976190AF80073A3E06B740E49DB9E6136367007D4CF0
                Malicious:false
                Preview:._L...#..Fq...@.~O.......t..Z......3.y.@.T....?.o..1:>G...D...Am....J..R....}I.C+.3W>.hM....&.o.........E.q.d.a.~g\..=..4....;6....X..7.}C..7p.&..,R ...m.o.n...v|D....GH/..}.k....3.v..n..........d`.78^.........AmJ.+1....!....K....7.@O,...6..#^;'.9..?...]s...n.......R./..t.m..Q.J....5U~.......{Q....{A...H1.D)p....7,...Qr.8.L...\.T...p.,................N.......sl...k.."C.......c..o.....9J..g.g..l..>.8.M.......Y..6.g5`.p."L..P.n....zj....%._.....x.Z...}}h(..BU7... ..\.+..zi{(.....p...q*...Q.........0m;....o.C.$$.v^i.4.m..t....am.+X%...."......M........K....*.W.3..D.:..J.N...=...1v...6.....x.].C.!.h..3.xz7.yx*.........].....z.m..._..T./..J......W.aK..h`h.0./..9.&C...0kd.X.Dz.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\13__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1083
                Entropy (8bit):6.74016333793397
                Encrypted:false
                SSDEEP:24:7cwhMVTotO88CzG5im7FSR67KXZVZjH0TH9O5Ye+QUiln4V:7cwmToH7G5iSSRlVZDNEBiV4V
                MD5:98D5C36954EC833F138B598611B23985
                SHA1:278E9D1C40D6E57D66A6CD8FD066E921477F174E
                SHA-256:22859EE15FA5A3164F9155C8F6DACE1E93334B7BBE5BFC574B1DE4DC4DF528D9
                SHA-512:ECE4DC0D044915540669832A8A81B6DC488383E94B474D9F7FD5DCDDE85EA65882D9CBDE43FA64F993A0AAB67B792D40E61940A200C12652C499AA0F72FCE646
                Malicious:false
                Preview:..qqZ...+.k.r&..d.Ax]D.....b..lr..@.....($f.........E.(3.........A... .[...4..W)1T$........@....-... ..a..8H.W..~..&k.S....b....#_\....[zS..R.eG...I......t.h.n........ ..(5..P.K..(.....Y%Oc.-...YVK.i..<.{L4.!....d...S!.!..E..y."}..}...a.E `@E...y..C.)pP...Q.f......(O6.....z.v......g..|..*. .Y.X..PM.[...vk..Gp[.|t....n.2/.>.0/..rd...(....i..T.c-e..,j..^xH~......A..0.=.H.Q;5...@.5o5.;.(..Om.I..g..Q3...s..leN.....m.a..J....Q5..).a....I.LgyP..K...l.C./..iO.4.a..3?tl..H..@........k........])..%.*..=..*..........2a.JI...\.v.`6...].X.S.....>.L.9Y.[460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\140__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1222
                Entropy (8bit):6.95828443306218
                Encrypted:false
                SSDEEP:24:HJ5HN+qmMGFzdphBt+BxRTX7Z99rRdZ4kZVZjH0TH9O5Ye+QUiln4V:nM1j+XTX7D44VZDNEBiV4V
                MD5:0C6D2286953247EEDC36693F92AAD275
                SHA1:B97942576620C3C505804FBB0E835F73EDD6B62E
                SHA-256:DD7A8B569C46639690765E75E3CBB41AB99BB788E4FFBAA0384E13AE3A1E025D
                SHA-512:AD7921540DCC6CFB15F14EA21210714F2476F4D0431502FF2C0ABF26A57FD7C7394613E7762A76D5B7B5DF9E1B0E1CE8DE9157E3D7E0BC0F9855BA0E9AA96A73
                Malicious:false
                Preview:...D..l.. ).(.x..k...Y.3.!..;.*..y...9~..R...r.4...t..5j-.[,....* <.......1..6w].._.........u.#.......p..A..d.V.Q}X.x0FN...+...Mz.:fZ.=..hZ..._..!...R.u^...H.#.p.fn.w..=c........b.I!uA....3....DI.J....zc.Ga.CQ.~...FE .e.1s F..Y>......j...mN..'dfSST!.^qt?.'..$&.G.....g}wj..M4...n...W.K....!j.T....4..m..).Q....t.....V...!..h?A>.,...#!. as+f....L.{mz9C.|.N*.R..HLcj+cBD......n..v{..[...9..|:>G.W.....p1;......?....0..x...M^.~N.@<7V[l.z..Y@e..g."b.........Eq2... ..G...Cf.^.K....f.;w...........D%..7..*.qD".jw.$.........|..V....F.T..N...../Q..".$..4....VJ^~....;..bq....1... e.0m.\W.....}9.......l...t3..i..;}...PL!..Z....2.....f...\SdZ/.v..q..kH.h..sz..+.uh...M..z:.....VU..D...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\141__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.680544743778694
                Encrypted:false
                SSDEEP:24:IDElZHKYupgMzchQEL7FF/HAQVZVZjH0TH9O5Ye+QUiln4V:+EzypPzafFF/HfVZDNEBiV4V
                MD5:EA9252E19763FE0B8F4CF6F0F0109B38
                SHA1:C6FF9A9EDC0184EC897AF08DEE900F9A584C0F8F
                SHA-256:040D6D39E04F4187FAB4652715753093650FED73D2579AA96F009D80AF7DA207
                SHA-512:B6A6AFD4F533AE1F22BC6BFC7DFA118A713078BCA40240F765F234C5B14906279DB4543F6BA1A2878A48D784ED875A21B308D554FCD32732CD7C997E8534DCB3
                Malicious:false
                Preview:,e.=F..{=.f.).(..4...A...N..g...[.d........3 ..`...=....Y...T.@.<h..)...<.3E....w...YY}..KS3......x..x.3...q..2.b.....W...5f..sv'.xW..j.{k..Y.t.cG!"..[...s7~.;.-.>....8.>1...Z...-..h/c.A..o..g..m...K&.&..J.d_..........I.Z..*.4v.gn4...V.<...`.h,....4H.*.B.G...c.2....8..:..I.&vZ7oM6V...$..cq.6..x...@S..J.@.m8..a.w..`VJ...b~..f...=.90... .(..!..RWv.....6...^?P......Ij.@......2.......9bY4[..a.;Nb.x@n...8l...[.S.......^zH..../.....kcu[~..g....M.....Ap..%0.....}.)K.w...Z2.N....$........Y...cWW/s....m.IE_..B.>mAx..*.5..d5.....F.....h.=.1.H.h.m..h...y460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\142__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.662989984676817
                Encrypted:false
                SSDEEP:24:ZmTvdQIVRhlynt3X3j5hM9ZVZjH0TH9O5Ye+QUiln4V:ZOuVnt3X3cTVZDNEBiV4V
                MD5:3A1FE3743F241E066F79898F35ACC35A
                SHA1:DBDB934CA89BA336161F4A6A69D5F075354CA4FA
                SHA-256:CEB0E791E221A6013B175B5F70929A8A49678206FF5F5B3C4B3CACD15C293C63
                SHA-512:2AE0A156970F0DD3E5C315698DFE63C285C82E1B05513B401913F8E2FC0581B09B22F5BE69386AAA35A93AD9EFD28306579E52B68CE8C332F3A6757F7F4234F9
                Malicious:false
                Preview:.Xa..3..<3.x.....C.8O...n..,..NA.HZP...y_L*.... \.[.}j.%.tu.-Q..~6....?;s>.7....c....w.......*..^..U..L.R...j/.c?s..m.,..G..@.O\..x<g\uw..ND-0......v.O.M.<.B.-o.M"r_..Y.O..H.&...0.[g.....m.f....p..-.|W3U..5.n6...,$J.A4...P..+.l.._....F...U.....b...!...Rr)...P..Rj.f..?.m..2..+.56...BUD...N.R..d)Z^.....,..'vg.1..^.#..U...K../...+.U..%...............F...d9.o-(..TQ........h)..2.j.....9.E.+.M$...i.?,z)........e_...]q8if....G/@c.4?Ll..&.M.`....!X.%..y;..0..~..."...6.|_.)R....:N.1.G.:L..|..P...I.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\143__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):6.473433534236373
                Encrypted:false
                SSDEEP:24:Y3l2pi8tCU8CgzvT1NZVZjH0TH9O5Ye+QUiln4V:YVE8C6vTxVZDNEBiV4V
                MD5:E75C94B670332A8F713AC0D93D8D7E8D
                SHA1:498C10FA89B1CB0F1052FA3112DA14556F3CD25B
                SHA-256:95AE0354559C997F109004824B14A89A7DB7BBB41A47490B70E509369A47E1B2
                SHA-512:63E59BF114BA1BC44F428618057136C1C243B3C6C27F20C7D65DCF1AC90977D860BAC00D73F5451E8010072FCF372D2D4655B57F5AE3AB325D49AE78AD090F25
                Malicious:false
                Preview:..b....ZE.2.j..*..n6.N.g...`...i6...2...D.tI...J.?...-.%.{^......k.D..u."....!..Em.ga.......5....M.qm"Hc.D.RH&..v..w.xc....*....>....r=.D..C..#P6.n..n..R.5....kc.R.V..... ../q..moGe...*e.'>...|..95..qX..o......}..`?.%..+...xye.S....+.2R..a...2:!pF.9..$a....}....z.LR...C.D.Q...M .*cT;....*.8K..M#.Y_`...[.....l.'.@..........B.5.....,.9.r\Z...._...`....Y..a.ARBJ..0sxW.&..c-.2saf.....O0K...b,.o...&.2.....E.H~{..r1.g..mY?....}.i.!...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\144__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1806
                Entropy (8bit):7.423698120404503
                Encrypted:false
                SSDEEP:48:liJCDlExhDfoMnlRYGxvdTlu8QVZDNEBiV4V:AQE3LI8lhufeBiV4V
                MD5:6B3DFEC1781A847A4FD2D59636F8BFEE
                SHA1:3D26533FF73B0C9D225BD33A8B8855B65B2ED315
                SHA-256:90875F08C2B8F7ADED9027D63211EC8221F6670ED9E3F2A37CE32CC58237540A
                SHA-512:6A8741E13CEAA61EB944309C2E6700264268C3420BC60F2F3898675B10853CB6F722E02CF531A4BCD2BC11B6589E614BE78F8E6A876190DFDFB9B875C5D67EB3
                Malicious:false
                Preview:S.3.H.....0~5..QV....N.. B.8...c...o./.i..X...kL..T...$C.=.u_.K,..rCrk. ....y.....%I.7.`...7..0.4.a..?.>.er.)..|..0.J.=.....d.e....njm..O_B.....(.^G:.....b7.....}0.I......Toj.O=".Xj.S...r.....EU..Av....R.=...Bja.{D............9_w.O..`.U..E7|Vg#ZfnH2.5-JoJ.......X.. ......:..D..1.W#8....,....t;..!...Aw.H....6w.#..J....T."1.?.4W..Z.pn.X...X.p..".:..5p...:.4=.C.m...u\n.h|+.H'......dT..2..qK.Us........fi.xM.O.......\\.G...Zx..8.[.y...J.........C...s...&.......'/3....l./.K=..."....A..h..W......1..b.*.3O.x.bh..Bns..~*...*..K.....v..[.rM4D....Z.f.@.vX5...Z..S)....UO......%%.. .$...........Hr.T;^.C.N M..9..7.%...V5.3z,.XC.?.>.)...k.....e...%./....G.$.Pr..^....]V".0.3..........GF...]...&..$.o+#o.^..B..t...].~~.....^M:.....C?.O.4J.........%.>bB.........M<.w.?.G...f.4..7.3He.,L.+Z...js...Nf..0Q...Q..w9....q.X.k.n..R..\......,...tm.Q^....5.2h.....?.....J./,.>Sk..2..9.s..B..U..u..Y..gs.m....]...>.....Y.q..Z=/.>wQ+.K..X.l.L.4........../.a.$K....."....bzq.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\145__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1736
                Entropy (8bit):7.380756224163811
                Encrypted:false
                SSDEEP:24:hHaOePTIv+XySTMXPYd/D4IF+1+feV7J1HIdBrrZVZjH0TH9O5Ye+QUiln4V:hHa9PTy+XRYXAhxstuDVZDNEBiV4V
                MD5:E574AE850D52AE4DC9615AFC16BBC50E
                SHA1:432BF70C36634AD12E2CB3BCFEB8D75C6FA8ACD6
                SHA-256:C34FC33AA4546CCE8DB349D88C2170ED76ECD4B568046F436178D309C98595F5
                SHA-512:9EFD0A39E238943D6ABFF80B3156043E884662AE0053C4FCC4C354E0F5B7C691A1484B66A4C9B6857816DBE18550B3AB0F8AB51176AD962CA37896DC835E3AC7
                Malicious:false
                Preview:.......Y.e6s...A.....I..M.=.l.Y.R6.3[..&.....t..E8..Q....I.1%0I........].....dg.... Yk.F<...T.u..e....s.T.Sz....4..dC....A......6......a.,...O......!&..?9.F... *..-......~.j.Gf.=8.L.FiX.H*..R.9.o...5D...Z+G.F.+Yg...Ec{u..2....8+...ZP....&...|..&A...&..~WJ.W......;....g.....r..D.8.z.{|.#..1........,.|...!.....CF.i.....b.F.:.....{78...O........:P.e.......?. .....F..4<.`..a'.>.!.j.......RQe.........d..0F.j....BSH.;R..B.[.3.m..,.[..p......V...E..h.....F..LZL...w.Q|fPw5n....,.LS.&7......m.X.fs..q})...F.......U.oA.?..>.....v...;..E...........}G.3..}T..y.TA..S.....Ci..w......W.*..)^.....R....$'.4..."...+.Wa..E....t.........1da......V....+8N...%%u..L.2....h~Re>e.......t.?.|..u..0.2M1Q.s..V.P_.4....Ew.=`.Z..b......>r.j._=[.G.D_.h.Y.....(.7....L...I.j..h.................U.2..c'.b...H..s..O........q.$vA>8.S]:'X3........I.3e.t.;.........c.D...j..6.Af.....=..1.....e"...U.I..F.{.\8&]VY.a....p`....0{i.{bB..NP.4/.).-..>...z..!...q....>..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\146__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1157
                Entropy (8bit):6.891378020983192
                Encrypted:false
                SSDEEP:24:FmngNoPCsHaPVjLTgclawgkZVZjH0TH9O5Ye+QUiln4V:Nu1apT9zVZDNEBiV4V
                MD5:CC262268FAF6D1B7004EBFE18DAF02A4
                SHA1:7B5E24E32CF56B34DC28DA59CDAA2B8DF08DCCC4
                SHA-256:847E1A58DCE98B6CCA967A9F0720B4CDCAACB96478921412E25B78AD2EA01E46
                SHA-512:83B9BE39BC31F734429230B1F40EA584ABD7182DAC2175BBC610952DF5E70FD4E4719B0487A4AB3114CD2F4672CD54F4A43B6414E2CA29589B031A75936B81A8
                Malicious:false
                Preview:.!a>...........L*@c..i$.v...a.iVomO.....k! .......O..p.;.A.-..v)..........Mr.@..`..iu.?3{..C.mi0.gu.(.H}.)..w.B...w/S*.&.A@..].."....6.._.q..[{.C.Q.!.. ._T....*..j..Ho..9/.~.....G...p.l;d...o.t){...h..$.B..0......Us..]..u3%...7G.BO.. j..q......8...M......g.}..o..t_.S.{..}Cm,.Kx..i"..AXN8.A....2L...eI.1P..;.(../li.....}.Z.Ox./......'.M...W..zA... ..9....~..`...R.......ME.Y.........O....^N.].::.6..:.#.|...CEc.p..'...P......hU:..WU{...gt....l.8..{..}.(..7>.p....9.j...p....u.].q{.Za...~.D+.K_.G.NJH..u.......H....#....m..h..~..9....Xo.5....aN......u.Ja|t...%'.r.0.pm.A..{2.....\,.t.;....#.....6...fSm..Q.M2460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\147__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.7175900205044154
                Encrypted:false
                SSDEEP:24:VNexUbHbD0S5JJWmNGzZIgOByvZVZjH0TH9O5Ye+QUiln4V:nA+Hn0S5HWIGzZROByRVZDNEBiV4V
                MD5:59653A8F87007F6E226342207FA61DC2
                SHA1:16B07F05BE6EE697133E188869C6EBE9A8944A47
                SHA-256:38C4470490D0CB301BBF4B81AE5B520F141D54D44BCABECEE82AEFB60C6E1568
                SHA-512:410521E6E58F143A97CD57D7650BB7C9501E5612BC0665B3208522F78A3F21148AA63221216E1E6CB6641F031DA5D75BDA0482879231B985FD599976933245ED
                Malicious:false
                Preview:...N..\.z.5X....mr.G..../....u..O.k..(|..b........_....0.T.S....$..'(j..f.....Y_...oX.qj..C..^..t....D../......L..c..=)...o.b..>*.K.\Y..Mx..{m.f..\p..../...w.J..$....6...<.....S..Z&....zNZ3e(..W.....K..aHz.*....w.KP.....:<...|....<.5..%....w.."..w.}...S,E+?.pey;.k.RQ>+.lu...k.DF.o..x....4.b.A:.#..(H..L.U...lL.aW&0...n.4u#..rc.2=|.}h.*.......Z.M......0.e.ha.n..v.._......k. a....E0.....K..J....~.`...v.\jKa.P.....|t.F...]'.dd(&2.|.-F!..ufZ..[.0........_.p.-o3G{..E....k./\..a&d..C4..).{.6.3.d].o._..^J...QH....9."....^Rg.;o..K..6.!..r.H.WPGa-....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\148__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.664998349713624
                Encrypted:false
                SSDEEP:24:ROXSy+p/D1bpcXAjjsnnM/+ZVZjH0TH9O5Ye+QUiln4V:IX/+/BpknIWVZDNEBiV4V
                MD5:71E13DFDA2BC1806352EF387AFC1EEA7
                SHA1:042B32248DEAF6D4191471748608159C801D1266
                SHA-256:3463FD87F82348923A14496C3530AFAB010E6AC8048482F791D86D6E48D015F9
                SHA-512:9E74CA76F977185214B659F430BD1C1EA43C7521B2A51BEECD7A03D9368E7E7B26B8DFBB35A1B75C8A8B17965F3CAF331784778A82A5DDC708E2456884D7194D
                Malicious:false
                Preview:.. K.ko......(.JV.jkm.S.4(.....h.&!........oy........."|a.y..v:&...z.x..i......Y..Wc.0.X.PC.t.W..).=o...|}..:_....F|....Ww.Uo.0.e..8i.l..~..U`...CE.M.z.cE.\3.T..........Z....n..T.r...T $1G<._d..u...v...E!_.....Tb#.pf...+8..<.9.+.........)|...$..X.;9.k..H...s...$..G.K.........Ya`m..'.\W..,P.j..../....-...K.0.n......|..N...@`bO.{8...l..c.iBb.P4.A>......,.U.....`to.T.o.v.1..g.P...a....k.-....P..B...o.{).[..+.y..5....._h./^...U.Bc..l..9.D=9N..=R. ..6k....S)...".LyIq........[...w...j.&...R....t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\149__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:big endian ispell hash file (?),
                Category:dropped
                Size (bytes):953
                Entropy (8bit):6.452857994383336
                Encrypted:false
                SSDEEP:24:y50eFo/nl426lchKgZVZjH0TH9O5Ye+QUiln4V:gFIl426luKMVZDNEBiV4V
                MD5:937E9A78814DFE7C575D8199AD31A9F2
                SHA1:0E02D78051006A9E805711C3015050051EE74801
                SHA-256:90D51E2295275F9115207EE0C9D857D041462668CB149085C29E65B6B364A25E
                SHA-512:0E85A9C603658C4CE1B998E84F85637198C18BB01DBDD3CC65915789344088A75BCA758E775B9330AFEBDD5464521B0C6A913BF1B6C8D2AA176239A5AFF1EAE1
                Malicious:false
                Preview:.....d.f...-.ok.j.$n...w}...j..6...G%F.,.xj.......8)}S)k.c..1%3.9.:Yv.ysC.H..%u.-8|.R>..k$|T.FY.O\.}.....-c.4.....x.'......h.6.N.h.`7Z.o"..........K......V..s.s...P.!.ry.....P....8.B...&5rZ......*..(..v...c.....=.....].<.'..0..u(./L_.n<`..2.J..I...H.d.'`..i...<...>..]0j.@..d....%..Z....~..G..u..;....M^i.....4.........o1][>.'....]T.9...:fv2.\.........$.2\.9...A.ME........4V9.<.@u.`....|-...KGX<[X.ae...J....T.O..J..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\14__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.635994125320114
                Encrypted:false
                SSDEEP:24:EeHahJ8xJAj05kAHBLbZVZjH0TH9O5Ye+QUiln4V:F8EJAVAhBVZDNEBiV4V
                MD5:A8AE8428E3180A626281AB046542CDA2
                SHA1:C36060E3D331F93142923EC0A0B2F63B715CDA78
                SHA-256:148DC3298A727EAA146A9CA28CA2184C2105C96013BAA0C2DCC710DD2FE23DFA
                SHA-512:F1A24FA2AE7162E058B29BA7B9059DBD4207E2A893BA37DC297F2E7DA411CF709818645C65CBC43A3D3AAEFFD269D4E191F56900F9849C5450B3A6048A6CA4A9
                Malicious:false
                Preview:ib.p.Gwus.P<!.}r..s.T............dS..<B.o.5}...3....V.!...a...cBr...O..3w.....-.:....#.Q....k.{.jxF...e}..,...'s..7..0hZ'. .;.L<z1...k...d..b.L..~..@k......7.@.}.....b9....f.I0Lq....|8.2.. 2_...T.ir.|..=.....R...G,..m,.`c....~.hK...!.;?....9...O.'.........k{>.^...Y_.n_...La.i.mX{.......RBY.tg%F...r<.....5..f."z....".o.u....Td>'J^.!{..8..... .......m.n....y.........)b..(F...}...O..:........:..vyy(.3 zMoJ0..E4..Nh....h,...Z......;~/..Q......r?Z...a.%....3........#..}..i.c..G..H..B..@....Q.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\150__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.948104875125633
                Encrypted:false
                SSDEEP:24:ERNyWyZTnXFgH2mP1gLf/UMe4z/xAxJwrFQZVZjH0TH9O5Ye+QUiln4V:E3yWlH2SWj88NgwR8VZDNEBiV4V
                MD5:AD96288A3F010A49E91E882B662FDECD
                SHA1:428E3E7462E6832DB5B7940390BD75A5F02EBBE3
                SHA-256:2B4E904162138FE534FF13107A9B90B750CCA90C5ECDF2C8DBDF3CFA6135BFFD
                SHA-512:40455FFAB835F326087A8C67C683699B6F001E8867EDE3838E260DED68A38923B831F7633BF61855F26B779854778FB97CDD2686C03AF2566CEA197DA267184F
                Malicious:false
                Preview:.p.s.r..a.v......0.M.y.A..J.`....Uf.,.1f........g{........xcpt..1....1l...._6.I..|..... _.........Y.*.....P.....>.y~....'....%.4...g|...s...O..h".)......w.......6.......m.F:.CEj..5.........gl.t.P#..D.).{.......~U...9.V....h...-..q.~...Y.N`.3..J..P....o.T...$.m.l.v.....R.2d..M....,P.y...$..2.O.....<'.n...Ky.+l.$eIW.9..~.....f1....i.O..I.L...`C{d.7..&X.M.s?:....wl.R.}...K.Wn..........L.m9...........nf.e...a.x=....={k.}..k....76.V'..WHz...0..2H..'.'V..f.&9......>5y...K..i:..R...*V..;.0......p.7...R..>g...H..DJ.....8,WY...V.i.E7.o.....i.....'......2.W.=..?.2p+..&5x.u.|cG.w..'`....Aj.vh....9=..d..U<=....:..o|...x`....38...42K......S&zGQU_..s..L=$9_..T.u..I...........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\151__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1678
                Entropy (8bit):7.308959469946902
                Encrypted:false
                SSDEEP:48:iSRmlUndGwHfGwxUxG1gfR0X97VZDNEBiV4V:iSUlUnow/ClfR0VeBiV4V
                MD5:88BA38DD01F3D6751B1EB641797BBA8E
                SHA1:30469143C6C25697301C7BB0544824C1267FAE72
                SHA-256:12F86B2C793DDAC03E82E94932149E20DF8A236D3A4897AA163481441B45788B
                SHA-512:1D1491E58A69BE3D4A8403EB45ACD4CF4E4E5AABA4E86C424216BE05486885EACE303E1E727161CBADB90C95A09C574654B8CC0D9877E01914E699E774B1FAC1
                Malicious:false
                Preview:......~...Ay.v.7.^.*O\.a.....YF.....j..T........L....p.bW..I2....'....!2.2.....<...k....N.T..6@+v..3L..O.=M...4]..\.!..Y.[..y..T..$..d.X....{....|.%c.ML..i.AlJ.....#i6.....d....'L.H.1.,...E...u.....%.......J...U.j....o.:.s..Z.jw..NL.9L..<.V.A.........36.9jP%........I(.b...rb./~..cW`..M..:.XM...2....}7....R_.....Ll.....iG...8]@aZtl.X.F"}HAC..L.k.7}.)h.tX....&.Z....?.>.1F..:R.GnkT...3...W.x].yG.P9..W.eH.Az...U.........K.&..y/.8.G....7,.....#b...6..%.^.3X...t.4...*.A.w$..O2.".k.P...0...t.@.ZbcqWb/....KM......@& .b..O!.f..(.....?..5.H.r.V...H.l...+..|G.*...x.I.IH..9.&..(...C@?.+|.<..\.............`........Q.n6..r%~.5....|...Y..#&..s...^L.......W.z.....!.......1.../.a..K.C..5t...y.$^..T\$&.F.....63..-u.c.l.B..l.n...-..9\ZZ._..8If........aFm.~N...6.>.VPx.<qTwn.....T..AP...q.z...K].......t.Q..r.".5...4c.L..bt......8.#...d......y.>P.03.>E.z..72D....'....By...y...2].O..33..cV..5...A....c.......9B.c.....b.o...3...*...YI...y....z.-..7^.8.z.....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\152__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1178
                Entropy (8bit):6.86595078962294
                Encrypted:false
                SSDEEP:24:1sIOfsiWUJisaVnaGHvsKChRFeB/WLvrNbZVZjH0TH9O5Ye+QUiln4V:1sIKsVUJisAZG8svr3VZDNEBiV4V
                MD5:D6DF3E49BBA5E648294D946747598DA6
                SHA1:5AFE22BFA57BF1A31DFF5DA6CDDD2D17802B1BDF
                SHA-256:F774F544913039DFFBB699BC76E10434608397B8F69A06962181EE5BAFC63E20
                SHA-512:03ECAB9D9762C4C0023F2ED1FF9FA114C86D6AF572532FA1B14F501D1BBC45EAD7F097BAD730EB8FEDC34A2CBC6DE57EDFA17876FDCF06B9D5B80CAE57E836C9
                Malicious:false
                Preview:.........k.)L...9..._.;|.J.M\.o.[..S.......*.=....-..N...be..U.......d...l;GR]y.z.-.`.<.@1..^.{%Z......d./.3.l..H..p.......<U.H.2.w...N.v,.'.46..].).\..V./....}p....,..T.0..^.$1..~..T...W:r....E.........R......:>.4.?..w$...~7W.......F....>>y~.*n{j.@.....n.861...H...{.|.......9.J3....xf9S...4.34.-.ki$=ts.v)...<......A......Oz.....Ft......&G.WJ..<...0I....f.=.g........O.s..n..K..[..(.3.c..e.....2..+.(.q...N..\..6.^..K.........6.,. ...GZn....E.+..f.{.M.{3 LB.R...U....)F7....O.e7A...h.?5..aq.}.y&.i......jS.9..\=....a.`e}..#.O.U..d.g..`A..W..W.....].aq...y...q.....`...C;.a..=<R..jy....D.iC.....-..iL....z..S5D.{.OD..gZD...<=P...e&460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\153__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):6.901509610182625
                Encrypted:false
                SSDEEP:24:4fd2BeCYifrs85FUYNtghYF/yIH6NxNwGgukZVZjH0TH9O5Ye+QUiln4V:4f0BeCYus857Nt6tFBaVZDNEBiV4V
                MD5:9CA7891E2CB64C5C5AF76E82BE8F4751
                SHA1:3778E23A72F982680951073FA30120A885BBF174
                SHA-256:8EDEFAA46E785118AB3A4F950273C912D952A9DDEC7302EFBF2E934908BB2B3E
                SHA-512:24EE26E38ECA903C3728C709D1333D59F92A7DF104CA8FA1FD414D862564E350FAB6482CD6D2B301CBBBDCD98107A8C7F31CE26FBFFBD0F11510780E3EF7941E
                Malicious:false
                Preview:..Q\U.j...:..........p.rd.......~J5*3+..1.....D.W.c.2.g[gt.b.\H...q.}j.i....<.... .s.....t.1...X..{../.......N...~xt.R..`N.M.....F%.b.o.4.2...^..=.r`..k.jJ.K.....m7...?-..3.3P,.n.X{Y_.."......n,..KF.....b.<>4......<.......I\x.-v.p~....I.Y........?..p./........T..[....~4..M!.|..dwz!....O..........t6..[...;....g..9.2........E......S.....20O.mmg.kB.Ks..:.NK[:H..B...%.&I..Z)f.H.I.$}6...6.S...F....<.]..2&.~..ej....+=*#.i.5.m..#.......!J.W3............x..|a....CP..V.........4...kG...+..i\/......:.....x.t....<.t.MM...k<.Y.Y.XE... .$\......&....[A......!.....k..:....c.a..H.W...@.....R.Vh.=......../gYu.<h.j460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\154__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.8839647237610455
                Encrypted:false
                SSDEEP:24:plfuLRpwqjK06fgFmL9vy5LeZVZjH0TH9O5Ye+QUiln4V:pNutpwq76fgF+F+L2VZDNEBiV4V
                MD5:998FDF244ADA0FD8DAC29D55F70A354C
                SHA1:AC11FBC09DEB4B61483968CD102A3AF39E3A5258
                SHA-256:21493DA6E8D411E926A8B3521F6CBE98723CF9647B1A1632A9413E77A9B1A56F
                SHA-512:14B8D42F11110CFB346B26E7B503EAB1E105F1FC0DFF11E872E57B8957A6267CD6843B4EFE2719CEA4AEAE1C01FAB5EF096F9438630DD95315B459612AB07D86
                Malicious:false
                Preview:...Wx........T......2.+j.,.`.$.xER...'.9O.._^M<..,.v..%.,.....8.Y.]t...y....[h,.9'.R#'.e.`..D{P5^.....IpP.d..1......B..4..Bf...~^.f.wU.,.vzf...r.Z....|<r...W.....w.v.c..6&/Q...R....a._.k..<.z...j.s.sH..b..^."..........\9vL.4..>..7.9.t...O...E.S0RX....:6e..;...._.....x....'.\.#.....+...}J<.h.z..N.-1nc......s.....^..;...3.......4..!f$..n.."......_..k.......5<;.A...t......'3..>Jp......l....Q....AE.S.Y.h..td...nDZ.q.h.......X._K.=%.a*..~AD.aoH..'....:.......S.!.b.O.!....O.......'......y...@.8_...ov.U.....3..Qv.8..k...b.xr.q.b.V..O...'8.G...b....:V..'..;tC]..M.(`..&....".b.P..g...[Z..-...W...-.*..\.7...{8......K..E....F..zaN460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\155__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7432280344842805
                Encrypted:false
                SSDEEP:24:OQkt6QXr38LVDf6NLW6raZVZjH0TH9O5Ye+QUiln4V:O53wSL5raVZDNEBiV4V
                MD5:39428EA24F516E1353B99C3C1D355946
                SHA1:D9B56F1A306D6014A6F3ADDFDDB2E8868554190F
                SHA-256:2343728E1A19AEBF0F3D7043FD9EBB93E05394C003D68532C6C908A4943A34BB
                SHA-512:AC36637027DEC822FD78AF1AB80909890F3CF15C7D5D12B289B8DAA2F0B2298C5C3334B7A58A2235C77E2D3A864CAF6227F08ED2B9F6D5B6239A57DC905D7F47
                Malicious:false
                Preview:.t`X..S.X.7..F.@...I.d.,.....$.U^..Ww....j..rU....p.dK..),.?...:...iv...w...o.O..>6.K..<.\....F.gBc.....o...Y......1........^...\\$.k1.uf."+.}.?&..r....$b....@.L_...8.....65....3..HB~.^O.3.R.....y7.sB.mm.-....aky....j..#......W..Di..'....-l.#.......#.zW(~85.V...........u. ...Qg..#(.mJ..J..L..(E..+S.x.oHK45..b4. ....H..us...|w....>*.....m.KSM#..&A5EU..D..z. .a.T}.F.....|.D....B~0/..;z.,........I..o...D(..t.R....W.^.6..^V.{.J.j..GYZ.~_Y)Q...X..V[..)I(.v_....n^..f..go...c..d..v.............u......g..g6...?A..N...o.....>.7...F..&M.7...V...1..).A&.)Q..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\156__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.574880407806995
                Encrypted:false
                SSDEEP:24:ptFksGW5aWqqO7Ee2a8DbZVZjH0TH9O5Ye+QUiln4V:ptFUWIEZVZDNEBiV4V
                MD5:36ED5A0D97B7669A9FC83863E22DEF74
                SHA1:1A9515798088D8BE2DD04AC2EA1D9AF5A04B52B8
                SHA-256:827C26BBCE6CBE3BD58A6F851CF082F84F0639C6542A18EFD04930FC53E6DF70
                SHA-512:541A6081A8A8F3D00F9477F4A51003B81DE461FBC294855147AEB1D772129C2F2B549D13CAE7ACB3C4597425E7C1357F68C92475D7CA5D2283C06C4D8AB8771E
                Malicious:false
                Preview:..hp..!x..2G.y.8j...J0...X.Qx.P...5X..<.J..o.X..(e.....=....H4x'.;.d^.#j..m....i....m.E,...1/.oy......Y..>.WU9?.E....&..G.c....+.x.".nd..9.c..)..!.....h.UQ....D.3C7z....Q.n.*vd..#......r`.?4.s.W.c.d.!.j.f.i.'.p2..1n#m......wmP.....e..?..s...=.{.W.9.?.5.o!7.5 0!.qr..I...;.r.V.@n0...9.;...I.\.0.......0.e..m[.....s.......}.....j.....3ALqXirC|.....L+b#ic....-~.{..]......,..B.m`v4.,`Ws2o........6%....c...;Ql..B'yD!MG.c!<...]..l.;.>..n0.>.._.yt....n.w#.g.F.H..ee..|...|...e.`...wm..^..D...2..T..@s9T....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\157__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):964
                Entropy (8bit):6.508918295087265
                Encrypted:false
                SSDEEP:24:UwBEBSiFcXuJOuEZVZjH0TH9O5Ye+QUiln4V:UwBEBHDOuYVZDNEBiV4V
                MD5:AA53DC4899BA944F9AA9E0BABF9C6A74
                SHA1:957D44BF9DB1EFE522727D39026AB2F10E1FA296
                SHA-256:86D9DBF4AC3982FFE448EBEB9B56CD16E1BEB1F375F7D46ED28D66B835B42955
                SHA-512:C5E7FBEF68E068C6839DC23C4C2698BFB4B5353AB5DDB838B9F342CA41B064BC0B18FEEDFC0010619187ABD964AE62D0E912DE31A35E082F10D38FEB940A8D68
                Malicious:false
                Preview:.....?.........n....Z.2..Z....}..St.~gJ'......v'Y....fa......N&A..&.P.m..w@..`"ip.t'G....._.D..U...s9F.z.....[....I|.@%..w...~.Fk..!mJ....N.!....8].z..[...i-...m.O...I?{nh.}z..........cs.....:.D.X.....R..C..9...`.....V.H..b3~X.?W".}I'.z).;h..w.....c..R......4;....-e..D.g....#....1.lc[B..b...t.I<I..j..`...P..y.....JP..?M.o..[..1/...q.....9...9. ....t.Dr2..U.K..!]....1..0.a8...R.G.:.v..O..`...%8......n...XN.]@... .460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\158__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1784
                Entropy (8bit):7.433385276439879
                Encrypted:false
                SSDEEP:48:B4GJZeuEYSeCtbOoG/EBuKARFVZDNEBiV4V:B4GJtENeC14OpARJeBiV4V
                MD5:8A682B0FD44FBC8C5F19CC7A08D8FBCF
                SHA1:9C40C9FAE214776A4D154303DF59587B88B64457
                SHA-256:695F15493D4C7194C230BAD66AA30DAD43F7FA124ABFFF213D0E9F17282A5876
                SHA-512:2916CC65C63B0EF29FAD2A8103D6B358472D12BDD4E12C6B7525D37E6F6A895830FA85AFE8236E05B164DFC6F65F5E70DD5179E9D9DC0BC15C2079CCCC3EF686
                Malicious:false
                Preview:B..~.?..1.>...5..O,y.;M...V...\c...j2p.."6.]..9J-..E. 1].Z-*.6K.p;=-..:T. ...}.9.,...<.j... ...E..=..Z.A.\/......33YW....c.I.,..+2...u....JNOf..d..Q....x...en.U.u...{.......e\..sl51...V.S....=..T_"Z.P...i2?w..G&B;N....A...G.jWOg........s5...Q..).....Q...q.(%..`.j....f...b...A.....q..%.\G...e..7gFkL.B.pq. .;(...=.g........;...a%.-E....@....t.....}:f.~...l]..<...SH;.S.L..tL..F.u.I.+.S.|J...y.P...*.,%...p.l.".{NrJQ...:.H. . S....kDF.Y.4.8.y.o..C.]4Hux...L.W..z'\......e.....D..$.U...7...v.*.n...;.....\. .H.......A...;.........r|.x.Y.t".H.H'hP.imi..?63........u.h..8.`...~P..._.....X..g.w..{~..i..............T.P(..].$..-...%"..IY}.#-....1w....7.e.hdts.Z...-...]}....%..s..!.SJ....H.$....k.......tf."....xt.......O....<...l{S.N.....]x..`(..:......X........#...z.l..-o.;e.... 5....<.]. ..:.Xr..H..Ht..-.!..U0a..};...W..vy.;....... ....g@;......G....u...<.6..../.+..r..?.w+VT.......r.e\...84~..T.Q...4eL3.jK.~...D.$f...@M....o\...k...H?>.|O..j.!...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\159__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1226
                Entropy (8bit):6.995724952687839
                Encrypted:false
                SSDEEP:24:gcIRDPli10KDCqOP18uaIBtBOYIZVZjH0TH9O5Ye+QUiln4V:0Be0K+t8dIBt7EVZDNEBiV4V
                MD5:C00C1E5A27F5541F5F99097E227513B4
                SHA1:F3406960C39CE0ED0AB70AAD2B6460038C53E91B
                SHA-256:DAD40712798710E4A033D2968BBB8D8F85952832F425635A3F561D4E20A9C2D1
                SHA-512:AFE55690BC26FF7DF9649832AB16EC87AA80BB3D125E4D3DD3DE150A759DFC03E49BE6E391B328B37BCFB170CB465D9A0306CF57B83E1044F8F7579D39E8C249
                Malicious:false
                Preview:NV....^...l........f.[..K....8.K.|<..9w..6S..q......17.]!.....6...a.X..w.&a:..r.@.S.N.-./p(....y).=/.....J.~[vl.B........~.K....(q_.9xw......sy....,...#.M........e`[)...'x..+....>..J.....}..FW.{..........E.....:..V..8.j.Z.%.K*..I...^+..AO.....A.x)..8...%.{]..g....}`..K_..M......=>.......Z..C...-)..F...-"A....<..!.D.l!.Pf....^...n..&v.1........m!b.........X..u.D....G..G.].f.........J.5..:.#d.\[..,}...`....>.......q.5}a/.6UGF..>eZ..%.K0.F.M.J+|.@W..*2.. ....9.....1...I.....:b...'....q.o..;i..mqp..'=,.G.BYj.e.q.z.O.~b.h...ief7..).. ..$.........k....}......$..L..j.S.-^!.KB.V.......$Q.~..r.p[....V#=.5....D....5.q"y.~..{.t..K..g..E......$.q...B.}w.&CW..i....4&...U6#...q.N_460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\15__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):957
                Entropy (8bit):6.468038112878216
                Encrypted:false
                SSDEEP:24:vlb0w96IpkV1fCicsvLwXXZVZjH0TH9O5Ye+QUiln4V:dV6gk3CiHTw5VZDNEBiV4V
                MD5:D46875B40AC0FBAC3AB17E8ABAE1E6BA
                SHA1:E4D2ABD96E2E261553F3D14259B24A6FE6375674
                SHA-256:643AFFBE92B7F9C02A075E8063BC07C9CBC11B5CF305301673074E4999A20F9F
                SHA-512:247475850472BD4B30C200433EAAC51578360754058C1204D11AB4488906EBAA6DDEC6739C024C9C4DE59918826DEAA2219EC57762F662B9CEA67B71604E84C4
                Malicious:false
                Preview:...l."+.^.Gq....).........e....(o)...ok.g5.k.u...7...W...~...i.......Ui..B`....)R....A1i<'0...g}jx....KR.9n....Y.,u.......-".B...`&........D3.)Z...........9W..F..h.k..$..gL....csq.8.........J.p...AW..sH....3<k....%....B.i...i.u.JB..WN.\.WV.5@...9.../z{|.{.....c#-...s..i.e'...1.}.x..Pb2\...t.W~%&~..$.CL.%...x...l^.W6.....i..].!.+.c#G.xtG.K.>..p.....0.'..M..n..e.]...b&af%).............{.4..6(....|.....6..|p..."X...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\160__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2145
                Entropy (8bit):7.56825530093258
                Encrypted:false
                SSDEEP:48:KRvUFx1xVdzc7h+XYxGC/StZ4x9DN9tIR+y3Fqx72ALDM/VZDNEBiV4V:KJUtNzc7sIxS2VNL1SyKAHM3eBiV4V
                MD5:20285AB45464948362F2C215268A6DDB
                SHA1:6338D07D4E338639F35333C57F8E37958626AD5A
                SHA-256:166DBF3FAA9D34ED5BDB7CE276B7C608575ED12D4CB8DA4153FF7A7B3D6049ED
                SHA-512:E0E18088D0FC46FC306F6E4B487AB40377F12C950699B235EF2948C93FE1FAA07207B10C335A8BC28881AC79CB777FB01FA8533E95EC7D525F2D738A7764FCCA
                Malicious:false
                Preview:...|.8...y.....l.G........d>...D....-.....Z..57a..,R...@>R.D..}..../.......I..h.....'..@..SK...T.V....TS.n...s.r..~.R....A`......E.h...~...).F.......3.A.-........t`.m.r.r....h.....'.H..&X.d...I.q.O...K[.......c.B..|S.'..x/.G2..l}&.fMCf........b.G..t-......e..w....,....).#.-.i.T..OG.....R.!U.2.\x..q.(^..=.Y.u*...8_..4..x~w..m.l......5...Bd..z........c....z|..EH.t...S.$..Q........\..$.A#HWt#...."..Jc..F..Hrd.Y.iu.w .O..J..-I...e...X..?.[~h.xy\.N....z.'..?rX..(.03G....B3.....W..|....y[...v.ofA.@rF.n...k..-i.(..4,G...N.1....>.KoK&.(.,w......U....]..z.b.q.n{...5...*....3.G.og.....Y...6.8 .....D.".z.....v....k~~d.....V..c..e.#..Jf..c...#uU..d.b...]7.^.d..P.o;>f....i.y.*bk..l..4E.S..Y.n.?...2._a,yWB@......$...9.%E.n.J...df........r.S......(8.L.E......0!b..;...<..dQ.l.5.l>)..f5'.3...;..GI.).....I../I.!s`.._../..;..s}.a...+....%@..q..k|..}..-.Z.JA.2Nk$)...D.Q^...I@.B;..hl5w.|i....p$...i...4....2..]Pf.`.....P~...........'..wPkzI...?g%...1pZ....<..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\161__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.743986314231795
                Encrypted:false
                SSDEEP:24:uCa1+PFVCFoM9BuHycKj6ZVZjH0TH9O5Ye+QUiln4V:uh1+tA6OE5VZDNEBiV4V
                MD5:A992ECCF24D5A90928A7C6DFC9DA8FDC
                SHA1:77D85800DCF7A59185F10C707FEF765FCEA8AA7A
                SHA-256:A43916F0FEC5C1C725EA1AF61FAFE0526289B7C0CBB7F334389381511DDB5992
                SHA-512:D166CAE1AFE858386F872F4C23A196DA1E0845487A74CB44E28E0746BCDCA7187B2B5A8B60CA94B21ADEBE38CEC7176553F1F518B1058FE2B01CA33FCF3CB248
                Malicious:false
                Preview:..S...if....S.;....-.q..X......\..\ ..e..cs<F..E.3Zqu.g.w..M.~...bOG`.#.6.j..u..O....h~J..>..i....Kk.X.%/.$..2@}w.E..?...=..o..Fwn.e.....b......;...Zn0..{?Qn...bk4T.I".y.&Yd3.5s.u...u..C.{..3...p.[;.<D...K.3..t.N.TC]t......0.C....%.....\J5H.<...RW...rO"AZ...@.HV(u4. c........2.Q....?.Im..v^..N...h.."@......e.,........U..q..%Wr...*+=#og..M......_!...].$Ga....9....{..1.z..........a..M..o'l..K.......\N.?:..o.\.5......."G..Uq...H.e7.$..R.g.Y.X.!.g..H3aw..XXJK..}{q#V..y.t....L?...Dt...Q.q....q\...z.P.10........J`....\.A.J.?..G.k...J.B..I=?W4460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\162__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.653383233586378
                Encrypted:false
                SSDEEP:24:A0roBiozGNWYaLjSDX1ItmVSlRBXZVZjH0TH9O5Ye+QUiln4V:LZWYaLWDXKgSfXVZDNEBiV4V
                MD5:59D58F79ED471C715AE91E0A0F96EE1B
                SHA1:6C2C565CD6E69D074FCA0CD81E3FB2D8FF6EC564
                SHA-256:AE0BD6F366F49F91F0D5B7ACA5DB521C451E810E0931697B5BD09D89DFD005BC
                SHA-512:14C06CC0E281E6C3DACAB783EF0B00D898458DD4D5DA3F22FD350E3335CB068D84C06A7E002D339F73E7C1F0D64E8054CD3B5A73DAD656211F2D1108F0CDC346
                Malicious:false
                Preview:\...a?.R.c.N@.r.....Z..Q.D$wN.(...[...,.q.........?.nY. )J.K%....`fl..6JF9.d...........wq;..(..t...<Kvx....m.......9@..c.f5.T.y.h{R...........C%R(l...{&.Z.x..P....&..$.C^..h..:.@......Y.&.`o.....W.....j....p.r`..q..c...m..q....5<.`../#s.5.t.....U.s&...k/....................".`1m...:;..%.,.%x....I.|...0.KN0V...fkW...NP....Kh8...aqzPi.z....Rk..a.B<.P>.4.|.jw.....Q..J..;9.H.....jP.i.\....).+..?..{gc..Xv:....../.w.?l..M....q....0..P....O..~i.....$N&.I.!.m...+S ..BC..Tf{..j..[ky0.3...5..L{Dkd|~O.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\163__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.481708803678382
                Encrypted:false
                SSDEEP:24:Kw/su2EIKSF7dV64dfK+GzKMZVZjH0TH9O5Ye+QUiln4V:Kw/N2fP6GC+GOQVZDNEBiV4V
                MD5:5ABFDAF9CA75B8E4D7490D0787A34F67
                SHA1:71F23C57ED82F0F262958DCF232BBC683D660A2D
                SHA-256:37A60173FAFF827B8CF08D4C7045FB19FC1C071AE248C5FF17BB3A532F5D7DD3
                SHA-512:372CBECBEC13C3EE7F9FCC33219A2C4DE0043FCE2F5516F2F0B4360E466539E4495A9332B9F7F715D0850EB336671FBAAE57BF81E5DC12AE815C18F29A2EB584
                Malicious:false
                Preview:....;.>..0:&J../....^...[2....d..[D.mIc..z.!.....b..y...%A..5.....8.A.!..3...y7'...c..$...N?.kNJ9..E.*.u.m.e.#...SN{a..:..W.E.h..|..k.hk....t..#..."P.[..v.....T.I=X~ u.,Y...!...q_u..<a..(j+..ns...t.s..........n[w4.x.'....Of@.Q.o..=.(..T....2&41.f./o.0d.P..B.Q..A..... .+.O).....?..........=..I......b....:I&%..X.gE..J.#...r.^.v.sEA..q.....`;j...oMY.O...........*.....2..$.M..C.m.c...)P..e.U..k..N(.{.^v..;...6..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\164__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2832
                Entropy (8bit):7.727597291456052
                Encrypted:false
                SSDEEP:48:DamEetgQ7pPGbEBfFV5MD/H/LJ8dEjUtikhpLRjAdVZDNEBiV4V:jntuEBNX+/H/6dWUtikhptjAheBiV4V
                MD5:1EB5A823201125E02D5E9C923954C0D2
                SHA1:3717A26774A2FFCB49CCCCD7FDC459DF125E286B
                SHA-256:AA8D64FE7F77CD822F620225A78C91A618A66D8194758DE89834D90E4CAC6D9C
                SHA-512:2BC118146BAE52C1D09E131F62B89B61D8DF8ABBCF20AD0F82C815DB9D1DEBE2D1F8A9CB343F7164AE0AEEDEA31AB7B85414A8A6CE6C8A017141D34D972AC91C
                Malicious:false
                Preview:a..^......%K6.........;.....*e.*..rjN.q....Z../.(.r....b...jt.....ZG.y.[...<.^..Pj.0..EX.h.n2.+....D.@R..%..Hl.syQ;c..2.=~..V.....j..e.6.H.d"..!...}....H."......AS.QP..+d..s..WInU.*.... .-........&.m...C.....\..j.9...A..~..=....f...MN..D...&U.&..J5k.... ..+t#.d.q`.9.8.;....Q...VG.k...@..j7.i7/......q..M........"|.....!.E{~....mm.I..o=.G)k.A........}...}.n.!..=$.......<..g..7;Z.........$..mc..9....r.D..~..Ge.o\...%...XF..a].!..Jch-..../:X$DW.0.W..^..*_..x..............`c.^.....6m}......}G.R..K./6pG.A.\.....|..L......]....}.i.I..Y..w....g......r.......S$...}...:;o..8]..u.:0..kA...;.D5O.......2..B.7].._..f.e.c..uyk.q&..qI'..Y...:3z....(.j....?2..ze..R.q.\.....B.^.......K..w..M.Hn.0....!F.b.......I.^Z...3.U,.....).....)..k.5.Y.;.Q..}Rw..~.I..V...=.Y...S...B.....I......,.-.x.rg..&s...]{l...6....s'...&.S...rA.xDCe..............7..1{....D.wF......X...j`..s......9...,HQ.@Xa.*3.x.o...f[a.d..........V..;A.G....N?....]..9.0..}.e....E.h..$?.4{..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\165__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.496005390179327
                Encrypted:false
                SSDEEP:24:EI8V7O1Aci6LL76J8ZVZjH0TH9O5Ye+QUiln4V:l85OniVqVZDNEBiV4V
                MD5:3C16C0329E2C7CA7EE5C4225B702C5B2
                SHA1:A164AECAA27585F0B4EEBDA1954273289CE8A63D
                SHA-256:C461E41C07254EE8F2B847B4C233D94D5D4A1BA4C4C6AEDA4C168B07F652C9FD
                SHA-512:072877F43784BF659E85D7CA32A8CF92B42A711D3052CF3DDA0FB0F11DDD3ED2B268373A24E9A5E2A034A9D0B2BF87A1F956EA6F0D4C92BFB54AE8FBF33004F9
                Malicious:false
                Preview:....v{*d...j?....I...S._..:..t.%HN._.M......rR..Y+K......G..F..D\L....(}.....~@..W.G.O.(;.N..=.G....t.o..y."6.:vfP.#. w..H......V...i.f.K.V2..a...$..L...@^13..G......z.~....t...L..3...(`.v.'..7..4...8...........%e...N4.0..2.|.0.6...M...}... R[Y.7<b..k5...:..f.j.q..;..K...#..y.+r..O....F......}.}.7}..../.$../.q.Gz....".T.\.n}i..Q..z.%....HJ......<..y.....8V.7.......j.A\....j...v...83.W.....^....V..OU.+.f......U.....w.?cb..|..Y.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\166__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1299
                Entropy (8bit):7.076998622429419
                Encrypted:false
                SSDEEP:24:zh/Ji/BHnPo0RRu2aPjL9OzRZruZVZjH0TH9O5Ye+QUiln4V:zNJiJQEIZ39Oz3iVZDNEBiV4V
                MD5:A1FFF57A8DA711A3BC1564D13CCB548C
                SHA1:59447FB891D96AA572CD796480BA542F12269F2D
                SHA-256:8FF36FEF17636C6F204DFB53CFEC3EA0DC5C186F49CEF6776A590C19175D0028
                SHA-512:2DD4319DF522523AE526C4A5479112981B0262D9BE8D5D588CCE7856D3EEB9B4F3D525C729CBB9A1338817DB1488E0EB610447F3882999256422541225D21E16
                Malicious:false
                Preview:%q.[G[%^......6..2.<w<.#..;..).d....../U3....v1.[s...oqK_.G.gp...~.ue:....f..]..b[B..m5.....F.{....=.......k..{...)4.....Om.`..9..\.P|.g...+c.........J...o..A=.,.& ....N@..k...z..iGXw.$.Jt{.:.{...v..sJ"HQ!.h.^{t...5.f .....(.ry.y.+=F5..O...~.RG.. ....8k.......0(.s...S..=-9.l.1..;....8{....,../......>..(..b..{F.g.F.....v.A.]g.|......&....!...f........;h......t\K.S.!sr:.......Jf...o.P...z].........o.u..2w.u...lW8i..I0...`x.7.1.T.....".].,2q..:_...p.D.S..R..........(.N$I..T.7-.d+....0._.v..+=n=.w..'..Hp.....3.c.hJ.9.. ...9.&.......A1..=..\T..i....<*....`$.[l.....$......P....u.$tB...B"..D..b..N...",t..j....h..v...L5.X(LK>.....s<>.......d......d.y5.H..O^...!m..?D..[......Ti.ig.]....{..!.s..h...03..(.....*..3;.7...g.2Q..GaU...u.....S..T.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfcc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\167__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.91886414196598
                Encrypted:false
                SSDEEP:24:L1hpF07cBovpYJR9ci6CsHwzo0lEZVZjH0TH9O5Ye+QUiln4V:VFhoyRii9sHwzruVZDNEBiV4V
                MD5:EAEC891C81EE7BCDD89EFFC3B7B069B5
                SHA1:DB5EBEC4068A357B959A2EC9DBEEFE4534D6D302
                SHA-256:6DF976DC8103A26F6FC05BA57D44F9B69B71150FD8D97F14C421C2322A51F35E
                SHA-512:C8BBEEDA6446F92FD34F17322791EB0BD7143F62DE18682EB1729CCAFDCF9F6F89901B192E478E878E33BF61A992A8D1DB1816F648CB8E5F73F84BC1F4A32FB6
                Malicious:false
                Preview:f!....[.Cd2.v.8..5.........iTC....v.. .].J....3h.E8.....2.k=..r*.!.6^....s.R..r.`.....j... ..^.5.. ..Zm..S...3...hM..C.7.Dw.....GM{b.. ..v..a.h..7w.G._..S.....g-..K ...9q...#..0@..."...P....1..5..b`.Y.y........0.....L...QP6..V5...u[*....#..E7.N.4..?..bf..U..-._.m..}.2....i6#L^..yh../..P*..>.]^..[......f:w.E>0Z.S...6.....wb.....z.Z.1/......[.*.<K.&M.1m..@>3Q....e...s}]e..........).`.....5...lA1~)....a....*.. cE...(...L.Q...-8/w...{...t@CM.....[.M..C)..|..j...l...)...S...L.....D|..V|d^.5c.H..-.@.H..;.h.)*...(N.Q.....j@"K..".....o..D.x.....f...~.|.Y..`m....R..R.GE.....g...M.Uu......b..q.kh..x.r....&...A.,...w...b..tZ..0........qA..M.7n.1p..K.)o.W!......knLKA....C...9f..I.D...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\168__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1223
                Entropy (8bit):6.944674151413503
                Encrypted:false
                SSDEEP:24:jri0YbXcvxBG1nrP0Po9XZeUDR73ZVZjH0TH9O5Ye+QUiln4V:jrKbXkxB0rP0cXZeYRNVZDNEBiV4V
                MD5:83A776A2DFAFC787F20E00E189468BCC
                SHA1:FC13B82E8A44135AA4C9C7B28035409929838FF0
                SHA-256:54AD0476A896CD2BE8D1CE168461AAB81F45D16D311611B8D71FF78E5BF8D0C9
                SHA-512:8D40AFD77992E495C0207A5B748A7F2D655BCAF5E66386E9B1387597A5FAC6EEBEDD2E80BD4BEB9FFB97588C2EC325E05EAF5F58F01064035D42A387759B1BF6
                Malicious:false
                Preview:.K......c.....~:.'... ^|9..H.O+.7.j.;..[..7.O......e.N.)*.y.r............I_i...a.....J<e..l.!k.B...=......r...B.`4.....0i..!q...`-.n..?.~..[.....4N..C0..y/..,.a..t.6`dYr..c!\Z..L......=gJ.. ..1.....E....`...U[..w.8.8.h......w.[EF......T..4d/...Q.{...6..T...=..t..C6|:R.z...........9...p#4..a.'S@.....,".kQ@..DDI\..y.J.7.7 M..+...CJ2...9.....,&S".|)\o..Wx...].{.6.J.-.*2...q...o....j..........x..S ...Ru=...P........<...xx ....& ....+I.3...,6...\3_.K0Eq.l..x.(...VNA.X. .?J...f.p.m.p..lC..8x..WY.u.............7=......a........]..Y...+.[..(x.1.&t.....{.....<..G..`,...Iz~...z\..nr..&:..z.......fBh.S .`m.....0....b...v~. .-.....,9...6..$.+..c=s.Eg...a..A..kW.....eL.4C..b;460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba360

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\169__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.9820558591817345
                Encrypted:false
                SSDEEP:24:4+AiI/vIPWahK7XShAMPy56iSCn2ZVZjH0TH9O5Ye+QUiln4V:W/v6M7XSy6PK+VZDNEBiV4V
                MD5:0B5675E3F64870B467D8B6C3DB4422ED
                SHA1:699473CA7D1D72538DC1FFB127DF83F86FE43C6D
                SHA-256:FB546EFE6B9556A86B8F9EC1DABACE494142679D0E49E3382BB736BB8E1E4CF2
                SHA-512:7F5981FA14C3510227A72FF72FCC7B25332B1958146A1CA46298C9902C0BA6AF13D2C91A7B3523FD33409329E9AD48757D84EBB3D0D702579ACFEF8B6822E647
                Malicious:false
                Preview:8q8..h.',...Xv.....-..i........#........Z..H8......./.1......Kp.F......]...S..T....R..'..*G.HXSG&......jA. .Gav....e.P..c.R~....|%L...s\......8.......X.l%...L..@.9.XK~dU%..5.n.WH.k5.\..N./p.+L..V.I..|....y(...Jk.6`!6n{N.Z`..s.h.=O.X..0..jcv......[....+.-f./.<.......9..G.M\....6..(.d...d.*.... . ..m....H.g."......$ ~.-.......["..(..c.!..........U...0..j..-W..{.L.# C....|....po..L./.......X.H.3....l..L.$.s.7..M.V..)#.3.......tl..'o.^S.<}Y...gU=MO>....._....e.Y.+.?a..~..Q6i+..1\...F..ctM;.qg....I(.%.->....n...&L#..N.......ef.C........eO.^.^.B..K..j......V$/h2....Pg..!T;I....s....m4......y..xj.....F...@..c.a.Wp...w...N....|C;1......{p.G.e[.....*...L....LA.X.9}mZy....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\16__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):5573
                Entropy (8bit):7.888543550547297
                Encrypted:false
                SSDEEP:96:2mQ2Ovr3B8R4/kWCbbvAQsXCi2KsPwWtTu+DlhtSYqiWW9DkVYrMDARLROreQjhI:tQJbBK4MRbvKXF2v3vDAYqGwoM08r7je
                MD5:A03E40970FF4F76752AD3D3E6975419A
                SHA1:492AF16AA7EAA02D938779661F38A989E283A352
                SHA-256:2DDD5BAFB0F2D5C7CAA17E3834CC0C91083C7B3DA6F31CA9CD62EA428A782345
                SHA-512:F981CD268C61911BA024A0828122511B1E504020F35B095850F1FDF6924F2D703C03745F3E662F5BA8922EEBF7E5E3520A684D431AF0F30954488D3A7245827A
                Malicious:false
                Preview:u.c.T..I...#.znC.....1rH...7.oH.....0a.4...x...6l...w.g..a.q..[.N..?.M.9....*.t1.a..dd2.X.......@..a.u..u:P.Uy.4H.T.c.x...k..c.Z.P.9|..M..Xe..gK%.,e~>.....t,........Ev.. n#....0J.I..p........0.i.....G1..nl..;L....&.r^......x...W...._..@........V.f#.....q.s..~V....5$..F.......4..uJ...=......w..@....hC... w.u..8....;..P].m.....z.?..+.34u`v...~M."mU.../..8_t.FY44.Z.>..`...R.E.5.{.....PZ.[....i7qC$...... .*.3G....f.V7YE/..../tA.....l.......p.N....k!co......5..$/zx....9Ln.....i<p.&.6.G>..Z.....Y...g.).6..}.yGJ..3.BR.s..qi......fP.o..;.m.Se..Y..q..."...\).K...b.q.r..W.w...}.......D!.JGd>.JN[z..0m.i....?E....G.6b4.I.b....B..r3.|..."yf.zM...Pk.....VY..Ne.pk.7Rt........3.#..E..%..~...2......k....;...+.4n..?n...j....z......R.9...P|'...I..6......B......o...C..H].K..h.}w@...Gb.N.....F..Q....A.@...\.B.%(.w.)s....k^..69..p|...*..D..Nc.i......A.Cr..|(.....6..%S...Ed.939f...v.......L.../X3.c>.... .T...W..A...&.....y..M@bp........;f.....P.g.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\170__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1227
                Entropy (8bit):6.96627809869776
                Encrypted:false
                SSDEEP:24:PhnIMuvEcUFmNbyohkmMHjiZKbyACaBnczbZVZjH0TH9O5Ye+QUiln4V:PhVhmVy5FDyFaBOVZDNEBiV4V
                MD5:31A4A52E7C0B853FA230EDCB9719CEF0
                SHA1:565E91549DE142F572C87EEB2703BBDED6BACD62
                SHA-256:505E9AE796DD810B783F9CC67EBA1C023D4A8EE8D705A6219E92DED4E8FA1A51
                SHA-512:56C1146C4768267EFF2B3DA0BD53EED7FF847AB5B0E1ABD82222063717AB91EC369D6EB8BDD3C132F4840E52DDA9FF71794D78AFC802174A75550A8ABE49E5E3
                Malicious:false
                Preview:}qM|`..5.k.......k..W?~o.k.w.<..@..8..v2.u...)*...3..s.qa.P{4....h..0.......c...\.`...!./qb./S..'x.MF..D..aD..uP..:.?.9.E.D........<p..<.k.g...s..h..i.@^..Q(.P.a.e..ti.j..n...o....]PM_.S...&.[...b*.. 9k..&....{2._1..F*4...,...-.O.].qI..5Qd..(......c.vNv&Q.../.^..'.T..0..*.#E.....(s.p.fN.......q...K`...aC..P..H......#...G.M./q..H.......uN..!.8..g";.....-...i.k..L#b_..8.......}.*........h...........H.....+Kb.u....Q..c....K.Ju...'.z.w.........4.(I..|.;.........?C.^5E......7iz.b..5%.h...+.g........R.?..6..oD...=.qw../.A.)...Z.......{../ ..j...]CFnD..~Z........7.m.}.:..A.T.U.l>...6...{.....U........\.+n9.x.-Q.p..'.7$.$T.e......O.a.2.>......f...i.1..$y.Y\.......#.G..v..Ylz..6v.W460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\171__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1381
                Entropy (8bit):7.101888767987767
                Encrypted:false
                SSDEEP:24:Qy/XLlaVTkOkQKUKlOVbDxAhaQSiET8ZVZjH0TH9O5Ye+QUiln4V:r/XMVTjRlB9AfwAVZDNEBiV4V
                MD5:8B96F60664D5233E4B1A66AA78A38695
                SHA1:C9FD6621FD7356F2BF4F27199FDAB9A7F851CE67
                SHA-256:13699860C494EB2CE7EF092B9F5A345CBA035AA7EA426347FA28761397F10D07
                SHA-512:5DE74AB812429E71ADD518D19CAC0DA4F6C78BD5C38FD0A50D5CA9BCB026BE9877BF14A94A612AD254808819F7939B758925C9141E4B3C500E6F0A5F0CAB67F5
                Malicious:false
                Preview:.H0.9...$....ej..@.d.>....`..>}].4.'...d..<.".\.H.B...+.tq.tL.U.r..S...h.^...T..?..V......j}.(.-.*.H..@j^....#.%".D.N(W....O.....p..4....;.._.7..Q.j..j..L...o..l 1..F.....>.2.:.w....j*.>,....=..C@|l^..'K/|..o....|.t8h....P.2..VX...*...?cT.3.j.f..gv.W.9..s..`.wI~...].L..2z..Y..O..M`S.vs.....)=...".}....&0bs.G.b.f>.[..kj5...5...{..#.q._d.th.y....>.A.y..f..@.^f6br.2....<Q.9T..O..|......V{.aYv.S...L].:V`U.b6.....:........K.......).N..="..@,2<.a.......B..."v.....@Ws.PP.....o.h..>....a..5..?..4...#..hG..2j2r...9. T..fY6.g.b..?.~w_.q..jsi.{.z.uJ..c^B...V!.*.1.U.j.'...k..(.......Y."..b.."O.......V..a.4j.q...<....]....Z.C......d.g...ae;.hG.s.R8.../..,.WtQw|.%w.Vtq..*..}..6..\..PQ.]o...T..iV^q.p..;.8:$C...R.$..Rk...9......!.3.m}.cY....e.l.$..0W.HOaV%....T..!..&3D.9......p.....G7>.I....D.....R#.5...*\.E..9K...E.C.c+5m..Y=....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\172__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.68952426286794
                Encrypted:false
                SSDEEP:24:CarwCJfbuFQtPf2DGbxFb7QZVZjH0TH9O5Ye+QUiln4V:OKusboVZDNEBiV4V
                MD5:03CBA02E4A0CC016F9C532DD4AB6B350
                SHA1:8B3DC3A0B73D6AD5036AD51695CB868A1E1F386F
                SHA-256:D8E43530F31DA35A5D99ED490CFBF4E894EEDFB1C9AC064545D71DD0AAA0BF30
                SHA-512:C1E4BBBCAF0CAA4D072FF8023150769B7AEDA6DE8953CF3661EFB2142040E62E87E9E158B496453773F05EBA1215940BB657608E89ECAD18BC757658FF610BA1
                Malicious:false
                Preview:.y.l|...n.5..|ak..c..cr..F1./9B?......5....'`3].....Bq.aW..........o..?\i~v.W.J.....u....@..........&..x.ee.k...?..yU.7.B2'.{.....T.{..7W..eRg..KZ..^./7...E.x.$.$E..7T..OU...n.t.E..o.....r.c.....?....D.3A._Rz.`y0F..?........1.0_W.7\=..0.\v..0...L.e...(r......b.e....v.J...L>/{..f?...6..n....7d....54.[.G.......~.....L..[.......>d....$.M.9...$.+g.....Cj.v.{...........n74ix...6.z..Y!..`.P..b._..;......f....x%.3<......)..X..3V.d.h]...E(P...nbO.V"/j.[...._so...s.'.6..t.}.....R..RE.\..u Tp..k....;....7T.htCq.....|....8..."l....H.%.2p.o..:s460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\173__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6483278068697285
                Encrypted:false
                SSDEEP:24:xmwoSsM8zoJtKQpJX9VcZZVZjH0TH9O5Ye+QUiln4V:xmTSsMdtKQpJXAXVZDNEBiV4V
                MD5:4C442810115A38090A6738CBB55BC4A0
                SHA1:77258E9D943AAA0428F9C2CB326114A394D8A0DA
                SHA-256:BDF4626BDAAAFA6A40E552DCD6E5B747277F4BECC20BD481A7B94132ACAF1173
                SHA-512:3F734C81F4E50750FD322CEA5A94E828D9D3A20662A58837DF39F9C4C6069C211245849B856516D68D037C0ECF6BEEA035E5AECB9CAA42B17226D85F3F599150
                Malicious:false
                Preview:....^.C!..c@.5.b.....<..H..P.a........?..q*00..T...K\.m0b..OP.G..2.O.....:t..0...)YI...z.....6n*....Yd.IS.=..+..8..P..Z.>P......n.....D......'e.....7..aB6...S..i....NS/+..Q...#0qU......B..8J..a......?.N.....%.0.3..v.["....=.jFQ.P....^.........M.o#:%+yn.kb)....j...jL.y...".%z..3i.)2.G..P...@4w.....KrC..$.%.....@%....ei...p....H....-.!.@.........`..S.......t..>.`.$....i...))"f%..w9.y.....z..Lu......F....._...'{...;..T.....rI..........t#....~.B.=?S.h/.h.5..=.F;01}].j.7....w..... m..I....,..euXN....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\174__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.537566789659491
                Encrypted:false
                SSDEEP:24:HOztMgAqvJx82tZVZjH0TH9O5Ye+QUiln4V:HOztMsBRDVZDNEBiV4V
                MD5:4430528EA599E55FB260ECB9C6AEF868
                SHA1:6F89BAEE7F909017538FBF606392F4CE1983B7F1
                SHA-256:5DD5418A7F6C6679ECDCB71434BE56EE1E8363FBE4A683C597B11EF987129943
                SHA-512:54F5D22D78758095E5ADBBFE45BC27179DE9FB7890725771AD74489951D7E811AA6121FD4B721C3110A87B26760DBF7C4E0B48F93B34E8A09D5AFF61CC42D31F
                Malicious:false
                Preview:..Sn.....[|...Z...f..?.I..f.LT..'.\:.;CPL..PZ?d.:.f....q."..ko.w.$..kr{...CP%.&(.....((...%I......2.....AE"))...\...T..$.U'.,..ln.2.+..9..6....).fx..D.>.....Oy.]..........t..L.....>O.....sa..@._......B^}"1(.{+.O..o..F%..R.5.b..K.s'._.q.B.;.X`D.........]...08.y)....P..G.Ej..i.(....D#1P.....&Ue=.NV..c..O_.W@...K.........)bG.C.s.....u...........lD...^#.&. ...LSB.......j......2.ik+\..&...!J....'..]....I...;. ...v..}Y.g&A,.@460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\175__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1796
                Entropy (8bit):7.428746121956728
                Encrypted:false
                SSDEEP:48:f69fqzE1Zl5eUwO2TTiAVP2VZDNEBiV4V:fiBvG3OQOAVeeBiV4V
                MD5:3A346AD55D292F27C348312988720F0B
                SHA1:9704689498F0BD54EE446BE6CDC0C23B4475E921
                SHA-256:D831320814B7DC34FBC734514B316FBA027522796B24F75E0F45325712869E05
                SHA-512:0554B3D49C092ACA8F4BC33C171BC00BBA749DEB6E705D6994909C4ECA675BA5D0AD92B219BD89EE97BD2A02E152F100947E0C1B3DABFFA8A6DF85C729652006
                Malicious:false
                Preview:..4....U):....a.KP..1.a........$h..$'D. ...\.t..6.#..n.1k..eB(.0.;vQ..".....>1O..=.8mtpS*A.....g.7\{.6..(.=...#.......r.3h....s.........UG.F.p.....}.,,.B...y.....R........1...?;[.V..z.c./.|.U.h.....9.e<?..:2.E...B?";@..].....n.../........T....@......E9|.r......V.#...Pn...{]n...A.3....|..4...z.g@..z.@].\PwsV._.zCz..O[.......F..+ .E.V.. .....A........I.Y?..#Y.!..F.....)!.x..h..}L.9).......]\iJ.....aF..nn7..[...n?.......l.....(X1.S..0.9.........K.g.V...Z..+.^....V........~...w......^..(C*.D..{d..6..t....vuu...M..B..?...c.'..H...\D.lu.....V$@.....B.wCs].'.....y.......[..`...........0J)....=R.....]...p..x..~...iG..3..`b..,hg...^......C...u.s..8....o.....0....[.........T.$.........iQy.0.0.&G...`..72.m..dMP...x7.}.'.`./...`.T.6.......6....b.U`..#y'.....W.Q.......70....+.j...W.3B...b..Zi?.ZD...LW...U}.#>.vD..hd-1x..!.../.x)..>\K4....t....vI....!.D...0..J..&.TW.65..u..pwVg..V..*.;0.J.?1)<.....T.....1.<j.......ah_..n..EPht...B......

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\176__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.745228624583423
                Encrypted:false
                SSDEEP:24:VscKDppNOPUQagQqCBPobDHuuVuqnUKsYZVZjH0TH9O5Ye+QUiln4V:VsdDpbtQfQ7PYxnUbUVZDNEBiV4V
                MD5:0072BD2F32E505C59DC78D64FA97F587
                SHA1:1E115AEC176E2F1DB7544139C815797757A4AAFD
                SHA-256:77F7AEE7954C8D9B8B9C0E8E36512B3E2C7763D60D136EF0F9CFD3DACCE71AFC
                SHA-512:859DF92BB60EB1F4657DE315719DFF4A2F7CA5C769E171D8BE6182E48739AFDCF44155F893BC240EB39B69888630E922F00FF5A465151E87CCFF37D93C0ABEC3
                Malicious:false
                Preview:\<.|.8v...!W. ...!.......L.&...t.HM..\....'.?o{un.V1.L..u.h.....M."I.!.h..!)%..:..]&.R..I....<D..Y..b......DdC.g...Y...y.....s[|M .8K....H.G...}G.."&.3..r.t....t.$.#I......XBgf.bUp..A]....)<..=...\..xtu<Z..H....(.....XI8....5.w2.....&..Ws`.{.U8$G....).E:.`G._..(q.2.e...a8y.[..}>H...\...5..}^...TA.....u.3.(.`...(_..o*T7..q9.B(..L.i..N}.>.&3m........Pqt..=.M/...?BU..l}...;..s.U<./1....5zh2<b8y8H........m..h...4.OO*v..4d..L;...\..SS.XS.[.~...7c..m.(...M..\.T...(.8..2.D(.....~K..p...`1...~&T..&v.V.z.....!]..,.\^}...P[..%._S{...]-...hZ$.5..t..//.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\177__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.66692788762564
                Encrypted:false
                SSDEEP:24:EP4P5Z4XyTHwbV0k8gUVZVZjH0TH9O5Ye+QUiln4V:A0XyoHaqVBbVZDNEBiV4V
                MD5:4239F49DF552BD1C5168C197454C0ECE
                SHA1:2A16B6BCB7C940C2F832A5A42981EF1905C8955E
                SHA-256:40B09B01BBFD07FB07AF4236779E33471BCB40DADD1C204D4D4ED6B1699BFDDD
                SHA-512:36EBAFAE992AAEFDBA4618DA649F6C1CC7C189BF7E7A403ED5886D805B65F9F0A13C107FF8467FD475CD06E29FCADA58CE40D291654F492548A17944C6F77078
                Malicious:false
                Preview:.t....]..m.....8w..!Z..I..l.T....N]G.J.,...x...x.y.g.M^3.+.J....|...E..x`.0.nW%.T.d........t..{..k..d..b...:|.;..}?.W[..&]4sj...Z#37/@-.F.h.l....g.p...........+.?8..&........Y..:w..KHX...':...E..|<....E...1y..e..c.w&...".r......T..!$...T,....z...s....nAOcVIzC.......{..^H0.....[.P...0YG....Z.......4.#.........v.(...5...)..?.Bn.RG.'.3.X..<{l.,OK.+.g.+..s[...b27.<E.q...Re.;.3.vp."+....t.^.mHs....x.t.R."..g+.PX>.T....^N.jS......zw.63.Lk. .;@.+..e......v.f..X.k.p....'..2j..'(..P.>....S.....o....+460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\178__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.439556416694731
                Encrypted:false
                SSDEEP:24:UFTCYGs0qzGSG/iVE/3gZVZjH0TH9O5Ye+QUiln4V:UFvGpqCiVEkVZDNEBiV4V
                MD5:96259AAA6DF2486A17A12B03A8D349C1
                SHA1:6BDCCBCA67A55BAAF091A103BF7A43C8EF97E955
                SHA-256:65E52DBFFF4E7180F0DFF6D7ECBC9BFEA30FF04C14C335D5056DFAD7C7747B83
                SHA-512:AF86114163462AF2133E48ED76BBA4962ABAC46B492547B6C7CB7D876F8AACFFB651F00AE760D939EC6B0B66F7F2D27F3DEE12BDFE0A1490A3A2D3EFDCBD9CB2
                Malicious:false
                Preview:...R.d.GcZ.,O..A........`...H.?..B..1.b.76..K...*.^U\....UC.H.........2._2E_.i%7.d_#e.....~._R.....e.b..J.E.@....u.W....+.zGbD.q.!"....1.3....8.N..Jt1...&I.s.u-.........._.0..^:u. ..~..2..n.x.P...../..j..-..=H..._.E...@VjZ......e..m.).hJv..5.>.+.G4_.j....!.dA....1.,...7.`.1J.......H...3T........~G..2f...o.|t..U;;J.E.U......GE.#.@.l."-...X."4...g...iq..-8`.x.%1..)NYg+S).W.Ad.AC....c...dVJ5..4K..d..@o.`.r.......q...1<l...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\179__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.974709412073029
                Encrypted:false
                SSDEEP:24:TIG7zrrnArg0VdjD1i17uWwV3ZVZjH0TH9O5Ye+QUiln4V:TIG0gYdjDsKf/VZDNEBiV4V
                MD5:26FDD1D08027748BA9ADE156C0783D39
                SHA1:658E183FC96214CD399364B4FBF9B25AA0695796
                SHA-256:23358B779E2745BD7FA10C7D67DE3DE8EA673EBFC9543469D955984A3B7E5428
                SHA-512:BB2260C467FC4A4D35166696ADDFFEC896BD2E47A8D623729F4FA1C7047148CB0A0F62398ADC0687A459595B6FFAB881EEF1B2671F327F3E775509028EC22E34
                Malicious:false
                Preview:7.Db....G;...CU.q).....M...#9.\ .s...U.38.y...:.!p..\RAsO.@.ie3zS?(l./.uM-Q..u......R.O.'..h....H.)......_F.....&...H..3...ge.W.I.....D..b.J>..P..Q.l..p..a..N.......AF.eY...k....t.0&......_o/....5.D....J....].....:.U].O$.,.U\h..K.{.,...}......v_Sc7.^.\..3.N...z.l... htok...#...g./r.c.Fd.(."......TB...o+J.+.x*..ZX.. .)..*......G:t.5/...X..y..rw..M.]....QY.k..A.,V........).q..3.;...cf,&.+>.#.*........`...Q)=8...7<_x3.:2..U..`Y..4.+X.N=..AN.D..F.w.P....=&{...;..i;.."..>.......=......R..9.k....\^.'...(.t.M..B<..q.{KU...)C..d..V.CJF.......&..b-l.8n.Z...p.ws....\....v..x...x.~..F`..3..A...Mhs#.........)_.M...]...{.4YF.n..@.m..H.>..U.bx...%.....#c.H.xcCa.......lA.%..........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\17__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1236
                Entropy (8bit):6.973649054215481
                Encrypted:false
                SSDEEP:24:v3Nuv6NbcKu2zChsXbS9r62rurzpYPOSZVZjH0TH9O5Ye+QUiln4V:/VbcCzyIS9u2razUOiVZDNEBiV4V
                MD5:4F9570C432C7E8E107012CB74EF656BA
                SHA1:E70A07D228960650E6A9AAE2EF83EF191A6816D1
                SHA-256:351C586CD940926655D83296AA98CABE62137692E6D739C17B7AE6F26E12440D
                SHA-512:B8E9A615C076E924BD7A93CB8DA85D9C2EBD73D987DBAACAF0631DE073180096B816B791DCB6892FF179387542933388BBDB33895837217F8EB57F3126901A82
                Malicious:false
                Preview:uf....G......|....^..........@..^.Y1d..e.7..R..5z)(...Z.(AWC.......>..--_*.^sd5z...j|...<W..w....k..vs...U...b^.F;t%..uO.....O0...2rq.K...F.....b.U.6t.b.?.8.}..*f.n...qa3..A...NH6....2O!x.^^.f4$..j......(..C./.<.i......+v.&........q.`v{.I..../3@.nl.Y..d...-..K..V.B.8d.....-..5..Zf.'p.....w;..\..T../..T}....zt*.r...5.R...!.'.x..~..`(.e~..i-.lF6gK.....}....\.......A)u".ka../.!.ng.d~.ep].fT.}WJ..B.F...fs...U.....ko.U...h....P..,V.....L..8^...V.Y.....FB@.[.....u. 1GZ.T;..O...m.Gn6].^P.{.p...L?.m3l..C..V....?.h.< G.,...a.@~........(...J.=.1&.t...1....|.o.Z).n...8w.....S....;.5Z.:......#.n....m.M.CG}. .(L.........PFa..g..Y.K_.....<...cr.....5rE.....x.....q$....r(9..`(>-G4..,.#..G.#.Q.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2fe

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\180__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):6.973733516619745
                Encrypted:false
                SSDEEP:24:YCJV1/zHN8fQ1dke9wQq7vtLk8ogU75rayPZVZjH0TH9O5Ye+QUiln4V:3GfKdkF0gU75rfxVZDNEBiV4V
                MD5:2B70712CF2E8267AF74D7024C30903C0
                SHA1:77C250C3009522B33591845AAB3AF10DA6930E2B
                SHA-256:D59CBA9282AF8F15649528005EF0884CB1D455DB1781688345F8967D82A2DB18
                SHA-512:93D924327D073406E90E35EBAB7BFD70C854585F7887AE3655183C6CD3D83B887F04249F00AB5EAEA8FA665A98BB4B8929D2E7D003E2513E9B33AEEE0DC54545
                Malicious:false
                Preview:}..H..A..........KMK..\<u.3!7)(.2.b..\..J..]..9.0.!k..0.X.z...\.l....k(...wq.%..Y.3.+..\.Y_.aS.S....3.!>.+.'....4.K.A.l.^..N.p..Jh..H.R..|....i....1...v.@...toJB....Z;...Nr~.y..v.T..i?=.X-.......=V[.J..U.J..eH.J."Y.|q.&.h.Z.E..........Y..j2....H...H..z.....af.<X........s...~..9..).....@......S...&..#....%.......m.....yfZ...M^l....... ..X..c.H..2o..i...q.........s.......%...8.[.@...8q..C.q.G..a[...N.UWi..%...A...=B.n..}j...a.V.y0.+.[..zG!.._^.u..&...@..@S...1..0..E..*...W.........<...0.G'Q$.\.....Jy.c$....V...@<......J.g...=:...3..iz..h C.....M.5P$...6C.m3zo....fy...........k..g..3......X.....Pk09.>.....p..$K.........;l0.=..C6.8..f!2Y....N.~=.Rl.Ol..V.....Wf...v..&..9.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\181__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1162
                Entropy (8bit):6.813139143210605
                Encrypted:false
                SSDEEP:24:Sfyn38Tn2S/kxag+RbLG9Xxxb2kZVZjH0TH9O5Ye+QUiln4V:Su3Yn2S1g+BqXHS4VZDNEBiV4V
                MD5:91C2F81371825CA3CC106006CEE9EFFA
                SHA1:EEBAAD136898B4FAF672F2CB99FA6337A40A5673
                SHA-256:8AC9D5833158229D4C828A7A33C36D7EA09C667E3CB7D6028038D287ABE52419
                SHA-512:5B3FF3CD03E9C88644DEB9DFBFB0933B03DCD9630699040E2573A6906074A21C45C5851A65F14014A07863390524CAB2CF21821628F856C715978871988D4E4A
                Malicious:false
                Preview:/8a..o...?8.r.l....~X.j..w..!..M.&.....f....x........O...$.+..f..e....v...hX.Q%.A.J...c.F...R..4....m6.DN.+..0.F'B_.U....=_... Y.........F3:e.4v..].Y..f[O..F...=.#.FnG....{..mh...;.xG.*.|#~..y........h.. . ).=..'.|..v.&..T..^T8....';...S.X..6...4.,.....{....B.L.7.k..=Y..[.Zi>.G2..?..z.X....u..=..Xu J= B..R..B.bz.@...{743?..)4.....*6.?...=......=../S0....?_..m'_..'Q..>.~b.i..xZ:N....@.....k...X....H..l.x.w..x..6Y?.f.@.:...;._%.D......8.kb............\..Y....a.|).u...8a5..?.:..+!..`..U9.p.+..#.....K\....7~.cv..1g.(Fr].I. e..K.".Te2.c..Q.......Z.R....~XT.....JL.Zq...!...J.....J...N.cU...?.=2.x.N..T..Vfb.9.h.\..y."aG.c.P.slx460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\182__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1786
                Entropy (8bit):7.442937925778449
                Encrypted:false
                SSDEEP:48:5N1zL8TeoRvr2Ea4uSuahBr2AAvIRdVZDNEBiV4V:5N138yYvrPa4XrUgRheBiV4V
                MD5:7237D8A40420068880B618D122D93EE7
                SHA1:DD60CC3CF5BAD52A493A34A179596630C05651F2
                SHA-256:3D50F7D66D1BF27593D792C2D93E0B7A4C990D1A3FE661803541EE71374361D5
                SHA-512:E4B1889A83041B8C36C4E7795DF47FCC69EAD80C47707444266F38FA061E13D28FA9EEFB25D069EFBA918F445DE07F2349506C2B57131FF9F5BBE70AB2E04B14
                Malicious:false
                Preview:Z|...T.[..R.. \:1...`..x...i~.[.d/...x...6..{...y...1...^.a.\OU.........7......Q..pfY."vnx...Vf..B.>>>..).?.B.t......O.S...g...?.$^rT....4..;~.H....<&.<...|.o.Z....;...W.=...xb...w(..k....W.|4]&?..^V;......0..1...>...|..h....H....%X...P..~@.8Xm....u...X..;.#.6k...S.&.cm.gd...Tb..a..F.c..5@.&.Ly.).>+.....d.'.H.?...?...u....G)/.'..ZZO...&.)#W.\5...w.vH...."..D....4.C...r.R7.....{.Yt.42.\...C._.g.7v...N.OY.$it....#.2r.Z.&.Q.1....S........x.....m.Av.;..G.<../D.bX...!...g.........`.....2.|.3f.h.<.2....0.....W*}U.c..!. ...;..H+...tM.Z.p.~.V=R...%.}..ZkoV..hjT5. ...XE:..Q@..!K.....^...:...m..SY...J.x"............./..0..8..bl....b.}{..>..J...r..k1_..+[....&...I..kK0..?...KH..T*...........m..l.Z.'.h.4p9...{..<1i....m...v. .Zz.....2%.L.{.. .] IV.`.>..ID.......ne.F..._.O...].ly.th.e}.3..F[.!...O.....,..52...}_!A..d"CL..`..H"......)...YM...*.B...OqZ+....../3.+.....x..._pJ.F)1.&*\....y..(.....|...rJ...aD......h..u; .z..U....F..m....bh....S@y9....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\183__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.728602000296186
                Encrypted:false
                SSDEEP:24:vWqMIJcXWDUhcJut95fvqfE+jT4ZVZjH0TH9O5Ye+QUiln4V:+qMIJBcoC95XqIVZDNEBiV4V
                MD5:AC0FB026D8087C0D73D653A906042E62
                SHA1:2C7183F0C43DDF6CFF9DC20AAB73CCBE13CA1C63
                SHA-256:EB5B1F8AB83073523BC0AA9336BB1A6A802EA77E2DA6F7149E8D88F139ECCABB
                SHA-512:A01D96E770BEBB4B15B766C743FF416EEB2BC77DF6D3BFA652451516274D8B6B6F9E195CBF154052F55F269EB585406B9374676EF063029625459208CEC18E43
                Malicious:false
                Preview:.k~...0..J.\[d.N.]...v..kV.g.&..G...].O.z.V..*..6.d...?!.X.C26.E?.e..|f..M..p.69:{.!.......l.Q.O$...;.p.q..$...>.L......{.#5..L.v.k?...!..L..L. ...5.+..09m)........S[vl.. .!..y....o....`.f...c.Q.I..,...2].b...A..y.t~...o2..ba.}W.KT.Gea!.VX.%H..`zjz.v.`...l......X;..?.TK.^..>..sg.....7...$.-....W ..wXr`r..T........../g.RoU......y...B.,.2..X.hKd..f>..*..q.X............/....)!)...+.w....)S.7.:...M.W..m.....oJ.kM..K.+.\\.\.6A.)<#.o..K./..O..C1?q...... .5cO$.Xc./.f:..Zj.izp.U.5.U......}$.....z7X&....u.S....N.B.......0&)....~.^6(....l+....w....B..f*.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\184__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.643070001670121
                Encrypted:false
                SSDEEP:24:1cFYIeNroRSYrixZVZjH0TH9O5Ye+QUiln4V:8YlaJGVZDNEBiV4V
                MD5:D61FBB964D33CA5A8BBB630FADDB80C2
                SHA1:7C462907CFAE9458199CA7B5323E4AB4DB475BDC
                SHA-256:9103572FBB7C4D6E89378098B8C4110AC222D9A5A3901215610860E186EF0057
                SHA-512:10C0BC2C217008818F8135C2A05587FCC58578C522CB79A8293CC2D3A265EE9EF31902426F9D2BCC937999FC9D3266FCB5B87BDD1625A5317B901ECC0E9344D1
                Malicious:false
                Preview:H&.2..J..|..spt., vh:...s.U..eQ...^P.0.m....c01..y.Jtd..ik.'.}....I.A8..1u......%T..Ny....R....._M..a6:...D9}......EV.d.......A..Y.v.../.|...oY..R!Cz..-..[cG.k.U.%.i5..'...f.....(zI.J...l. .R.]y..cn/......74..[..=L.a..l....'.`&\#h.....|........c..@om\M.D4.9b.R&.*LI.X6Y...e....2H..^...\~.;.$.>.2w2|J.}.8.5.>e#jR...Y..C..#T...h$y.6..:G...57St...j]...H>.MQ.3..x.v.WsED+d...K.....E.z..>..f...e...?....Z..{@.~...~.*Y[fq..;c .f.R....?....@.O.GHC(....p.DK..I......*...`I..K..F-.....Q...**...?.|..I.......:|....<.s7.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\185__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.501227732413883
                Encrypted:false
                SSDEEP:24:6BP0v7pJwBullMkSOZVZjH0TH9O5Ye+QUiln4V:SC7IOlOmVZDNEBiV4V
                MD5:60BA660102DC7BF91DEDFD6138755BCD
                SHA1:C7C49B873103F846D67437D40594A050F3A0179C
                SHA-256:43FD266A6C0C206F7BA1053BA42A82A85F8CF0184AD291DC14CAD249E4ED82C0
                SHA-512:F594B813FC0CE3ADA97E5A1D5837B4F99A66BBB7A028BADCA905115972090F0C8CF0C6399C07DB0DB4BF9401724561DBC7CADC7118226FAE70FF15DDBF9A7564
                Malicious:false
                Preview:..ZM..ax.O.N..|D.Z..'mu=.".< ..9...c"..>pRY....8..t)..V..u..#...U.j..s.d.......=.`.x0a1e.L.........[E.%..).u..i.T......y......0...\..In...u......l.t.~..^.Rq.Q......]#..?4?.V.....tov9.s...p.EZM....(..q.aCL.\BT...P_.....~wBj.O.&.I.....l.2.gQ....-._KLU...L.s......U.+.a.P.".6.....O.r..+.M.t.....1:..@7...N.5."y..jJp..&X.\r..r..R.O.j,t.|s2.)*..9.8&.p.L.$.(..H..w.z@...........|>U...ol..{.."~.4..j........3.2.i...S...Z.T.q.....?..!.q.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\186__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1809
                Entropy (8bit):7.447002943738931
                Encrypted:false
                SSDEEP:24:tc3wipPjj5+CQKrOmzdEsh/PSAqP9zwmACrECe3/VkUxZVZjH0TH9O5Ye+QUilnq:pipPjj4CQeOmGJAquIS3pVZDNEBiV4V
                MD5:8E46727A8A513AA1CE79B0A56C962E1F
                SHA1:337C5667ACAD4B98036C0422CFD84FB0C349229C
                SHA-256:32B5D8AB4F0181D2540CA4949B30FE18CCCF3F1BD42D8929A1EA40F3A2E7C400
                SHA-512:912ECAB569FBFDF7E329FCBC641B5D2CE0EF0583881BA40EF5213804704038D94BAB850EB1D4B0B6C5F931CC915AF905D26CEDE20FB5C6B5EAA262F56B84EC0A
                Malicious:false
                Preview:.HE...[..n.... V.....H.a.bU.....f......X.P..:..<d....o.%.a....B..Id.WH..o...Ty....}0.`.ke!....m..2o.-.0.'.o...../...A.....{.J..(.m7.O..+.[TO.A.._0E.L..-V6...rf.L..`.t.c.........1.|.>^R..b.&..,..J:..s....zB..b!oj...O......S..F!.mu.D..T....n....Xd<....XO...R.(ln9kV...#.0..f......l)..5.c<...p...K.....>.Q .C.1zdzH..C....z......../...qn.q.i..........b..$.#..zi...;..U#R\N}.6Te[.....^....`....i%w.....E..d..q.r...=.i.|E..~.8/../.A>\.!03gR.......s.lPj.p/.a.{.. .....g(.[.P...<.P...I/..j.u..F...)..N6.).....J..[./.^.Os.L........e.......`...sZ%.=.......B.RA.......L...}....*..E.C.......x.....Dck.....f\^.R.8..sfZU.'[>..p..O..S.....H....V.Y..O.....2...gvTu...f.......|...~4I..e...i.=.|..o....g.&.g)...bu..j.!...#......~.....F..$.=^+.q^.... .-..t..:b..}.) _Cnq&4.v.b.....\.|..S...u.:.X.bv.D7....HW.....2...o!...$....mZz?..Vz.h....N.7....).......h...Q.C=...?p"U./....Z{....w....-w.["....Y.t(Q...mr...=.\..{.,../...aQ....r\....E.y.:.T..sr.wGv..s7..T.j..\E..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\187__HotSpot.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.040017224523239
                Encrypted:false
                SSDEEP:24:Ogn3NeQlOxb/osMZVZjH0TH9O5Ye+QUiln4V:ZNm9aVZDNEBiV4V
                MD5:EE4026A64948779F8B5BE23BC1B6C519
                SHA1:C01C8441AECB0E1D7B13FAE089606A27011A9F7E
                SHA-256:3F2A24D668BC19AB0C80CD0160260302CCF5A4E8039481C52AE2A2CF0C490A50
                SHA-512:8ECC5D652E0FDBE59611F2A7906F43AA1C50FF434D00A534091CD6C6FAF0196C199410DE2D437AE2D1FF503F7D092B36B4F1065F18524033E07A1E1A1E81C5F0
                Malicious:false
                Preview:......@^..N..l.......3I^.n..Y}..)V..^.#..*..K.kd.2.;.....3.O.......-01/I&.3...'..lf.6.p......R.sJvx..&,..!W......,.k.h....K.Y../%G....T.B..2........1.F,...H.Z.&Tj|.R.....>7.WP7.....D.2.Q.#K3]..T...e._A..0k.....*....hqo]..:....2<.".b..g.X..&........1......6,|t....r..bh/E....n~|...n.>|O460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\188__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1369
                Entropy (8bit):7.124977432302435
                Encrypted:false
                SSDEEP:24:afHZulHUonNRnjrgijPuv2hC39vUE/k9kS1Afr9ZVZjH0TH9O5Ye+QUiln4V:EZuGonNRHBjdhxlkS1AjTVZDNEBiV4V
                MD5:D5ED355012836B3A018095EF613D444E
                SHA1:B5B0B06064D974199EF9F8C6331C98A290DE122F
                SHA-256:99D79AF00FEC9E7D847C2C5F73CF89FBF4A5A78EB60E13E922093007500B4F51
                SHA-512:3B34BA814F34A4FC8518A3D4DBE373A0D441B24E9AF64765170000A5A77C428E62A0736B482132B74E0A47EE3852F5C9D31037659B99EFC15BFF0A8D115A4444
                Malicious:false
                Preview:........U.,...j.....%...z../UU.[.*K..6.~........Q...SZ.n..'......5.P.....d......#...r.........Z.L..t.=,..W"......5.|.k.y./..Aq..u.....R....=qQpz`..u[.q...6..c.5....q..d.......3......W..!$wA..s.*<p^.E..xr?.M..|..6h...4..,..._....$.9|p.X.RsVd.....-...u..R.G."J....].%@.](e...3.......p.`....|.MB.(|...@.mg..:........i...'....n..1|H...*.cm.....w'w..3=9 .!..K....rv".....{...Bt...9|..-j#.~.S.D..u..o:.\Z2.V.9.V...Pk.P.O...y....k... y.....t.4..Fs..p..j#......{....YZR.....&.a....)...MjH>.j...u.4.H....\&PBff.<O.we.d..Q...d/K..U.B...O....._$...k~....W...MEj.48......^...W=..0c.....p.5.k=...Y.......GJ..v..d+)M.....q)F.q.8.2.../s...esp....p\....@....(B.l@.;F.oZW..pp>..bU..GG..R....k..T..*6G..r..@~...As..o."..u_...=..9..`vE..7...|..h4#N.|.j....G).:.b22.{...U..+p.,..+eE...A......|L..).`...]8*..0k.P.w..gi...Z.0?...qc...|_.R..|..z.)O)...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd02

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\189__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1701
                Entropy (8bit):7.415982014583895
                Encrypted:false
                SSDEEP:24:VUlZaeND9RZRlHDvY0rgwV7kuqzgPJHg6i261znh1EZVZjH0TH9O5Ye+QUiln4V:VUlZh55vvMw/qkP1g7ddh+VZDNEBiV4V
                MD5:2F9E995981B015EA126B7A97AA78461A
                SHA1:5F31126DDF5C51184CC9F121287D618B524225FF
                SHA-256:CBAC54111543737F9D3F5776374D5DBCDA3BE384A23173B292FDB0AF690A4A61
                SHA-512:0901CF557743E06E8BA8676E1AC1A611C6A9DA8289B7F14E57FF2B3FC50BBC316473BFFA7D3BD02D37A83B3033C550C381BA91A90706A117A99C2AEE9A154368
                Malicious:false
                Preview:.I. .=..;.7.m.....gGc.cX.Y....).`...~RD5,..^.|...zr........Z.&.q.V...u...{^55..Tc.%.....E...H4...s?.......:..V\.M}.x.J.fD...&n.fV.\..K.j.U...t@.H/.BXx..D$.N.o.v..gv.JEhU.y.5..v<}.%.......%aI.+....Q..c`zP..IV<....)./.?&..#.O..~W...)\1x.i....FY..Y.YqS..+.t..5.N..lV..s...;h.9...E$?U.....k..A...._..vi.E.)"...7.r...N.u.Z.[...t[.P.J....;......<=.q.....f"..do..DC..:...q..i.)#=\.f...s.y..J.....b.).I..RqZ......Q....e.T..yO.3....G6Ys[.wg....i,..d..xS..".T.......H..B.h. ...E.,E...%.........pKh....=}.....,.p.z[.......^..-.=.c...H..3.Z...U...J?...#.a'c..1.}.s..'.U..,.2w..C?.:k.SIaY.^...cC..I>B.h..<F.).@.....)Kf....`.t.R..:...4]E&_..s?./n].i.q.B.....l.$6.......9.....v#Z..>.......m..X)..b.....`.XMm."...z......Y..i...n..x.........6...H>(6l.p..#.V.'.!./.......L..^.....Zk.G..:..A..7$ .C%3..>)..60...&.C|....c..;...?.l..t.....v......._.j,..._.Y.........}...g.&h.$..)..|...4..h....\..r.!c.d.`.p..d..y..U#..m:K...E...2.J...X..l._....P,/...!'s...j..k...Q.1aEO..+.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\18__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.978782331581287
                Encrypted:false
                SSDEEP:24:L462KqRy9sthbp43IrgrL5U8dpTIaWnAfHRwOWm7jZVZjH0TH9O5Ye+QUiln4V:89HrbpsIkrhdpTGmxj17NVZDNEBiV4V
                MD5:25EA40DD1D7F0CB2C8B8AC1DFFC020C2
                SHA1:864C9344CA8BBCB9AB39F656F0CD9788233EEC7A
                SHA-256:76FC164BF2E8DB43D99F4D9D00185E710039D7FBA1816DEC9D21FB88AEA18022
                SHA-512:D4456E2EBBA8CB57DC19A254F2A583B11EA2F7EDD8C8D19EE13DFF9282ADE767611506AB14B881A32150FF3C3BB447CF51C4C6AE849AAA9CC4E667C0188C1D29
                Malicious:false
                Preview:4.6..S..V..<..{.=..'..A.,.U....(.:..y...<..5.2...6.f5.h........K .z.T.m........Ay..1.%.`I...(.,v.QB.8.....6...KN...aC..5.....!....../D[nZ....,.8u.r%i.).L.w.yi..<.\...'}y.o............B].<..%..x]..8T...7..t.!Z%X.j..p9X&..J..1.%..C`.....XK..!..C=..T.G.-.*...&'L.7.r'..`.k.X.u...o_a.&.`.s..j..>..Km.`#C..3.R....K.%X...$.......g......r......W6.p'l..mM......,;.....V<~.....>w.6......6.#.njM5.J....u._..J...JcE.%(.,..oT.W../......A...S.P.i....By0..........F:...^..4..jO.</*^.,......#.;..p.P..Z..,.pP.20.U.'.)...5...(..&.X.(L...3i.2.|.!.<\M~.F...0.0..M...N0.b.H.....T.=....s..G......!..+.fE*...6.w2.K.....#.u.*@}.>/......K..E..|.U~......$.x.K.WX...Y.5|.Z_...e.e$.N..x..-.E..C..Bm.8460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\190__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1247
                Entropy (8bit):6.974874886735338
                Encrypted:false
                SSDEEP:24:EPYYplQRrpM9ueRQI3dfusM+MUx/sDGDX7ZZVZjH0TH9O5Ye+QUiln4V:EbWpkRQCfeFURsoX7XVZDNEBiV4V
                MD5:F724775A9E3B94D7D6FC96ACD15A57CF
                SHA1:C5358981E2ED01EC45FF5DC2261BB03A95032DD9
                SHA-256:44DFEC7E871C6D877A866C6DF73D6126F008920D1070F5496AADB5EAC9D8ABCE
                SHA-512:C318F97A82EC852C0FDB2F4A0D591656DA649E07934F2320CEA8BD49BE55BF8D64FD4B5BD400D8D7999EF0F464BE3B2F2FA10AF56788BC2C93945AA3D7E62D3C
                Malicious:false
                Preview:.B.FVW........l7H....O.<......i.........'\....'B.8.(J..8.j.....[.F..A...~....6.>...},#.]..o.O..%....(.}....3X..S../..Q...S..(.a^^<.E}.z'..U....$.._....j600.<B..8Xt,...=.......U......2...+{6CF....~]:V.z.NzB.Q.....o..".F!..-.Nr.....XX?...]...".9..L;..<..Ip........n.!.B.1@...{t...8.K.......{....5.t.pn..ud.+K....;#....x......Zd.....;.}...Xo-...Q....d.@..N.,..>..?w..]&:J.....R..cBc.z#g.m._.=3.... ......#../.f.1.|."...d.Q.jGK}.....|..,....8..r......:,..j....@.....-.\;.B.q..b.b.....<...^..A.D...s.+..\9...,..^6:x.f.1.)..t...U.`......=_...k<.........%....&^.8.*.p.J%s.@P.'..d...U^..O...6...l=.g...u..!.z..z.VA.].~...b..".?......1*....v1}........(q..Mm...0........[...`...BY..$..3,.'.c.]..p..ab.J5...C460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\191__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1645
                Entropy (8bit):7.35298691801486
                Encrypted:false
                SSDEEP:48:29FVRSaW5ac+Pic5XS4w4O226nVZDNEBiV4V:2dtieXS4hfeBiV4V
                MD5:5045DAC124BC815C1E4373E420CCDF35
                SHA1:35D4F050933CFBCE1988F1CC967B80A8525325B6
                SHA-256:0C8F2F339536CD6D37E98E2E50EB6E41CB4B63062D0F3DCE9AE18691D0187B23
                SHA-512:6B7D05A937D2755EFD72378A5323531BAC8C6A09E6550E8DB3CB984DC8F193D6D26F6C4D92C3223310819ACFD309CD86D94BC4C7223C9974C90CA5571722C2E2
                Malicious:false
                Preview:.m}/.+*....acE...~WQ.......H/"...h..O...y..jtd.z.Aq..M....'....?..e.j5'.o!1uq......3.?..Z.K.F......"&..`.K..S.r^.....v.-.J...GJ...;zc-..)...,..$-.(.o.,W....D.a.k...n..M..q...}...as....]._p..?N.......]..l."a1...mWm-8s.......9..c.*.{@..]..C....C.p..7.oT...So...$k....?....^...s.taXO...G.x.....S..@.T...d.v..%..........|.....K..d4.~.iB.......=n1.b(J1\...6i....'..h.Z;.Zf<Q....Y.6...G....-..qf..e..*2*.v..L2..C..q.-..~.O.>R....)..6,.&Xy6.. .......B.....O...&...]....&..`w0..F.F......Z..a...~?..?..$....y.....1. ....c%.[...d=1vNj.v.......x.../......G....!.,A;YD....{.......y.eY..B....VL........*r...a..JfJ.H.Y...l....|..:........._$....^N.BL...>~....+....f....[Ia.2...,.X...p.."...9_...>.y......>.N.%....u...vn.A~?. ..C.a...,U..q.bx...w...G....W.+*U.'.....#.De........|_&.R7h...A...s. 4.)..v-DP..2....Y\01kb......?ZR....r.}..c.....].....C.h.k<.......,...K.iW.Q.p9..|.^U.BE(Z.].<8..{.j.5+a...p.....^..b/Q..4...Or....]...d....+1~C....,.Gp..K.J.D+...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\192__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1763
                Entropy (8bit):7.413188916942188
                Encrypted:false
                SSDEEP:48:U+CU7KvAcTkQGSSZQzSfiL8ajRKQG2x6sy2h4v+VZDNEBiV4V:Us7K/6Q0ajR9J/VVeBiV4V
                MD5:CFC87BEA019C9F6A7F870873F33F6473
                SHA1:513DCA5739D16174C9CE1D13553E67EFF55AC554
                SHA-256:7EFE954FA2D10B0160C097AD6A54C318B44ABAD42FC028A47FA541719B96DEF3
                SHA-512:851CCBCB54156D6044D6693A3291FB9392D69705D360036D207380A0B17A5840FF9629B7CAF79EE120A0A634F022B11F45FF67159A00BDE17C0F8D3FC4206C95
                Malicious:false
                Preview:.>.I.......i~...,..t2.\.!|.BX..Z.. k.0.....w.....Z..w.m.7W..9....y.....O.2.....8.....$k. L'.`.....S..c?D..a..S..^......,,.~c.S..SR2./........>.......cQ..Ld..t.=...coe..L_E5..J.V=.....l{V...(S.(...k=.........m N..!g..v.b......4.Q.V.X..Q0..UkG$.....i......6.f..S...t~Vw."T..q...~*Y-...?....O......g.3.~f....%......J/..?......V.h.....I.7g.g..jd...%....'.sJ..p.^...*.."..D.Y.....X.....j.j.68..+=...A..m..F.V~....m/..P..78....(...s....U..pB......Dni..l....6oq....+G.Zwm%...W=..}..m.PIj$;.T...t.MH.T. l.|....S...LJ....].'..~..op..1.............Q....9]b...d.M..F...tB.~cf....O....R.N..+w..+*E..'...]L.p.A.TcQ.-..4.g..../@..06....D.(!aE....7;./.G..............VB.`...p$.A.I.:X.#.8Q..y.....G|.i...b...\A.I@#...l..tr..5...H..G@...."HR\..[.F..}..(....."..Z.]... ..r./n......$.T....K..nV.P...M....3_.....3.6[....$..Sy.i.z.+W.]..f,...X@`..=..<.[.C...dQ.....7&...B.(...c..._.px+.8j.h..m.!..~.'....G...........h._m..G.6.M.C#T.*=...7.(e.]..3.....8............V}

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\193__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1643
                Entropy (8bit):7.3252326391122
                Encrypted:false
                SSDEEP:48:YOg8Be7SNuCYvoePkoJ53McjXKyzmbgHVZDNEBiV4V:YxHMfYpkeJjibg/eBiV4V
                MD5:9526C5F31D7C51AF06E7108147F4FFEA
                SHA1:01CA892303F282877EA8EF715E7448434389F24E
                SHA-256:426D23D430755272982752922B9E327E38B7E4329AAE1B13E85C90B61F70525F
                SHA-512:1207B2C281E30854F570E0AB7BA08A99962AA04AE9387B12C113FD4494B0008B8950BB26B4BC99609D7E8D41143BE1812EFE4B8CA6424275B936F8AD2AAF3375
                Malicious:false
                Preview:..H.Gi.;.k8e...?2../..@.....6z...Wx.\.U$.(&a.3.ck....[.(.......&w....6.....P.{Lq,+O......>.q.5.,.....KCx.?...... _...9.}{.#5....;.G..`..j........N.0..E....._3..Q.......k|9.U..=..R7.;;n...xTa4../O.f..c.(..I.d.7..d..*.|2I..a*4.}b..g.<...%...(.....0F...*.f..+.`..:p..o.....3...>...-.(..Z.h..<..2I..M.JB_.c.oj...N..c..V.....9.v!.S.g.......L......H.:.B........L.0p...,..J..$.-.d....7V.%Y....".T7......=..X4 .......Z.....Q^J.x.$.)..M;?I..(......>..[.h....[.5.V....Ir_.wc....1U.".y....L:.*....:/........4.....3J. .._t63..?^asm.+&.K..N.R;.:...|d..?z.."6.....!...5.4.E.....N.Y.`R5....b..A......(..2.......0b.Zf.h...]...%..B."<..l.."...+...R~..N1.DVR/.C].!.r./...#)2..F.......I.*.6.y.."|.../...FV......Z...I....H~...|I>....e...&|...6F...O.$/...{..sL@.Q..H{........ 86*..i-z..&m....L.W...J.p.]...(...Q....pK...Jt.U...'...x(.5".-.h.)P..v.:v..Jx.2.9.wK.W.t.q....w...x...6Ylb..].G. ..[R.&b.O.x.4..Z:Jx.R..)p..|...8e...%..s..)._M......N.k$F...i.3....8....Q:.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\194__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):6.88527751651387
                Encrypted:false
                SSDEEP:24:HpATUvVhKVSLaiCH+Y8mwWbQ+e3ZVZjH0TH9O5Ye+QUiln4V:HSTUvPKVSnS18mwW0ZpVZDNEBiV4V
                MD5:4833B766EE9798E3C2CA97E9CDB39B48
                SHA1:4CBA4489AD65E111000F7905458B00757EEB985E
                SHA-256:64CC9F44FB7913F9CEBEAEEC777DE3CF4DF8652E2AB5DBFE342892A017824B39
                SHA-512:0618B40B19BB9D234643C8CFC4073394694D3EC7E0357471D7C655F3C25F148982280742959F9148D7D0BED7E95A9512357A952885B7CCF21D6D67B77E05AB17
                Malicious:false
                Preview:Z....F...7.O..m.n..WN..t3.....6..E..W..w.kLn`h.KY..K.P2G...!......K ;.....>....%<.~.]_...K..:....Xr./).ds.....7t.5l.v..`.B...8.7.@..{...R.A....j.7.....A8.U............;+.1M.....kz...m.:..^HV....k!..x...[.7`D.3.9..4...Z.........~.Z..X ..a.&...,.....~#.{...B.b9X......XI.;...k.rRI.....c.l....".E.O[..K.I..I.C.]803.hN...l9........p.b...}.k.Q0.Y..Q..0+GC=...,?..q.S.X.......G_+.K....H.b..v..~.~={.L}..p.O..E.....P&.lh.G.e..O.._h..V...K9....._..r<.gJXE....<....c.:..9Z..|......`.Q..(..j.r6..m\.2p..zw<}...J"3.2.h.G^..].O...>#..v.T.r;..$`x'....S2)..Y.v&..S.i5!..j.Q.f........B$..q2....K.mH.}.>.=XA..-/...."'5p.S5QWX.i.=..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\195__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3992
                Entropy (8bit):7.839591567356895
                Encrypted:false
                SSDEEP:96:e8lGP8r92JWl6evwQdEQPLorolUCbmxrj0tuRqqeBiV4V:e1P8wWlNoQdPPsEljbmpjhqvo+V
                MD5:ED6DEA9C74E9D87A054976D2EBACEDA6
                SHA1:E54ADFA90F96AC74E26EC3758198FAE21D3C14C9
                SHA-256:1EF3E9730748C77D817C2705371A4B446554BD46EF682DC52FBDB05AD986F5E0
                SHA-512:8849C529082CAE9AEE738CADC977B380C8837B499834672DDE5F06CA7FEBB804F0153369D3D8CF7229614E7D94DC0387C17191CB7B0440A05C2548818A8261BF
                Malicious:false
                Preview:'..")An..b.h....#za@...<b.%.o*0.I.6C..6.D6#3Y..?..9...(....M..(.........9....VTjo..fX.......K..r<.:Q.a..A...V%.M..<.Tq..n.V;...F......4.4ZW..N...e...D.s?v....FuUT.[."+..UJ...M&.....<.>..4.........JM...I`.S.......I...,...7.K2rT..w..t..\).6.T.....T.\rQGAN.{.M.Z.P.m.h{..Ya8.H..jZ.5a....MKZsE..5.O..Z.<..v#.6&.Z..n.pJb..&.^.`q,..P.k.....8.....(..9.#.).(.Q.O.."qk..Q..[..d'&"us/sv.w.8C..)... .w.%RQ~9{..A..B}.1.Sa.........a.g.....L!c(.e.B.....{)....$i.>.-..z........c.^..+:..Qp.j.....1@VJ....t0...=..A...m...K.)...(..cr.......T.~(...]h....7(.....gP.s6..YJDCZ.|.Zr...2.p.p. ..O*o...Z...-...a.........4....-....m.@..7....A.}K=.ab"....Q+.M.<.....;......y.7.e.(`....X.......... ..d..P.9..C....7.f.{7b.%^.....{g.O.....] v.Ac...\........A,\.eQ.....$z8R.......p1l=....Y......l.Z;W...pV.. .E^..F...t..C".wZ..X....<....'/.6S..J..D......*.3taD.w....DU...X.....rb.C......,M....5....O.A.*...:.....N.......\2..J...1,5wE ....O/z...5...t,.|.O....6..K&......#p.>

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\196__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.994108881883954
                Encrypted:false
                SSDEEP:24:Rs2vmGT9tutsTNC2p8pHK4hZVZjH0TH9O5Ye+QUiln4V:5vmGaGCxPVZDNEBiV4V
                MD5:A8F59709324E0AF73AE9B4C47FF4183C
                SHA1:40A781D94C8931640F39F6E2C95AE1FA166ADBD0
                SHA-256:DC284E2ABBB53FCEE16765364B2C24B81008776356E3858E856A6B0E95D1F8EB
                SHA-512:7E4F54A3E7B20FD2B2F9B347BDE4B86A9723D2B42911A943FA8ACB435468BE73E46CBE6BC293FC25B98FFB32D66FA294958BC3340FCC71C9D160BACDF8CF3452
                Malicious:false
                Preview:Ux.I..N.Q.N.l..@m.m...#?.>.......1D'G.>....i...._..P.....].M.>.:..r......qT..`..?..a..G....M.&.t.E...OB{..x....b.....i+%.Em..r6^..R[..xb.ThH..Un..dc...,...o.E.A..(.c$.6.M.........e....o....-...<U.i......d.../..".aT.m....^..RM"5F...O{...8...."...SMMN}.!...l......U..\3........Z"\Ek.Z...aO!a.......'.vd.....dq..m.....d...5..MI.]n..W.k1=..:Kg......(.r..?......H..q.........\.j>.l....I.(..q....*..N......CX.,.1#.......-...(D..s.,..hI_|.:S5.Ja.T...H..nv..R.)p..V.J..q.Y.\tH}......1.....p.7....vR...f.l..y..z..vgu..4.G.=:....;%......M..3.W.f........V.I....~X.:<.zh.'..%G....G....T.4.......[{I.R.k.... .;.U...J...p..[.~..T...%.\BI.u....-K....]....xR.4:.a~...o$sAvtc....?.X&w460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\197__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1164
                Entropy (8bit):6.927240614596446
                Encrypted:false
                SSDEEP:24:nBeExdgVX83MqUIGjb0GYa1JVGdfVTRZVZjH0TH9O5Ye+QUiln4V:nBvDgVs3Mq9GFYa1JsVVTVZDNEBiV4V
                MD5:D5DB9F194030422E3C5A6647C2CF5C2C
                SHA1:7AE98058CABF1328F9752685BBF7E85B7B4C9C12
                SHA-256:432601C258F4B70FEC2AC50C4BE9E0D9BFA4757E15106342ED3C3DF5004D6F55
                SHA-512:64715F8E89FF862B329EF886578065D8F69DF2E396521A432F80E589DB07DAD3F00C0A99BD5021F704FAE27E7845C2732E294635E1E680EEBE4EDDA683489C6E
                Malicious:false
                Preview:=.f(...`..UG.`o..*.nin..Kz.Z.n...KX..<.T`D..w.c}...y|n.!......a.g...U`+.F.!..W...M.8....?(.......Y$..BGi..,.$...o..H..s.w...>..i0..s..Nv.A]....v.....a...UZi...`)U.N...,.x........2x(...c(...}...H.....Ag..D..-......../..0f...C9%C=........TIK`)...nf.7...*yW;Oo..yy.T.B...%....G...n..o......^..P....[...6........V.$....|....W..........P..W..M"KB...Y....f.m...4..l.j.{..k.A?Z0..-6]@..h.!....o../}.k"~+.U.....{.;..}..D%G..>kmyr.......4...{"..n.....R...r.=-.....6.\>5...%.J....v-.8jC........W..n..FZ4....!Zl\|B..m-NV.....`.dY.:gP.X.z..x..q).P..>...vY......Q..<m..G.L.'tsJ.x.......df..........."....8(.~./OJ*.^....L.1.ws....%460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\198__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):6.887495011002914
                Encrypted:false
                SSDEEP:24:EZWC3OK5VVMQfpfp/d3UQn1mOmRZVZjH0TH9O5Ye+QUiln4V:Ej3T5VLVUxVZDNEBiV4V
                MD5:B68CBAE56F0A06A821CF340226892FB2
                SHA1:A5567DDE97D20F71BAC4BE61B961F72D51350EF7
                SHA-256:964BC8C51F805B67BD7C0AE238E2EC158170480F410FFFDF3C235492AF11425D
                SHA-512:19983AF05ECF821691F3DB2F3DDEB3322C83B5E8B874712AB8A47B8BAFA243C8E2F74D10B1FF620B8503A8960AC02F41BEB97548EF142DF4EE4C1D6E34FCD422
                Malicious:false
                Preview:....TU...`F..,.d...n.......n..E+....XN.....<.{h1........=......o..P...)H...~'..s.n........\J.YMq.'...Q....E......&...h..E..L.....1..JV.H.).....#h/..i@8u........+<|.0.t...A..=._.. .m..6.h..e......d...[.Kyl.iE..8`.l...8{Z......t..Oq.M...*..3.T.Z.\.l.R.....@Q.4..n.3q....\.z..\k..Z..g.(B.......g0..n`._........fG..{....;\.3.p..{.x.xHy...-u.~.84R........=.c0wm...). ........y..Ik.%$.I... ..L..Z~W....W...[E#...... ?..W....\U*.4.._..v ..H...K...:/O..pt....q....P.#......^q.7..&4.....S.^k....m.9.^..*LQ.N..........7-.:UB[.1e.4.!..9..O..1..Z..-......S..`....)O.T..%UR......zxy....`.].h7d..".T..5.....5.a....D...V+./..<4P.YY..4.x460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\199__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1249
                Entropy (8bit):6.992573335878894
                Encrypted:false
                SSDEEP:24:7avqm8XUdE6TM5axgkzlRZHZVZjH0TH9O5Ye+QUiln4V:7aCm8XUtM5+lRZ5VZDNEBiV4V
                MD5:599037884730EFDE4700F32B6FBA32F6
                SHA1:BB516A6C485AF506D3BB8544CE7163F8AD05D9E3
                SHA-256:FD518E8DC6D7289F9740766127BB266B2C5F6D67616C44680F434CE28C17C456
                SHA-512:24E745BF501F389647B2F2C63F6FCA3BD46AF7239BC5A7DA63F3EB10F0C2B5428344B1F1EC65D2DB90830E6A506939635E3305920DC7F21231B4A29115C69B94
                Malicious:false
                Preview:,.Q.iU..a.$..yO[C..M....?..+|=..z.........l.P.....M....<Pn..eg.8RvU.C.yt....y........=.....v.v/x."...w...6..g..Y.s4.<.9..j:........T...]. ......o..@......n.\.jd.:.........h..&!..U[..B..9~U.&.5w..V7..5../r^.`.TA.]g'[.u...?.HD.(k9....-...7O.B`..^../.^..K..8......t...N.A%e?.z$.t#R...i.06.B..aKL%cT.0.4....;....0(....]....p.FZa.....u....WuO.....usGR...w&....v.B..gi...y.....Q.B.3..kk=.[....Z3 ....(....0..3...h....:..X...B...HSO.+..h..9.e2I...........R..?..?1...i.......In...6}c.B;=....Y..=...c......j.,....U.......s.....`r.1y$...^.I....P..D.0Z.....J.+.?f>.Hn...[.2....}...2.l...H~.x...J.....4.|....c.Vj.9....1.[.. D.+.........)R>.3.....F.....3D|...O'..A..YnMp^A.h..|..$?N&H..}.N..B..(.W...z...{.s...c._...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\19__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1242
                Entropy (8bit):6.971035185708505
                Encrypted:false
                SSDEEP:24:CuTCaMPhcqRTc2FMqv55VlNJSTNEHrnsZtp5yKEZVZjH0TH9O5Ye+QUiln4V:UaMZcqaHmfVnJSTGTsZtX2VZDNEBiV4V
                MD5:E92C15784A0C033DBA5847EF66FDD30C
                SHA1:1A347DCF32B1EF8B6241B1CE54E9301CD3FDA345
                SHA-256:1C4881E94A7161735C4DDDD15EAFAE07334C2B8666FB04F414EF55CFA6EC6CE1
                SHA-512:F2DFDF8158C732F6974B46FB9D95FF0A7B2E12F0748CDA8186A00D2CF7031CD9091F8D3A07C66A50016C1583EB66FB199EADF61904F9FB1DE9A3854DBBAC5677
                Malicious:false
                Preview:0.R..]...RM.-W.).Ue6'.m.k._.o....w0...g.a.G.0....i.S.:..y...6.j'A...<..a..J.........*(g...3..P.........."....Y'...B$F.?FU......,....p....m...m.x...t.e.j..m^. .'.\.Z.rr.G..v...}..~...v..l..X........R...S(...z.?.x..........$..C.z.{%.b.e.;....HR.....*..V..........u..u...p..T....`%...C...V.il....K..C...k6.fp.].0GO..........a......:.A.....4E S..(.'8E..o.d..l...v....>."L.Z!.;C....1...}8d..~..%..9.W*..e.8...2w.1&....C..S..M...f...b.t......}..;).b..YC......Vz..D.T.C.G.e>...0p05..6.F_"..km....2...B...g....U....NJ.."..yd..@U....K..H-Z......f.qv....TG.g.k.............R 'FZc...rU....`.g.O.*f...7.k.(.Q|....T..O.*..u.9.PE..c..*fR...Ez..UO_.M._.x..+...p..T....7LD.....L.4.....L..g0C*..8.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f66

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\1__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1251
                Entropy (8bit):6.993344707422012
                Encrypted:false
                SSDEEP:24:60LAXx0V10BGAMVySA2a0TPbN3uj2dQmu6JeIEql5ZVZjH0TH9O5Ye+QUiln4V:6Wt10nKBA4rbNekQKXE8VZDNEBiV4V
                MD5:9CB8430537F19DDE99672E87AE2F0221
                SHA1:E9DEAC285069BE5FB25B1A95EA0DE20E3FF779BA
                SHA-256:6E2D8D818EB891613BA58884C90C667178E706F2720275D0225B4A3DAB340386
                SHA-512:2BF67337BB76D26E1B20204984BE25008A8CED7507C3CE19DF954D8FB30D3922EA9FF1DF4EDDB4F86DC8034C85BF2C7317840FA7BE0DB40FCDFA374A216129C5
                Malicious:false
                Preview:T.r..]B..1|......0..$..u....09._f%.s|./....h..3.,...=\).B....,qS`!......Au.C.t.H}....J.N[..=....+[gk......#.Dl..x......l^nYt....4.Z....d.q.A..a..^8..f...._.-.....G.P...#9^.....U..../...~..b.m......nx.TeA.3.s...WL...F.....a<Z.KB.. l.....BT<\q.....o.u...p8.%.V5Y.M..y."p..\....[%l.w%n.....c.q_Z...^....~r...I.!P......."{..o.x.A........O...p.U.}.\.6.2x..5.L['.#..i.......T/.Eo>+=Yy1....i<p>q.hL.....1..7...rK.......K..%...{..s.5..]....x....N,+A=..i..^..Dna......m...$..6..;... ....g......;..Z.`M............&.+.fu3.R.![8*8.BT..k...3MR.%a.._..7....{..>2#.f..4..F.$.BX.....Oa..O.y<..B.Y..$.......m..+5...>..H'..R...w.2...7C.L....^....Y-...?...G...o..|q...........y....;.L.)K.....-U!.,.".....[.e3<t~...U.h.y..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\200__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1164
                Entropy (8bit):6.891089400451657
                Encrypted:false
                SSDEEP:24:E671c1rZBn3MljxbyugF7ZDxOGFSjZVZjH0TH9O5Ye+QUiln4V:7CTBI4ugF7ZFqVZDNEBiV4V
                MD5:E58FF8E127A7FB5FD791EC47C15A41E5
                SHA1:429432142A58F12739513E767510BC2E5F781299
                SHA-256:A8692B3BCD87028F1C22525A3561DD31448C2F32449861EAD08EA7454107C1BF
                SHA-512:78E1FCCD656932A8CF3236AEECA33C36A4FEF512C583903775EC1D6C4082EE95C971A7605021C7CA07BFE82BA92174DF6D8BC9DC2ECC8F99476306933DB84FCE
                Malicious:false
                Preview:.....N^....N............\@....f..Yw...8...su/...`.x......0.YO....]....r~...D.[.0.fV..E............B....>..R.)Wi..".#..N.......~.h.(....h.f.Os$I..h.....Y~......m...QD&..A..(m...........0L~r<9.ts....T....Z...../.Qe..hKM..n....f.V.....(.`.uy.%^..6}......\Q...-...sC.#.v#|k.l.5.ji...z.*.0.N1e..^.m..H..o-...a...S.&9....AT..Q".%....x..}7...b.4?...Ls.y......I,.^..&:L.+..-q.[b......g..@O.x....G.& 'y....6'.K%..O.<..)..i.k.Rw4..d.J.D.K...M....U....:A..../=.0. ....n.rR.....5o.......|.7...A.T.:H.I...........e.oK.Ee.6"Y...y...,....U..:..pc....m..R...... ....r..?<4...ZL.o.}.e.S..^=&I<...b...TO.b.*...`..2....+Y....^..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\201__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1245
                Entropy (8bit):7.008576198248062
                Encrypted:false
                SSDEEP:24:JkOwCNvy4loYK/LfxW3yYzbsf6H01iSqkZVZjH0TH9O5Ye+QUiln4V:JkOFNvyomVW/zbsf6H01W4VZDNEBiV4V
                MD5:6743A5792F4C31365CA08C385B4E7283
                SHA1:A44A23A8B37D7040BB43BA7DF82D8F195D016F27
                SHA-256:7A499C7E481F88B927E58DCB103C25671282D92EB5A5150990AA0DCEF9B79267
                SHA-512:4FE74CC7736B1319F4FBF0D6B06BC6B81ADE8962C505A056A8B9288D2B1F77078EE7B6A2FF8E4793EB21F21E59B30A92321165C774FF51BE3A03EBDED637A4C0
                Malicious:false
                Preview:.vH....#aS...).j..'..{..\..)....K....y../+.[-....}...Q......Y6'JY.bt.H.M..>1...*^.......q.._..z...Y).<.....W.~.h.8C.w.....$.. Kn..1.R.+...1....c...C...KC.5.E$..{...>.;r8u?B......>*...r1X....8O.j...+....>...,.E.N.&.5"cb._.C...Y..f.%.A.)..P./...~s.v...W.._|m.<.l>...s..@...H`. C.zT..l.....<.#...P}.....R.}N........ae.FW...H..\mG_./s.......c.EX..%H..PZ..M.5...Ud.{]e........a...o..!*..a.$*`.5.Om>4RE.....*O.....HTT0..)={|....k4........._....@ZJ(..]...ga.u......K.=..i.Z.(=.3/s..:...N......d....x....]..[.v...UG.j.a....^.e................p.......(."_.H..7.5!..,..L>L.H..h..`.!..t..S..#.....V,V....d....j.p.6`..o..3M>N..n.}.I..E7..c....`N.{.+....JK.........O.Bg..i3E;..Vyu.X...w..OI.9S.G..q2460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\202__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.698507790145238
                Encrypted:false
                SSDEEP:24:5eRQFS+kn6S7WCIEG9ZVZjH0TH9O5Ye+QUiln4V:5euSF6KcEeVZDNEBiV4V
                MD5:97A762CD3E6E3E801613CFFB1D2915DD
                SHA1:1147E22C2264599AB34561F00EE91D17CE4C6103
                SHA-256:18196937C4D961E652AADBB86EF4F81CA10A87EBB881A791E03C9C20BBF56028
                SHA-512:5D377506E655640F8DEDB2EA81D016F6AAE2863D6FFAF8A114D0F59FB6B09C3724691F7B168FBA9859CCB792087BE3645C77360DCFCA265ECFFED6F7C32A4FF4
                Malicious:false
                Preview:4............*;._<..............."....7..J.P..CF.7t.....I1.(f.....KIj.>..j..g.xB..aX.X....6.v..a.R.z*9.....!.Up...3..1....?...1.f....0e..&R...~.c..._...6v.........jiMW..y...9...A.....Mc.K1_.:.*\....s.kq&.......D.....z..+~rx..?.*..,.......blJ.Cyye.Av....J,.f.3.].....`L...x.r>..T].7.7D.69.7[....d.#=..VVp.?.t."R..x.i.iX..|..........xb)...GK.t.XL8U.J[0@^.A.A?.(i.'..@..\..W.....6+.]..x....bH.rlo..e(....C.+.u..di.'..i.....8..U.s.\..=...b.m...$..q2A...p%.7....>....l.[...<.@z.$.....r.bb...(...,Z.]..aP..]./E*.k.3..FW...m/v!l..g.U2.A/EH.._n...Ob..{.j.,460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\203__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.677512886589437
                Encrypted:false
                SSDEEP:24:hKBepHvw90NYS3IM3QZAqTDo5ZVZjH0TH9O5Ye+QUiln4V:htvI0/k+Mc3VZDNEBiV4V
                MD5:5B6BB85A4A9F393A40DC60D8EC46DE77
                SHA1:E95F95F30AC1F48D4A6239F66F6DC3573E4497D1
                SHA-256:136DB69007CB268DA2853822674000CD0382EB58EFF8811EB5C3E3659D31D726
                SHA-512:C3EE0A35173A6C9DF02235FCCD8D1EA4EC62B8741D2FE61729A350DB3DC0ECC2B9DAFDC7D68F44D08F37C11A207AB86A8CF2A088EC43E23B7E11919B2F747989
                Malicious:false
                Preview:...X........}..w.k.d.L...Om...rG<.....v..-..l..|.....................a.`.m,xDe.TI...V.....R......ggR.w../..N.[....}.=.`D.b$f.......Q.....{..E2*...W&.l.....E...Q....p.@..f...}....98h..*.T.$..8".&..D..rc*..5.....xc..Gx6.x......0-....d.\v*.O..O .O....hob.s7.mUF*........A.P...F3..I.-..`.Q..d.;.{..Cb.wU...Q..,.i.~....2.paR.w...8....#.;JFH..+..~A.Vf.U...V.|K../.]........b,..Mb...I...Q...l%...>.....$.....3.|M..B.... ..a.n........+....?.h...NJ)...j.....*5.=..... ..-D.O5.X...u3[.X.{M ..I.P...O)..^..[%/.p....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\204__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.47742164828556
                Encrypted:false
                SSDEEP:24:ppy9xNCuPuKE3E2/OPZVZjH0TH9O5Ye+QUiln4V:jyxn5E3E2/IVZDNEBiV4V
                MD5:D60927F34A06097A662DA089B772E856
                SHA1:CD1E0A1BBBB0E4424DE191A551CE70B1D484AE0A
                SHA-256:20C830800920ADA2B7DD07DEC1CECE1DA0ADDEAE31961816950DE7B50917FE14
                SHA-512:43FD8CBBDAE6C5BC555EC3CDED5A1DDA04B96CB4965151AB7D27293686244A72D854A8CB464B5B93E1557079997EC56AC259DD37389D1AAEBFBBF047ECFE4EB8
                Malicious:false
                Preview:.;..-....!.. v...|.i...>.]7.....o.....fT.u....._.\.8{.B....{.........s..b.-.....SS.It._L....n.f]`).572K.o.4C.L....b.....".T....^.3...h*7.Odj4.......Fc@..Z.:....0..(....Xk.......D....2S.ni.G..^..........[oy..Y..A.d}(..$`.*?5...X..5,.5....H.Mc.,lQ}.r@Q .\....L..Q2......]..............9_.D..i..2.....D...l.=".35..B~H.!.....N..se%...F..Q>.\..Y..._.y.-.R.,...#.5.xKz3K..-.49-.....1'/>=..5...;.*..g..3...'.......!..i...K....&{460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\205__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1814
                Entropy (8bit):7.429407187578893
                Encrypted:false
                SSDEEP:48:HbkvZe93bIA/gYEeLQ5bk/B4TsvfERZ5MQ/VZDNEBiV4V:YA3f/gaLQ5w/KTok5deBiV4V
                MD5:A3F26E56C43736A562DB39AD127A7619
                SHA1:FAA182137A76C37776C5969B463553E28150A706
                SHA-256:9C28BAECF2DE602538FF8941EE74720AF64019DB484E96B90021B9A01A2C4206
                SHA-512:0E8AC42A27F0AF15DBD3E35BBFCA8C80639419D960F60A814F83268253208C2A5FB36249025092018C97C950ED3CF55E11390F5B6204AC1C08F676F49D0A3873
                Malicious:false
                Preview:..6..{..r....K....H.@.............z.,..$.tZ..?.qS...C8....k..g...Ya.U..d...N...{.i.eZ\(/.....Fv......,...w.&5-..!T..Y.h[P.......`......$..T}9{)....(......Z.K)B...}Y.w.r..E`hQ..M...e./.B.B....#H*}..........y....Dp.'x...G..o.D .<.B.LIC..$....&..x..C.'....E...`..s.fpf....../YE.xQ...(n.b...k-..).h..qH.Uq.7..x?...:..f..n.5.C.Vc.5.......PA......7.p..3h.~I ..q\.X..aT..S....*....p.B.......$.'.O#4&.....c^:.K.B..mv..7q.p.HU`.E....q.5.wID......D.?D.#..t..c......(vg.....C.B5Y..T..-.h....>...F:I..>........F...Kh2*.p.B..H........z..j...4. ...wU.J.......-.l..6^..?B.25......1$j..xW.qN.A.D@W...u..L.?r.}i..u>.0.......D..5./`....... ..!.e...%...........|M...^#...|..:."*z@...x...i .kF.....6.!Z....Zar.S.....e....o..(Q..k....)..K..MhD..[0..z..a=J.......a.?...e..QM..si;.Jd..0.5(?..`...CQD.<.....~.......Q./....1K../...$...H1..3..).pL.:....P.Bm2..jw....f\4.6%|.m.`.0.jh3F.PftW.5.. .....-......i...8.>>.....-.g.........G#.A.T.,.)PWT'6.......)ja.qd[j.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\206__HotSpot.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.094887793160828
                Encrypted:false
                SSDEEP:24:1mmIdQZocep7gsifbZVZjH0TH9O5Ye+QUiln4V:1mFdQ3K7gsyVZDNEBiV4V
                MD5:CA9C7B2F3DF8699AD450D683F0DFEBE8
                SHA1:A97132A2FBF098EB190F16EEA41C7E94AA964B86
                SHA-256:AAD2A4806374FED3C59695E6346CEA4CF21B3127CFEE1678E7C9DF2C575AF190
                SHA-512:E384034E51A18A88997707B1CA6B6C423428D5433F4E674418737A25D990F9CF17ACA0159679677DCD5524731428F22D37404B552263F038996A2A07BA39C95B
                Malicious:false
                Preview:..Ddp..o..........!*q..!..wM([.....>..n;..O.W....(.J;|.\......._'}..M.{%H..}.|.w}..I.f_S.pE..Z{.I~...w..f.~M..g...W.......J.k1........U.)O.o...=~....\...j...W.8.%Fi.!.(G..D.\T..... ]...i...h:C.~'.7.e..W...?...AT.....G......q9P...C_.c]sD)..C.7X.-.Fj..BWq.%....3..g?....XQ.;,....R$..K.2C..c.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\207__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.893641268727512
                Encrypted:false
                SSDEEP:24:cDq2rJccYHwH7ltXPHSSqbELxzRZVZjH0TH9O5Ye+QUiln4V:2DJcLH8PHSS3FVZDNEBiV4V
                MD5:5DB491E986DB149BAF635814F552A522
                SHA1:587B745ECD303F5973CAFD198C3C1BAFD9B20C56
                SHA-256:D69755D90CA46E01BB66BB94FE8920C7040C541EFD5A1D4C4B607144F37EAECA
                SHA-512:16E4577C298894C72271EC79580E123119DF2551854ADF822367FF2B8E2ADD0D0FF5BB3A4A2BD73EE897A267A6D9578C0C3256579524D525E4E22D6FA9B6C248
                Malicious:false
                Preview:.W........=i.s.EC.>....g...n..Q.....IK...u4...l.....+F...GA...$"..hu..!`s..>z!./..7..[..w..K....dL.0YM...N..E...Mz..Q.6......}.r.`..#!i.Uk.R........tc...J......;B.<7_.r.Uu.Q)..@`..o.x....R.....,5T1s..ix....8.!. ..23.y4gz....I.../..&A..U.[/ bB.z..o.1\wm....B..:T..S(Q...m9Gzoe]4.\E..k..0...f.E...W..S.a.j'X..x...&P...|-..Q..x..x...G.%."F...+...Sg."a$...W....}.v......}=...6..../M.....W.....N.:.....~.2x....:6r...#.._.cG.8..E........t.*...Pv.M|)..7.u.W.....Z,....;.........6....bB.......H3........q...<s.[.....N..M;d../5;.........Kb.....uN..O:nc..&....=...>.Cv.+.&:...7......d9...H..D....!...o.}.....S|..%..4v.i.F]q....$.Gn.z..}.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\208__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.751960443546093
                Encrypted:false
                SSDEEP:24:4IurbdFUX27ltghspjDA+0A+ZVZjH0TH9O5Ye+QUiln4V:TurbdKGES2VZDNEBiV4V
                MD5:3A19C72FD52AC64E7C2AA45F1AAB0A8D
                SHA1:94F8C5B65EE2945B92125576873C330930575939
                SHA-256:1F6D4AF00F392BCD624DA6ACB321E8CA11F5BC8A518054F8CC65B24148EE48F6
                SHA-512:8CD3BF5DAC4648E279565AA7294001538223D5B76DDD320C9ACF3AEC2FE0627F811444DD84560411D4CA168A5E30EBA3189856834448AC046ACCEDD31CB80643
                Malicious:false
                Preview:.....;.^X>.....?'=L....Q$.O....s.tA.,*He......C.-..g.2.O.......K...~m ew.v..y)".g.M.,6..O....c.,.r..x..S....99...Z.I.5..t.iV....!.)&.,r.).x....*b.).%.i.%..M.v..A.....96..>......*..c?.b)...1.g.P..r"IX..Xj.z..F.k..sA.t.Z..7..E..h|e.ac....6.Q4........}7.....p.....%=Y...(..<.f.RG.;c.=....rt".)..M.....*.4q.o?.O..{...w...B.....$...Q~.e..@.'.)p)uX.D...l..<WO(.M;....I.Y.H......wF.T....j.....O.3....>._....?w..=....>w.V|...k..r.,'..WJv,..v-...6E.p...P.1.....F+r.}.{=...Ou...&?Oc*...mj.Sg...........>.t....K.K......(./mB.W[B.%.Q..G...|...u.4..]18.v{.y.}460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\209__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.633167765912341
                Encrypted:false
                SSDEEP:24:iGUdLJtx4OY53qSHfZVZjH0TH9O5Ye+QUiln4V:iJdL7x4J3qShVZDNEBiV4V
                MD5:04709E83BFD34DDAA8165AB66506664A
                SHA1:5F75243B5C6857AF5319220311A42C430B1F5429
                SHA-256:B6DA53915EAA4BBE2EB3C073D6EDC82C09471641F5B5D48508DFA9E2F958128D
                SHA-512:8B818D00DA1B9B08BDAE59572A982497BD4C205D0083A3B318C4A0B655513F3F454A31FDE3B88FDF99CDA91C5855E262E792D1C9556A721F088F7E691A9BB0B7
                Malicious:false
                Preview:..\L.@..v....Zs...zsl q...j(.K...5...Y..y`.......~.6...0.E....G8..#)...c....'6A.7....E....H%.C.R..w.......k.....P.....f.W.@.tN...4B.=z.0-.T.--....5...yh...QT.M....QY.j....f.(3.W_.-}[...r.c/.7F..6.1r.Y.E6F....y.e....^.B.,FW..T..b..1%....8.u....i....j..X....<....V....2....&.x-.Z...S.%...c...4.L..7:...kj...w.%Gz.g-Jw..j.......P,.~...G.S...}.o.X.....;<..Sg.jPi;......'.Fj....y...&b..(..m6......ASxH.94..!t.!...5z2!.1a....>...........V....8.%...........f.>.....x...J....ZH...s$..W2..=*..<XFR....].)..z.(.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\20__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):7.010467066116248
                Encrypted:false
                SSDEEP:24:A6+s8iao8SPUFysVqKirWLTlOqnfKrL8i0H6NZVZjH0TH9O5Ye+QUiln4V:ahSPKbqKirWIprLCkVZDNEBiV4V
                MD5:314755F91EE994B65873A082EE741558
                SHA1:C797A8EA542AF1F074BF4286CE63159785869567
                SHA-256:31B9CC09CE3F2C212EBF39A323E50A39597035D9BC56CD81315C8E28C01AD508
                SHA-512:C81DB77F579EDE784F3759EAE7D2B571129812B9A62C1F37EDDC6AA521E39736545C4DFCA00F31C1810240DE4269DE974B7B81FB47A3794BB54B1887756350E7
                Malicious:false
                Preview:G....K.of...X'.#[{.W...u.,.J..pu..i..B.a_..z-.M...UmC...n.0.x....M.VS.Z..$]..D....?k.CW..G....8K*..1...j`...LV..+.T.......P......3W....M.7...........A..m.oJ.fn...jL...f..<.....^.e.._P.@.5.B.(.....1.._..8.(.....b.5.JHBH..q......Jb~>....<.o...N.N..d...EO0...h..w?....}b<..i...h[.71.IF....5.L.{..Q...].;...../.(....N....z.}..*..d.@=Z...j....R......F".^ ..t'E1hG...@.).......N.C.yO.n.klF=z.]....1.u:^...C...p.v$.:G...=...^-q..91+Xq$.&......_...u...$\......o..q$p.$.T<.Jzh.Qe..~{..|anQ.RTEt.m.Y...?...!\.......i.2.4.....M...M.....a..?..(.XJ..x..3.....2...|..p....U..t....u....&n9b.f.p..6....._..t..gj.d..G+.....v...E}......tiY..3.#,..]Vo......F..).& ...im.LF..|...;_L.J.\...N....m......(J.|./460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\210__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):964
                Entropy (8bit):6.463248060568738
                Encrypted:false
                SSDEEP:24:znauXBQgCqwROtACB3uMUBfZVZjH0TH9O5Ye+QUiln4V:1XBQuwROyebUTVZDNEBiV4V
                MD5:FB3AB345130813CEC0E9ED1A5839F269
                SHA1:16768FD75948EF1A92B17876F613D1554B08CDBE
                SHA-256:65875258794664788A12D36708887EB104FCAFDD9632EE2FD486AC0E9F178332
                SHA-512:AABD56BFD779A91CBC9A1A03EABF21642BBAFF5CA589D322697EDC500A81AEE31A0E19838A60539C9DCD16B869BE6E0231869692C388CDA912A57B88A3254F02
                Malicious:false
                Preview:X.;..U.m.g.*,r.d.(.t......;.p......z..9....l9^..4..T..N.!...n_]Q k7.'....4...U...>..e......n%bW.r.zu(.u..F.B'....p..w....p_........;.Y..Lm..B..t.......>I.....a.ZD.!C..,F...6..^d17...t......X.4...Yj....H=.$?4.{8...._....o.&.Q]..~...7f. ..2~p......O*&.ay....?&p.6.K..b.y.i..Z....]S{x.?.$}.%.*..S...8...m.mZ...T..<.x .9A.1....L.......5.$=;..>..p...%.....^....y.)...w....!.^mZF+C.0.\s.S!..&}..j.\b..^6..o+.h|y.....N.......aZ.7...(pY.W..E460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\211__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):6.98484072411984
                Encrypted:false
                SSDEEP:24:mwLch68UPwPonfjQs9iJObcBwO7FXObZVZjH0TH9O5Ye+QUiln4V:mlh6/wPGfl9iJOkF71MVZDNEBiV4V
                MD5:53BD3AB7A31043D1B049514F92D2F9AA
                SHA1:F852B8DACA9A5343320B09FF17C6475DA3BFB7A3
                SHA-256:0259649018E64A38F84095DCE8E8BE6BCC4FC715D800814C25BB9C8F29DD603B
                SHA-512:8A37D5C9B56BEBE812F1EC919E2DABEDB6364CB1A97276ADED139F7279E636316F9D7F03AC45B86622EB2DB62B3E00889073169EB98DABE73FFEB430EF33D6A2
                Malicious:false
                Preview:..]......k.O.>..._.%.s....4.XM.y..c...x...v.......@.w.........h1..7...:...^$.a..p..E...K.zGe:..%..U.....'^\.,[_..K...../.5..V....-...jZ...#8....0.2...V..:..d}Y...7.!R..|.[...T..b.<,...6...<.*...C..i..JZ.hG..'.H..U+O......n2.,...>.Jt.`p. ....Yj..E.-UF..i_..W.n.......'..r...K.aK.f..I..bfE..[...~6..A. ....?......3....1.B.z..,...~.o.>.....9r....b.I/.=.........eM.z."08. 4*cMu@.)z....!..D.(.l....U.t...._.T9Ob1.\......g.`.G"....r_..{..7.Z.....r...x.).S.n....[.ix..@ xd.z].1.'M....J...L....8.I5.N}Bn.x....H...C5J%...Y.`.M..s.....<G.z..k.$.LM..7.M..(.RY......U...1..p.".J.b7.X..5.|o..~...5....g,.v.s\.-.Q'...4N(GT.o..,...2..0tQ}.~.k...ph...(...\.}y..U?.&A..F....UM:N.....3>p.G..'...3.....z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\212__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.935898018052872
                Encrypted:false
                SSDEEP:24:cwwR4SWIcMXnR+TlG9XyGmho5WwdZVZjH0TH9O5Ye+QUiln4V:cwypdFxZzVZDNEBiV4V
                MD5:57B4730854640D7CFE5B0910BB97538F
                SHA1:B823FD4E1BE09DF190B1A7490167B6AEEEF457A9
                SHA-256:36EA56889AAF11008460E4EA82994CB799382C44867E68AF9F894A2905FBE7D8
                SHA-512:FB41971E7167A722C4F56BB6C9C05D5CC65B9605A9CB97CDF2B349945385A9688C30E9819D4EC9A7D770E1CD3E929D517212D52AACB4A773435BBA8A1649DE52
                Malicious:false
                Preview:?.l.0>.F...+.U.T.RF../.9m.5.....P..!Mu.u3..).9w.J{..wR{..0q3Z..C:..s...8~7....+.\.U8.T.8.QB5.L.Z."./..M.@.....e.7..3.^..[.4...U..`n..a.../@.DM....U&..~I..B4..#N.jCZ..-..Nr...V0....%x{.:..a.xl....=i...4.k..@q.[.@.5...'s.7..Z.Hd.....zt.gJ.~..gx...Wm.I%.[<Q.........|9..e.?NMl_#<..}..T...n.....0..P+.|.3W....q9.....Ts<!Fc..>....[...z0.."l.|..3F.(Dh.w'.|......e.*X..._....kJ......._.h..vn.Z...U."%...r?..m....<*."b.&..g.!.T.-.*:..C.Eo...s9.*.x..=...CR.....Z...|..t~.z..m. ....ts...c6!3S.......B..z.j........{v..S.T...g....T...K.6{XCN.XhgI..Z.#.kE. .[.0<...`....Q...Q....(X......b;../n..x^.....EEQN.(G...3D`....%cD..n.m...+]..| ..E....~.'q......K....u.g.........L.n..e..).460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\213__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.71983032572332
                Encrypted:false
                SSDEEP:24:AktD6WP/GwRreLSlZOrLjxKvryzmxrZVZjH0TH9O5Ye+QUiln4V:AkQO/WLSlZOHjAr4mrVZDNEBiV4V
                MD5:C127D74D33DB16739FCB2745C56D4C0D
                SHA1:451F57B5002672A8E29004B4B52BAAAFE385CBFF
                SHA-256:AC41233697690CE7EC113E68AACFED1367EBCBEBFF36C5D6F46CC8B006177519
                SHA-512:1FA932B480EC6E077C2E1252781584EDC5F93E92EA192FA69E6E321F27EAA38C7A9EA53C60407A54ED67DFAE3DBB55D7310BEA03F6C1C1AB479ACBCACE5E5E9E
                Malicious:false
                Preview:.G.. .^r7G2I...,.N..&f./ZP..,....B.9...qw4..h7..4....LA%....O...........AD....nH...RX.(....R.$R....7dYz.C;.....,J.9*..W....h...W....g.F[FP..&ouV.G......Z.v...K#..L_.&..KKI...Xm... [.1P...9..+..U...S.~.]..ub.5.X(.s.j.....`.......f.....c........o.BZ....t,$S.16.U....N.'G.T.-.`....H+...........b4i9...&&......0..;.....Zy...m.H*...J._y....Jj...vR3.......J.Z~ .)..?..E.#tQ2`7eXV.~....I..r.r.Z.`....?"....:=.9.. ......0..B.*x.7..<..F[...TG.....N.G.....9.v..?>.Q..R.....s...LG./..0...&r m~B..?5.+.........a..f.4`QAE.Q&}MysP.&[p|.c..M..l..A..W...D...N_.q.).460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\214__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.658479884948102
                Encrypted:false
                SSDEEP:24:SeD2TobKX5ahIej1cpykDZVZjH0TH9O5Ye+QUiln4V:Slo1JFKVZDNEBiV4V
                MD5:0EAD37B947AF887AB45770EB7CA3EB38
                SHA1:54516FBE6DF97B744C9EF28821710A66CA4D453E
                SHA-256:24D42FD87577D19DF8D2594774A2D6FB80C3A28CD029F09C189F54C48F9E3B3C
                SHA-512:44B4E0B337DCCB56F8884407B9619E7B5AE16A81322C1F4944C5CEBC35DAE5EA3CB9158C9B7C314FC5A6A97DD69337AE9E990C3AF4DA3359D4E8E6C89067E54F
                Malicious:false
                Preview:c.J..sv...s"1...Zw.7.DX..9s.R..".v8o...d....QJ.#..&.A..S.........7..#0..n.[.....l...[.2.L^....`...C.mt&......n.V7.."d%...~.o^..w...@N..5......nI.,T...*..)...0.*q..*.k7W....l.@.,%.S....*J.h. #....w.........l.u.:,om\.[..P@..B.....<.... .aL[K.Y.O...0q.....t>c..O..+|......yP..e.....e.....].1v...&T9...._...h~2.....m..3.qx....W[.C...%.....=tq?{..|..h......^H..j/..>s.P..Td.N0W?......126.,R..k .I....Tmj..i.2.A...v..4<.T../.U.R.y.V+.3l...^.|t.YCE....Q|.N.]...q.:...e.E....29.o?.....J...M%..#..U.|...C......H.N.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\215__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):957
                Entropy (8bit):6.447345421506519
                Encrypted:false
                SSDEEP:24:Gabf95bYIiOKqEXJdwy6tagwYAKZVZjH0TH9O5Ye+QUiln4V:GG95bNKq1fVZDNEBiV4V
                MD5:98E8BF335FFBA9C657EB12E0C30AC52C
                SHA1:B8F977BD75B409EEAC3BAC1FAF6FC0F2A6C5FC31
                SHA-256:603EFD1D2C50606AB1BA581F17A0D2E74E547A92B8BB130C5FE71314896E0363
                SHA-512:3C138E288F570D54799D86BB724863400AAAE04ADDCED06B1118A0CDF89216FA040B3ADC3399F440D3233188A285AFA9C9DE8314C91C011F75C689357F9E6D24
                Malicious:false
                Preview:...+......;....q......6z.....q0'..K..C.....f...C?v..%...5.../.....D.........'"r....J.....j.+f;......N1*.......NM:3o..1...-o.e.2.|.R2x...Wb.;. .?`.dDs.>.V.%.....w....3.....9.Z...k.p..3x..iG..........z.C.?.....8.......Y..bv...oO.Q9.'..%.W...~.=....4h.0.......;...\..P_....N..vWZ.eyNT..OQ.X..>.........>.8.H..@K...U)~..n....R.1w.._XDG`...+yv..:.m....;F!i6...nh.|v.h.P.hI..'...25I...\..V............r.. `.W...R._B.aC.M..{Q.E8,o.$460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\216__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):6.963783147027782
                Encrypted:false
                SSDEEP:24:k8RNQrjAP5S7SXkOBNePPQVJxZVZjH0TH9O5Ye+QUiln4V:keNQrCQOPePc5VZDNEBiV4V
                MD5:23170B909F8353C3AD38859CAA10410D
                SHA1:5FAA2CDC73BD977D2705F089211BE48F0A7318E1
                SHA-256:C2F15AF3B334A0332CDCBD9F0F460BD5D4C509B0E38E25725D2D0254661C4FD2
                SHA-512:D87AE5AE34B8DF888DE1D79DF5C09F8FA94C829A9B66718B60FF92375B63FF54F26C01A44A71A4D5226B6A95F185D2C98D471E23D40313F4092625CC1C0F9F2F
                Malicious:false
                Preview:.1...g+[d....../P...'n.l>.~..........K.w.....3S.....1j_.gApr...|..".DD.]H..~.`..=S....."b....>.=.X*'..{.(.(.......c`.M&..4...o(.K..+..#.?;.F...5.),,W....f~..5...V.;..;..%..j....`....$......K......5......d.5v....0.G9.@...7.........XO.......!&0?.~i..D'>F.\...^I.e......zuxW..N..>m1e.`jgX......$A.Br\...[f...5_.Ii.)..1.....3.......-..{av.4 Y........p`.OT.'@<..g..D..3T......[n....|q.lJJ%...^....|...,.....4.]{.21.j.......I..\2...[......<.YS'..B.PL..=...|a./...F.;.....%.....gn.....a.hV@..;.....o#.F...*K1...\/:.........~.#;x..C8j..W....D.{B ..........e..|0]9....c.M.%.`..n.._.SP.3%.....W.....?..>2....,c...g.J.!P..'.p.\.>....D9..>C.$.8.-r.....l.d..u.S?.+o../..K..h.fZ&G..6.^...;.F#.....4E....t..#-+460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\217__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1636
                Entropy (8bit):7.367410095208933
                Encrypted:false
                SSDEEP:48:IqgnoEOam+gGE19zHeljxwKVZDNEBiV4V:F6qalgJPz+lbeBiV4V
                MD5:25A0C21220278A5C9B468331BA31255E
                SHA1:2AA6FCEF64D19D1053C76C8E03CC6EECB89F891D
                SHA-256:2B969A37E1078F02F95A322DB32C1515AD6FB663B73566ED24456C54215987FE
                SHA-512:2561C0FD47CE3895CBA783977739A1EC17543149D8F21DC77D7C1A0DBED0C3F9E11FB650A3C069CC3BE5210A07B7365E9925E843689F38646F149CE9E3147C62
                Malicious:false
                Preview:o....e.b.....=....:8....^....-....YD.e.G.r.],....AT.....I..r.........a.A.bH.......A...E..T.)..[.Y..'#........7.".^..y..d..w)..H..Z....3f..UrZi.>|....+...[...j.....X|D...Ws...{.".Q.+.E.Wz.).T...p.N.La..i...$.....9..).@...-..^.f...."\F..@..I.A.y.'.<...3.By..X..%....., ...:.......z....k"... ..)R+...io...h(3>....i....hHQ.r0>..=.0.U.^....jE...h.?z........."......$"...+(..%\ufWz7...p.../.X.K6...0.nq.*U./..q..e..lW2.Z-.r9O....u..x.M...pU#;s.\.0.V.>.8.[......L-..(.....n.......=...o...9...C..J{..*'xg....p.E....`XdC..O..../x.....l...E.Af...{..#...'..W..,9(.ZDE..O=....s.....cT.^!d"...yP.f.mI...y,...F......d.]._.9..(...whs...m-...)B\.eJ..$..A.{..n5jK..U@......_l.A.x%..s .T.q.6R.V...F..... .L)..!(.SQ.m.....'f.X.I..,..N.F...P...U...4..=..]y..U..7#..I.rM..M..u{q..4..W.HY.d.=..vK.n/..;\...</J...~.L.d.....I..nYv+..@...q.....M.%x.(.l.J.53.2u.H.V.....uF.R!.......H....y.A.T.[.v.....<.OS ..zP....3..Z......sn...69V[p....&.h.E.t_H.i..;.....d...2~

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\218__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1782
                Entropy (8bit):7.4454762006800035
                Encrypted:false
                SSDEEP:48:5Gw6fvfenVqC10yXhgIeP4DpVZDNEBiV4V:5LlkC1rxgIc4xeBiV4V
                MD5:99BE4375F2A24079654C2F829BBA5775
                SHA1:906B1BEA486BA412C7BB05D24B5A5418DFA07360
                SHA-256:84CF887D5A9D479A75366286EF926245FC0713A73BC339B38548A12C4C925DE1
                SHA-512:FA3FDC01D6F4E727F2514BA3B19AD49E79749E7C63DF5D02BADB297D95629049842772FE673983A82DEABACD151F167F9F8D614A9B72053E45B09C1BCBD11A0B
                Malicious:false
                Preview:......H.l.?.H.Y."k%.....g*...$..LI..A...q#...Y.zK.. ......+hl..]6x.r.St z9.*..1.n^.. .0U:]2.X....${u.g....o..K..f.........V..-.....s.{p.Q3..>,:.T..V.f.!...L.R?.;.{.gtl..%.'...v.Y....2.._..nn.x...cG.T.Y.ix.!?..`....x6.@.~J]...y.h.{R.I!.q@.[..e.P...U.3...^g>..`7.ukhO\0..1S.[.).`...m.2s.dc..o'3X..W.j.f..............T..YH.g.Ho^.e.c......oh..d.2...8.5..'......./.i.......0..x..[.... $+EU.<.....;....< ...CG.n?.M...8..D........W.U...o.?...,+j...&@x5..6.Q....".d.q bWh.aM.H...=.....^M..d}$......]......~.f..>..#.:.?........9...G.."...........6J..C...J.=@J..?...k. v5..c../...2.U....wO.....:.TZ...D..'p.}.Vsy.P-....1AbJ...g..2w._..E....K.7Q........L.Lb..0.....0.-+....;.6.....\B&L.sg..P.D...l..Q0(B..G..H)P..IX...=.!&...)..;4.X.jx%.......2[....V/r.9.q.uR...%....`.K..`.MqY^..pF.....}......H...|.I.....|..5zuQ..@....ry.GQ.PN........ WF....,.....i!...%F..p.R....<.Ct..\q.Z..@}._".Y...`......@............W.}...9"!R.F..}d}y...i..E.x...d..r..\...o.#}C.`..`.....P...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\219__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):7.005791626543926
                Encrypted:false
                SSDEEP:24:bcsekuazjBu/yrDdVJTNrJybZVZjH0TH9O5Ye+QUiln4V:bqkuaey/zdy1VZDNEBiV4V
                MD5:7A9D4435AABCB229C1C66B6E2FDF94BE
                SHA1:66451AF232E80B1F463BBF84F9862D9263FF5964
                SHA-256:E5956CCF32E033AFF0E274DEABEEA15286D1C86F8BAC759CCA05B96178CC52DF
                SHA-512:0F66D1F27269BBC33241CD98EB68C94B1121181E003EBCFAC8A0A1E76CFC776FB10A4609B97872CCB18CCBAD6C4B0A9D80BA89E7314D2E2497BD5B5BE0016E46
                Malicious:false
                Preview:.....M.....x.XK.C%....0.4Dr.....`.}.X..}(.+`...n.7L.(A.4.h .6u..2.=..`...m..%ht...G.t...?.;..E....o.KG I..X........9.r..P.j...I.......c.k.....[...E.b..D.|..t.....{....SY..p..z.Hg....0=o.H.....%..z..Q7.5.'^.......g.-."..vA<...?..M..k.n=H..n...G..P.*R..?$.w.G8A.#1....'.D+.4^{.].l.lQxd..8L.x...r.j...&.zn.>.r....{H......]......~.k..]d...?....`..#..M.N#n'l.G....<BB.~.;.....$..C..[.w....?.@...AM....u..c............k...t....).i.*p*. .&.a..'e....9.CU..9.Gj.\..9.irk*.8l^r...K.../...q.x.O.#Q........7.r..XZ.z.|'pP....L.j....|E..7...+.4...)...g..I.\.h&......T.:..\..h.C\.b..$.U..c...;\Yo.3...[....-.....[x...&........w...p..Q....6......{...V..../..a......p..s..HN..F....N.3..f...Z..T..k.>..+..w460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\21__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.549559412941272
                Encrypted:false
                SSDEEP:24:WT0zSIP/a0tI10Pn2LJCSTEZVZjH0TH9O5Ye+QUiln4V:5zJ60IOCJCfVZDNEBiV4V
                MD5:6A625219E04D934BD7FA3E3C17322010
                SHA1:7366CC05907A911E701DE97559B8B5F2383B590A
                SHA-256:C291D6CFDBDE99E8901CFD586C47B06677B7A592853236BD493CAD653CDACB7F
                SHA-512:CA973BF1046238DE6328E5D03DF34A6934D319D16E91911A616338D6178083533A907B1CD1EAA52E8D3CEC7E3EC9F67C4E738E4B40E417E1A9B5D8BB67D833FB
                Malicious:false
                Preview:IH.P...N2.....Gr..{..]..h.^./..!.*d.;`.E.Z.=.w+...`.v.-.Z.;.B.....c.Ll.j..(....A.o......x<. ]1.....&.I....c.$|..4is.PH..%.;....... 91".u{).}?C....m.........`..p....:.;......]...&....V..Im".h*....{..yh.).)I.]L..!..P3^{..E&..r.m....n../.....@.-74[q...j #.]3....W..w.k}.e^..8..ig,V.....8..PPM....k3......W..;^.c.~.7*).....c<...owt....><N..@B....]E.%..kt*.z.42.L..M2..s|.....w..UhD^.g...;../...]^......&..R.W.*.}H....V...!!.Q......H... 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\220__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):999
                Entropy (8bit):6.578578204072284
                Encrypted:false
                SSDEEP:24:82NsaJ5ZA/FZI9CmnIvZVZjH0TH9O5Ye+QUiln4V:Vum+/FZIrWVZDNEBiV4V
                MD5:04923D8098DD8A5D09019808C7439B80
                SHA1:BBD51BD00A6FB92DB1D25E3BF2985F03E988956A
                SHA-256:8BC2FBE11A109AACAAAF75ABE1D302AC669F0FE1A5A2981A57975FCC686FDAD7
                SHA-512:2B081BA1EB4A30DF1FF775B0D8A08DA3E3713A3E422D264A0DCC2AA9B0E1298AA0A1EE0598261A30627EC3FA13F94FA06E04FF1A88027044A18604E5AA4FE361
                Malicious:false
                Preview:....E......]..j"!Q..~t...[.Z...v$.'....'..@......oF.K.6z}..m.:.....S..yP.Wx....Y.........Z..%....lB.v..../g...U..7..J.F...{a ..fn.....gO.O8.......{...Qj.a.YJ.6X.b8;*.l..Q..Q..)..AT...v..;w...{.....:.8J0.r}O..H!..{.p..8.k...W.D! .f.f..|.'.Y...3....W."k..'.6h...$.G0|..O.:zXE...,.CA...W;$3.7.#n.A.......Vy.B.g......*^......PU.....H.....5m.'uD.R...7).&.-.}f.........f<_3....Jr.i9.Z.v.G.=.=........S-.Ynq...P..A.a.X.........j..k.U/."...}})..C%v1....,.V^..^..g.......U.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\221__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1294
                Entropy (8bit):7.05619798048749
                Encrypted:false
                SSDEEP:24:r0HoNpz/yE2OCL3Cx6EZlSo9cxKH+HNt72JSoUSvgt8wmZVZjH0TH9O5Ye+QUilq:woNpmE25CQ6TQKeHNSLpFVZDNEBiV4V
                MD5:F14D606D98457BCB1DD0D3D61FC4504E
                SHA1:2431CCBFD07D344191841AC5F581EFD4C46F441E
                SHA-256:0B67515572591D355F0DE4ACB945425B352566860C0E3C1946B481E401E2278B
                SHA-512:A5E5C914A40E3AC49BBFF5B4D5C7489E43B0B3A978459DB1C6BD8823B03144882145DB463C0CC1AA76E86701D36758FE855CC175450A4E0C18CAACE7CE427850
                Malicious:false
                Preview:..x.g_VX.K.&_...*Ak..Y..R.%.p...e.(Mz..@.b..P\(.+!.....b..h.<..'8..|.[4L.....y. ........gS..Q......h.*.N..x..0$nk?..;.s.P..r./........y..AxuP.`..vS.{...a.M..KDgc......$P....v1....L\E..<....y...GS..$..=.95.9v.?&[S.....j..E..2...........s=.P.4...;..u.7.....[4.6..8'...<.Tm3..n....]g+....2 m...|.YC..J.....>.9.......y..v.-.h....../."p.D.q,..$i.......X..;,.79.DH.GVL}'^S..v0....?.6T.#j...M.........*...NdC......#...<"..".`M.....l..,..%..V...e...2s....?B....E...V...+.w.,..&M..O...]Ft.;.<..z%.._..u.O\:*..w...8)...web.Q....{...@>..h.....P=..&.. ..6S..7...(St>O..E0.>....e.........0{xO`A...tS...A..7Ek..(R/.w..Z.....l....B.'..mRu...:e".j.T$)T...,z....]m.}..,..zq.F.o......."..../....eu.^V0.b.!....;..x...%..^..kT.! .!.J..ob...0..%-;"R......,....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\222__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):995
                Entropy (8bit):6.51936726566224
                Encrypted:false
                SSDEEP:24:Lh9ilr/LrjuRZVZjH0TH9O5Ye+QUiln4V:LY+/VZDNEBiV4V
                MD5:9C19B88061953061A46352F64B98EAD1
                SHA1:785D73B9A5FF73DA418997D40F329F2999BB423E
                SHA-256:CE81F68C36AEB215F625476616BDD23A3E5C072082776A3E4F71F7F558FA4E27
                SHA-512:308D678365BD3D7DD0FB044570BF58EFF6C76070EF81D5F17FCEC3BBC976F9245B5BD32BA6F5BB1308429D0DE960D8363963903FF42AA5746F912235488918A3
                Malicious:false
                Preview:y.cg...a...i...j.-^q...g@.Pw.gO.SS.UCV.O.K.c...I..-...e....,3#..X..=q.|.*....^.....3...[v.....|...i~6...R..]..;F...t..vU..v. R.fNT%f.J.,.Y..y.a([]...:..wB..A....+-q.. ....]...-'........A.......\.......\+.....w..N..0k...'.by..(...$1...6.u.*...F.vG....9e.a.jW.3O;._...zK5.c.d.QA.....=...c.S.Mf-..JY.S...4s<.7qM&.2...m..#yM...4b_..P..w[......<9&...+L.l.z...e..4..t..N..01b].EFP.:..L&..R.+oE..Rj...Q.zJ.F(...._[..K.h=B(....b..U.k.....;I......rb.......{j>.~....loM.E.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\223__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.561968190385288
                Encrypted:false
                SSDEEP:24:tMU2Dlhm+3+Mic9zm3GmZdZVZjH0TH9O5Ye+QUiln4V:tM51OMtdm3GmZzVZDNEBiV4V
                MD5:FE80F845BA54752BE4C849A4BD77ED34
                SHA1:365A37E5E0A12E7139EABF2234C0808E812304FB
                SHA-256:E05ABD96680F7DE36A5DDEB29E204D5852200E78758AEA20AD977F0636E8921A
                SHA-512:00F2DEAEB4C93373032CA73536B5EDE1455897A9BF1508349E34361E8948706CF60F56B281FCE41125BA48B6E844A7042A82D764F7C12B93ACCC76BA60292C76
                Malicious:false
                Preview:..^b.L ..o3v...oD{....K......;........o].W......i..._..>.`............1.i[..Q.....U....@n...u#.K.\.C...8-...w~.]..o_.)..c&....{F.-.....Y...O.......pw.Z.O>2.....Q...h&...WQ..."..........O..P./Bv\..[.X.....@.K..^.1<..T^...4hV......4.......K..IC......0VE.....?..x.j.$}..%....*.^{.Lwh...t.....;..a .:.4....|}..:......I`.rF.0.......`I.S......NW...j.?D.....cO=.....R.^....Cp...g...N..v....g.......9....~.d;..:w...`P..{V......%.p.`K.......S8;.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\224__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1220
                Entropy (8bit):6.9662245175769435
                Encrypted:false
                SSDEEP:24:GGc67jxeb8leFbk7KkAq/TKNpFxT0ZVZjH0TH9O5Ye+QUiln4V:G3Keol07kloYVZDNEBiV4V
                MD5:C292856AF73CFD04386B1F82A48D6C3D
                SHA1:0DC848617FCD0D34A025871D268E0B21465C7298
                SHA-256:AD7CD25F6BA199E7A7F21F003F186E9C7880CB0B6360D43557BAF82B83BB1E05
                SHA-512:4AFCC9B8D266B3F520ACB0CD9C93B0FD8AF253679216685C1ABCCFC1C1E70F231DC787FAF286DEA24622BEABE3BD00A1A2312F5CC1A6FAF385E07FC1136135E2
                Malicious:false
                Preview:....N..<r.`. ...N.?..&P{.Z...Y....!^.@......y............&.q.y...?.i.....M.-.nS...F.,i2_..-.NGC....+.....k..Y.B.Rw..c..m."..QO....V..*...p2.....x...R.M..._..S....nb?..v.x3lH.$.GH..k..,.2..R....h8....|x.4z.z..#.`7......Z...`.e.G.....8.[.2tS....T[..H.g5.Fx.........._..[d......A...Hg.p..*n.......z.Jn.......>]......Bg....Y .C6.`.<.rN.]%.n.Nt....../?.a...s.k.?.r."2........t.....Ky.~'.80......g%...I.9...fr...~i./.y/1.,u/.....x.2i.q.pH..w..a >.."C!.../q.m$<F.'./,.&..Z..3..T.9....p&.Z6&_.h..|.j.=+..s....9.}6.....M\]...jl..%0..Av.X..a..f....._...81|<......X....&!r....+_..........8.N...6..V...X)rgI..A.x@.(........z.m.[ .q..Y.O''W...n%./.f..ex...(...;..d.>.....C....l..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\225__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1161
                Entropy (8bit):6.876558284510371
                Encrypted:false
                SSDEEP:24:XhBhnL6guytaHByptFHk8CRPFFuHVZVZjH0TH9O5Ye+QUiln4V:N23ytaHUp3k8TbVZDNEBiV4V
                MD5:9AC3DA722CD90B7A9F6F0CBE0E72EF21
                SHA1:65D7AB65553CF1D18B41230D941793839EF56790
                SHA-256:3AB2BDF208856F01247F4CB76910CC6A4D14317D914243E3A77B94C3D648C38F
                SHA-512:0DAF5640987DAC55F30456BA9DFFCCB45929B3B47E294ABF53B99014D996D60008D08773504598E973A1D18119C593EAEE61464378B2B9F9CE42A581B29773AB
                Malicious:false
                Preview:/.Tk.a$...`.......;....Q.R.G...`}.....f].|...l.z,..K..B............M.R...+-.p...^..P.D.?l.V.......[,.g....:.....E<....lK!.-gg..{..2$IU.........MN..?Tu[.z.~.....\.vr.{...[.....2....+.x.yW..On.....[...<.... ..I.O,%.....~.{.Z......Q..:..,zID...\.`.Qb.9.V&R.1s..K....C..H=.b..uf......T|..h.a/m...o......>XD....]..V.....EEOc....p.a..V*.. N\:Tl :.n.1S....T.z.n2(..i!.n.-...Zk....J......S.N$../U/0.,...E..M.K...).DK. ^R..mq..f$7...E.........G"k...BK...f..%,.o......\..jR\$@.....{\.c.........AP.......F.......V.l.n2whp.$....}.%6.1.,......x..%d`.I....h..dTm..5....r.p..[).m.%A.|.8f.:...E$..o../O.O.^.S..A.(..r..9.kVQh...D460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\226__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7653733752292995
                Encrypted:false
                SSDEEP:24:l7JXEEVxHl0lAogE5gcOZVZjH0TH9O5Ye+QUiln4V:xTHGlngSlmVZDNEBiV4V
                MD5:38F2859EEE526DA7E6ECE48FB55CA3BB
                SHA1:28DF6004FDC98F377050747439FC8A27DA4D9564
                SHA-256:EF159F41D9823114D603F0FAF55AA9787534A1ABC123C95BAC412A96603D2E96
                SHA-512:8B3F06E1A492D1B138323806180327C87055315E1DE8E17CB72AD429AC3B353850660F8E81534072F5F1215D91A1846DC8C0FE7FA51960393EF75022FF0AD781
                Malicious:false
                Preview:...=-EP..h'..<.....]...@U.=......}..0i.......A...~;..f.ehk..GL.E..*R.1.`a...t..D..}.....G`41..n9Y*....P.Q.#..AK....v....T..R2..k\\.2.tw......"Z...u....Rc6..=.DU....F.?$g...LSy.LNR.)W9._*......0P.F.D..."_.!......+.d.pX./.EI.A.V.?..-...n\....._\..D.e.|+@...7G...F..>2...S...u...Sv........P.Q+..4.........e.N...^.{^k+.....T.2...&...Jj....g9.Z.2.;..~_".o{......H.d..t.:....{...0.@E.4..s".P~.....my....1............xXmq.gs...,4?.n3.Ja..U..-.W1.t3*.w..&..).j<..95..&..iMx....I.R)E.&....a..q.B.."....P@=.t......e...0.6A..z....S....Ls..&$..._........m..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\227__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.688633263287193
                Encrypted:false
                SSDEEP:24:KhdxAt3p6IZXeaEUbZVZjH0TH9O5Ye+QUiln4V:KxAueX2WVZDNEBiV4V
                MD5:8C603C3DEB80F012BA6243616776153E
                SHA1:03E213F905FF04193454671231DB34DED6AAA4E7
                SHA-256:09581FC12FF2B42955A32E7C91BA0BF4ACA92F30FF34EFF3D07437506CF76A61
                SHA-512:4F86A673584EFE98898512D483EC67C4F332469CFCAEF2758262F3EFF85D11377EDFDD7EA28A394985805881F885A8FF4E667BE713A0151B31B8FCE170D654FA
                Malicious:false
                Preview:..H=...)4@b....GL....a.`........Z.Y..L*....q.1,..T_..=.K.rx.}.^$..n..,h........M.;.. ...I...v..9..4....]E...6....|a..q.p."...?5.L....(r...].7<.5.....c..s....2..}C..]........%}.._.p...w&s..m.[.Q..'0..=........S.W...>x..o...(9...H.Kg.f+\....Q>...m...9..^.....*$.d....C.....5lQ....f.o.3CwW...{.....W..A..$'..f..uM..-......fz......,...$..#.dn....hj..[..{....J...S/].+Na.cU....n.H/........tV3.g\....8.vb_..c......g......~.Y..q......}..r"....q.ka.+x...1s. ....d....b...P...vA.......V.N......C/.........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\228__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):964
                Entropy (8bit):6.499705867292257
                Encrypted:false
                SSDEEP:24:pqrbwHGE9HUVFb5Y1ZVZjH0TH9O5Ye+QUiln4V:pubroHUVY7VZDNEBiV4V
                MD5:BFE142C727A97A59F211CEE488A820E7
                SHA1:0287107AA058314014C1FB2F4F8BAD9748EAD465
                SHA-256:D8F199DFBB3BEEEC67E8C7CB869ACCD0531F2E6AFBB80EC1B267E3F6F1B8E6D8
                SHA-512:BA7FD4D5243562FDB279E07A9719DD3CA90D2F758867212B5BD60C99808A52F0293295174F7DBDBB0527286E74F9F8D9FF0D1ED63EB2E3F0FD439954355A5BCA
                Malicious:false
                Preview:.........<...b.........S&...\o..Lv......7#.F..G.....*..<.&..=k..J6.z'.G.w..."..cV.S<.H..a..Sv....tG...Z.b>xB..1};....0...@..z.(%.I.2:z.....Q.9.`..7e&/.+P.f...R..JO...rY.B.h...Q.._Uz....-......^..\.."...H.f....2.......^].S..Sw..=.0.T....hvi.......|.X.d.p;Z..P.&-....*.z../Y....}.<}u.c......;+&.".[.).....Qk&....u.c..%/.o.,.Y`gE...!.5+SF..O.5........gx......Q..j.1.prb9."U..X"S..D...........1.!..^..q.g.....cE+.H...7e*.+9.Yx.,.........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\229__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1381
                Entropy (8bit):7.13296597273594
                Encrypted:false
                SSDEEP:24:ImjB03m1usaAXTXfDewslwF+7Hsa7S75/ZVZjH0TH9O5Ye+QUiln4V:tjB03IuvAQl+cHsDVZDNEBiV4V
                MD5:D1DBE546209864A23AE89EEAC1995672
                SHA1:BD32EDBA40E27F2881F1C88A631CA6C24C9F5D52
                SHA-256:0E400AF8DE73993D73CA5BC0B59BAAF7887CDF98FB4913A380FCD8C7A7D90012
                SHA-512:A8B99B074506022F54CED9F791E917CADB46E85F387893B808D4E4AA3114A777B313E80F512B9E51EEFF56446BE2D21ED78B786DC7787DEB109482F77AE6CA1E
                Malicious:false
                Preview:....M.je.....F..d}_d...a.......;..Zl..hd.G........P"..k.v........[......Mj...F[R. .Y........".1k.1..i.~..m...dc.18.V6A..=.^..wGp..<.... `..&...1.8$.iq....Bm/.......(.j.L...~..|....".J.....o1S.@\T....89......W..}AtdO.....)..K.96FNJ..M\.Q.d.W`.e...P...$#O.^F..`..L.\....l.......YE..I..e..9j....s.L....XLE....'U[.k.N.%.u...C[J9...N.k_z..9.y.%.'..*.7.Pe<+.ty.j^...{=...e#..#........5...aI....J@dt..L.q.Y....`....?...5..e4j........IP.....[.K.+W4......E..U..X...Q...S3.J.m>...V..O.3..t. a..d.rV.(x-...............M.e X..$..$s.f..N.y...NP....0.......7.G....K.A^|2...j.%......+l...K..<.?-..(.....$lK...gu.Z........8.7Q...Y..Y.b...%.....q.Gc.8....7g........&......;..,.{.&w_...^X.;.1~...0......E%...s.4L....ahh."*..X...MQ..!.q.......*......wq?Y..C....K..fj..~.M.`.>"A.?.0..f....[.."..S.._'C.......\.*D.}v}.X..'.Y.~'..(..{.."z.Z.../..4.....(_.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\22__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1302
                Entropy (8bit):7.027351297037608
                Encrypted:false
                SSDEEP:24:dXTX38hwEcNPlVCuayhaBn3en8wQUFQXVWHy7qwIZVZjH0TH9O5Ye+QUiln4V:pTWwEcNPTSeHkXcVZDNEBiV4V
                MD5:21548E98F9392080E5A57204B5ADAF9D
                SHA1:DCD668F7623C0427341F5EC2C9FAB48B1EE3912C
                SHA-256:63C2FB6FC57932B9E3C0BC3A2E8DF85639094459994C7EE0D77ED251E1355296
                SHA-512:D46C3040297C34F96DE013C16A3102907DA1675EC218BC6580EF83EC0A8A7717119E1E108054FBDB5D86ED7FB28736E20F7618B8494D1005C9F0A543473F809D
                Malicious:false
                Preview:..,-Y.9TH ..YT.*....<0v.,iV.]M.o.8.k.6).r..S..hI...L...F.dWu.(+......Mu...g.%.1..~.]eD.((.h..#.b.l.Au..ev..l.c5..D.#.."...r...S.3.a..+q..L..}....|=!.w.$......X.....s5.4.L...C..%...vX.]./.vB..y....u.F6...p*..#Vgt.m}tZ5....$$..0@.Q..Bl.*Fw?:..).l9..Z.......JIV......=....!.JZ#.......=.k..=[._...n...<..........E.n$.n...1l...)..y.r.ht1..+..v.4......O.|..v....d..)w./.(......_.....l.........h.W...HC.....6kQ.:.R.=.2.......b.B...w.F.....#Q...........~U.YC.R@`.wA...:9x.?@.t....}...S....O[^....my5....j.7.!i......a.>..*o1.a...(...[.>..'6.lYo.\m.m.=..(..0.q..Ve..8..i.!.?....f..0_..#.i'.k...;<SS6!.b.'c..z..!..cO......@E.s...K..%...!W.n.6........ws..I..e{/..............l..R.i..|...*.a..aG:.>h...F...0.......M.....cO..0S.I. .T..O.6j.9.\.b.D...OAy.Q..~`...hJ.g460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\230__HotSpot.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.04090618218952
                Encrypted:false
                SSDEEP:24:tMXYt5J8nfcnNDTZVZjH0TH9O5Ye+QUiln4V:tGYt5OfmD9VZDNEBiV4V
                MD5:836D1BF428DE5792853D4F5ED2F26029
                SHA1:0DD7E4617D5039AE486B0836962151CBA7EE5FE7
                SHA-256:F6FB21497CDD85EC18D313D2B84A0059F0CBAC730C46DFD75C91CA9A8317DB5B
                SHA-512:A66E3F1EE84FCF6DC9BCDB0EFC5599377CFEE8B78CF9D8EBAB0E384DBAE5B66FE61793E5C28E0D125508DB69678DF0F66D3BCADF19780AEEF58FD69BA1151D54
                Malicious:false
                Preview:m........hU..J....b..[..._~M.'@.\X.....Npf.......*.G..{.......[..~."3.{y...u^C.(.U.s.P..|.|5....\_.k..F.]........K+.e..;.#..hR.._k.Y.+.?..V:..<a8...`.4.kI*`...0-S..1. ..k.g..?u...$(..f,G...H..D..L..P../0._.....g.hks/.5........|.&5........~*C1Co..'.)...i.H.Ih\.......;.V\e....B(U.....(.....F... 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\231__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.969898256335335
                Encrypted:false
                SSDEEP:24:rmq6Lo6sl7cCupVMbd0C8eeLfZkVjaaAbYCEOy7zSZVZjH0TH9O5Ye+QUiln4V:rmDLT8nRbCde0xQCOCVZDNEBiV4V
                MD5:9CAAA8AA6318F71F29C022ABA193C806
                SHA1:84AFF6C95F1775B379102091AB5A726ECE2A7657
                SHA-256:95FDAC124FA5C54F4E6A3032D1F0EF8473A118CBE31F0A80829FF0755F5BCDA0
                SHA-512:E736CBED7B9575364621E6EF3CD024FBFE263C71CA6A8861A8BE7341B3F41654EC3B5665C26BED0ABF985BFB1D32554070B84BF969A04BB7DE9FA9D79AA9D8E1
                Malicious:false
                Preview:....-.....w...#....m7.d...)....Z|EQ.lq.8..\.YCu&s.....Z........r..;..\q.M....zp[....XQ...Iv_....X..s....72>.>.h:'[.......{?1..Zai/.]n.O.n.p.ZdMi".M#~t...........b..P....f.z...........J?v...Q.}....^.E...2"..8.]<....V..[]7<.'..........G+i.B...5>.\.].'ds.~JP*s.......?.v8<...nH G)<YZ..*.oPH{...Hn..?3.?i.d.{..R.W..;..s....7s.}J.1"......~wN...{.>...........;....*%/......W....#.c...!...f......U.0i/t^.#.q..zJ,O"...V7G....+A.\......2S......J.>.ea..@.8z....IS....?..`....s.Ee@...X.M....._...2.P,..^U.Bz.wE.....-...H....}...L.1h....h@..I.....0....E.....7ql.p.f.3.....s%9..t...n1..}...W..`T.g4]{..2...6eS.=.E...i.O..P.z...r.f...".:^@F..x..v....R...~.*.../....u.m..v.5.f.6.KN.$8..b.n&...Y...QnU..q.3..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\232__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.991666334242135
                Encrypted:false
                SSDEEP:24:t4Gy+GsNCadjmCriOa1dTNqZVZjH0TH9O5Ye+QUiln4V:tcoCaRd+h1dTNqVZDNEBiV4V
                MD5:F0F31857D8BB158415FB0D82998D9A72
                SHA1:AB5F76F2E56CDDC5A85B9FCF3D1E091BF98C00B8
                SHA-256:43FE445EF2BAD368B2A7CB54B578BDD28269EF8B9D34B8E0D5F16BFBBC1D4BEF
                SHA-512:7D061541506CD1F7D8EB44F180476D2F05D92464F0DE4B582DD1CF716D3E206F9B83306A744B21A82A1704063045AFBA303EAF0074A085119EFE76D8F890CB89
                Malicious:false
                Preview:.]...%B.h#.....2.e...W-.x..09Y..]..^.~...fD../...'.[...N....aq...6ci..... .2....^TL.....'.^.. Sz3..6...ps3O....1....e.gOaOk!.Ri#...........?Nw.&\.W.o..l>_+B...........C..@.......-...c.d.K,{.y.l.O..p.~$..l.t.......u.P.1..2..Y......pb$M.r....]q-....x.....;=m.6.D,:.m...U.Q!\...[vGg.k....T.:8..%`................R0K/......jUZ.....s...z.,e..u:Cv......@.=.3r..BOrN...RbT..?B..#.........ps....Z........]l...{>m....\... .f..V..j_K.Ro.bhy....;.._..H}..W..).1;....)Os.^0.#.s,q.......N./X.{+"l...E...._`..!.?)m...YM........B]...O3..e{...i............n.Xm....@.c.X4..O.|.|.a.@..q>.[....o..b}.; ...e.-...... ..np...o....IK....dF<.km.`.c$/..(....x...?...I.Uo.,..E..B.~._...........|.J..l.8Z.K.AW...aM460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\233__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):982
                Entropy (8bit):6.479258455384721
                Encrypted:false
                SSDEEP:24:fJNrLx4KuDF+4grFyjZVZjH0TH9O5Ye+QUiln4V:xNrVu2uVZDNEBiV4V
                MD5:885DDC69CF32E55EC5C9B86B02C7206F
                SHA1:D1BDE32695B62B17AB241882B8178B81D742F484
                SHA-256:8D397D67E690C761CFD1A550A1747FD613FF0B6EC07008B5B173E9D1A381FE45
                SHA-512:ABA8D32C9E0E6B36813B784B552462D1A06EB5C37470DC232F23696C17AF9334C379345624FF37A037063C5A919423A2F02884DE77B3ADF1403ED084C422BE04
                Malicious:false
                Preview:.x..C...A..y.`48[u.:eX.8.:.m.y.-....}.....(.x..$j|.[S...:..9..T>.;...Tm{gx~...x....mAj..*.....Un..s..N.+...:..._y.w...`..4.z.nn4....7.lG.>..a........E...4..9oH.....]\...b6.gu1u.P.....ov.*-S....jMqr#B..8a.....8.........e...t.~.@.....a.J.....:3.3..nW..9.}[[.'VV.X1bI8.T..*..j.5....NcDWO..-Z.#He"j9.'.0...<....t..mZdb...uTx6V}._q....O.....a..?.g..Gu..!..0.!X...S..D.r.~0j..ZZ..5..i..j..".-....<..m..A.A....0.|..@...+.,...H.._S...HfN...Zyh..J....E.5.=j.... U...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\234__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1370
                Entropy (8bit):7.146233387759618
                Encrypted:false
                SSDEEP:24:rWUm4xaKFI4IlMuAtoo/+k8Tia5LqTnXNm5RCHOOPZVZjH0TH9O5Ye+QUiln4V:rnhCc7sHesLq7XNmbqVZDNEBiV4V
                MD5:347836794D2045ECA889AC1E56770E10
                SHA1:BD7C6DB98FCB37169686BFB4F4BE57812842E5B9
                SHA-256:E226EA2ACFD14D6E5EFCAF618CC737BC320A4579DC0029AE84FBE9B91ACB2B0B
                SHA-512:A48DB31006E24982AA1EEFF2067431BAC7EACC03FF29CAF6998C8870DE92B43B795DD8EAB3AE6371C236B9C79F525270F119B932A301A70874FD8E1D05C36515
                Malicious:false
                Preview:....u...^.Sm.....H.i._....&O....M..!^M8d.............V..._.......r..~h"..n.}..^.........oe...6...8.WN...\?....-.K.H...._n\....-U......^.Y(a../u>rs.....{......-@)...... ....v.Rq.".wM....[*"4.c.....$.5.... a66.7....g...cD^0....&$...i_.@KPL......[.......^V.wE......+yT.....Tl3.".....!...5...a.....5..)..AMas.....u..K8...X.C..]..OY..u@;#.-...........bt,.%.....K.2\1...n.b..........d.|I..5.....uF.o..)+.6J.k..}%jE...s=#.s.N.%....S.......s..+.=.i.._..7...+ ...x..j./.......Z]..G...V..".J..x..G.;v.."...o.....m.N.....?8E....U..#+.,............c.s....AI.]@!....T.....|...CI...)(P......r...q?.W.....e.g..HN.....|T......]...7..!.F.D.4....r,....^TQkr.....S^.f~f.A.....Bj..5@.7.-....J..u9.JO..s..w..:3.......#$."C.a@..m.M...".e.......6....%......d...wM..3.W.....].Lz.Ous...t...s.x.x.+.k.....P.x....G.xV..KOtyh>?..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\235__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.78147603678592
                Encrypted:false
                SSDEEP:24:ZCZS+2oAU+pEYwC8k0zpBdneZVZjH0TH9O5Ye+QUiln4V:v/U+iDBn2VZDNEBiV4V
                MD5:723AABDD2251ED12334E1AB3F160F733
                SHA1:6D3E27E81A2B8FA4753DF8F8587D036D1EAA0DF8
                SHA-256:A001E08D69296051D6758374595B597E00F8720BBE12BC415354F6667DC3BB69
                SHA-512:AADE956745F05A5D2BA768E31E3EE18239F1A0D2706F1D6FBF5C16D36D8248A3FEB67D4E94BF925737219CA124D5795302EBFFF0DDFA80D960ACB0AE81A2D1DC
                Malicious:false
                Preview:uh....".i{X.i.=>....Z+@^.pU..T..3..R.W....Q..M4G.V.}(M....Au.=+.2.E.`..m..l.j.%V.Y....'4.bl0.......mW..y.....D.co.H..._{^.....\..LZ..N....Z....k.....j.(..L?..J?......-..~......;x...|.w3...{...S..0......+.0.V-........3.....Z.-.......8L .h...Q..,Gp;...5.$...AdI.U.....]3T.pV>.-.....+\g......Q...m..Z..`..U....@....Q.x........sf^.l.....N.!yl...,i.(....&dZ...s....r.!..#.)"B.....j..?..a. ......."0!..i.pV..<..{l...wT..K....}...i.N^].....n...h*..g{./....v.t.;.c.S..).[k...3;...-...I...@.,..r.....r..@...0ltlD0.:....W....>....{i2....6460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\236__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.628419302118773
                Encrypted:false
                SSDEEP:24:WQkUJzfZXzASJq+u4FjPRqes8ZVZjH0TH9O5Ye+QUiln4V:WQDhXFJrHFjZRVZDNEBiV4V
                MD5:08BF9BBCF34EB11CB208BC12451E4986
                SHA1:5D99ECFA0612637A4020010BB5FA47391862619F
                SHA-256:53350FACC29C6E39849D83DDB364B9F41FA3D9D501E80A7127978DD73A8F8EF3
                SHA-512:7CFFFEFB7D5DE6917A58317E6537724D93C63393DE8BC2B11D78D1C628AB8D319780714F6B37E2BDE1ADB8C9420E788A64676F945B52F8BCE2A38E05A82D043E
                Malicious:false
                Preview:...Y.Ao....r..N^.A...I...`...u.......u4...F..)..f.4tTz..7.K..w..........|.#a.2....uZ.g.5...2..$'6.K..J5.^.....)...]..y.b..E....b.8)..B.0>b...~.3...g...]}.. 2)7.F...lU....\K5-.$.#.<@P...X....|....#..#..'n.F...K.!....~.7B.I(...l..K.D.,..~.m..j...Dr....p..m9.b.. ..V.$.F.k....a..W...q......e9.VZZ...W........9....2....=.Z...J.R.E}&.8e...@.........`c.M.{.|.[.....g_..d.... ,...Fc]"...A.u...P#...-..`..`u.sz..;....j`{.&..L.{. .DB-..`..q....:...,.9..y,..m9.....CB.....*...........a.4B..".. U..G.`.G.'.).].460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\237__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.50006110325842
                Encrypted:false
                SSDEEP:24:AerUM7RyiUZyU1vhwvZVZjH0TH9O5Ye+QUiln4V:AQqZlZuVZDNEBiV4V
                MD5:8609369F73BCE715EED0DD755FA28F35
                SHA1:CCDF4FA5B13D4662275A3737632DB874184D1FF5
                SHA-256:DC6C1EF8E8490A0F726053F61A5D277356A558A172036C9941AC906477F94CE5
                SHA-512:07A1FAF1F1BC699E5F111183E163FBBBE10E1D42D19B6D4D6921517B706F3E076FE88E17CAADE63C8E2B80257B7C749C22C3C5A0CA22409F5AD6B2DD4E7922CB
                Malicious:false
                Preview:.7..5.K=..M.he.9..0...D.N...?.WUVU...GJy..8...v)|(.......N.?K... 9...O...C..r....i....@.dj...6.s.pw..j35P.Z.R.....Kk....B...&T...]..[.H..)...@,..7*B.!..<.^.....j.v..._..IG$kR......7...irQ..iM.].Q.....`.<..5..T!A.j....C.l...dY...QU...&.1...J.....(...%..*O.`....L..2_....I.c.y...F.......^......J.h.|.t.."..#...../.ql.-.K..._e.g.j..X..gO.f_`4...-..07n*..|...MH.._.y.(.RK....).....>.C....?...E.qt{FL..n..H...r.,...!.S.,._460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\238__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1220
                Entropy (8bit):6.9420997663916815
                Encrypted:false
                SSDEEP:24:Z22ktO5bPphwPl0KQY7O+i96fLhJ6ZVZjH0TH9O5Ye+QUiln4V:EUbPEPl0KtLi95VZDNEBiV4V
                MD5:FED92C331CCF2F5F4D9411B290A9BDE1
                SHA1:E0BA99E2EDCFB4592BFC39CD522F56D6236079DB
                SHA-256:99EC0CD3EA536CEFEF3CC59DEE480A2756B540F70E2216F2C24A952BF66E6EDC
                SHA-512:130FC00BDF735D077F14E349BCBBE99E2320E3E6C40E58B2124E01F297F38157D20139A4E17D8695449F11973A12855F960155E9998B63F1CFA50E7D3C9CD4E0
                Malicious:false
                Preview:....,......).U..."...;..X.^............>?..........t....F..}.(J.).Q.:.4.W....V...e..*M.....0..(.UG.....lh.R$~..kF....i._V.1....0.`..gk.QR.ZF....(I5..`z.^.M..B.....U.".^o...4.u.}....vN.S.....gM..8>4.......yrQ....c..hL.Gs..{.'....,..O...H..#rl......P.M1..P.+2...b^...."hR.M%*8.[..~...`......*..1.2.X....@;5..}.fE....F.}..!$..zv...`l.....r..^]F%Lh..,.'...&..5.U#..D}2.a.s.].............o.iK...........;...C4it.aw.L.f?.?KcD..`.H....Dk.f,v......25..KW...t.VH....d.$x....'ga.......j0?..$&..d%.!...!h.&*...rq.iV.>A..t...8M!tN..D....<..e.;o.../%..8...}.u/....[Oh...UF.Ne....9...I...,9N....lu.%.b.....q`............U.4)...z....W.w....2.8WU...d.I7".I..Lb.&y.Ha.&?..d...NS...~.i|..i7...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\239__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.78494843174201
                Encrypted:false
                SSDEEP:24:Jucmmr2VzDKtnmh3pJsEehcfmafRZVZjH0TH9O5Ye+QUiln4V:/mE2ZDemxr8hxaf/VZDNEBiV4V
                MD5:B58F385135F354CC1DC21CD206E444F9
                SHA1:07C05BAF22CAA174AAFB059D063EF8A115234BA1
                SHA-256:DFC7106FFB54C9A2E19BC2D5E2F850A3F294FD9B3E15EE599EF863AF9C293FCD
                SHA-512:BBFE5F0E071866DCFA95CB7DAB6F12AF9AE1AE8843D437C4A46BE8DF72EE9CD95EA1AC2B5426EFC0580FA1245E2332B8FC21310A641826EC3DB1D6D02711CD4B
                Malicious:false
                Preview:R.*!:ul.,........7.H./.+9.E#..q"..K.....F....`..Cb.b.?...h.9D|.o(qv.L.~Z....Wv.([...gD..=b+L....L.Lx..........^..n....cW.Kin..5.....Z.....t.....|....+R ......C......G.)(4M.S:.|.7S.m.-.....S..@.A;4X.........HF).%..u.U&-....^E...5M.u.^..\.\.t@K'.ge}6}..1T....8.,..."&.K....2..t.&.h..K....#]g...)p....t.w..... .}n..4...+.....\..3...v.|...`5GrO1?.A.....#...>8..mu).......$...f)..92!y.v..f.]....k.z..J.W]..sJ.qb..\..|..Pc....I.$.?9...U....#.XSx]......sQ..R....].!... X.W./....4...".{...V.o......././....%...O!.G.u=.....&..Y....p.i..f....+.$(...;c..\|..&460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\23__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):987
                Entropy (8bit):6.566516668338429
                Encrypted:false
                SSDEEP:24:yITbP+WAgpMmFgx4qOO+JL18JZ3PZVZjH0TH9O5Ye+QUiln4V:yQHMmWxc6hVZDNEBiV4V
                MD5:9C0C182FF4AE7C19C4B117135E123E23
                SHA1:FAB7D87CAE7E7C063C80EFED99A1DD315B187635
                SHA-256:7F61E243BA3F8CD92D48D0B380573CB49AE2DCD8B6731D950B0E2B4969F62EC3
                SHA-512:7284ED0FAD21C932CC6A318AE059CD67D17F3C503CF4B72D6BEEF6CCE873992226CE4926C7BB92B8895026A8398DFCCB81CFA727346E3532DCA845BFF60AEF18
                Malicious:false
                Preview:.....-.SW.a.gtA...wk.....L@...t.C\E..r....h..6.B..v... .[.b.q..g.N.^g.yg.m.7.].Ha-.g._..$.Y/..%..}.P..+...@.oC..T.g.2.z..O... ......I.?......6..).T.C.q..*+...G...#..&o.=..I....<$..y...77..O.j.....l.x8,.@..$5]....zCz. .!..8_5.".Z...o....r.C..I.\.,(.$i.+........w.fV9e.S.C....r..-...n1?UM..T..H....v..(6.M*.{.K2..c.&.S..ab.p../.z../.tKx.xS....%Q..'j.z.....;....|...<......Q.p.}..........~G,'jS....g..[..e.<-J.&M.#I.....4..K..N}\..i.omio...kQ...Q..z..z...v}..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\240__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6602050430943756
                Encrypted:false
                SSDEEP:24:VxR4t2JZABPPUm5TnC69mwdXbZVZjH0TH9O5Ye+QUiln4V:9+mmZtTnC6EwrVZDNEBiV4V
                MD5:742AD7D17B96333BF3F047E8CFC9F5E9
                SHA1:7CF4AEBE372485D91D049950E443ED25BDD1D4A8
                SHA-256:88474F12D2BF2168515199C6251056FD40891628D327CB7E8CDCA31D6D134C3C
                SHA-512:CCD0928466A678CE40FD006EC961AA4D3FF57406BDDC03EDC87C4C6328105E288F73EBFD30310B7866B1A86BD0FB745BFB7D564F7D27E3D8CBD2B2088EABEE1F
                Malicious:false
                Preview:..S@![r.L.J...")}1.=.g.5.m.\z.j((...G..g.....e...(..CC...z-t.u.[.w..~.y..Y.uN0!G9.tL..wk..F.1..O....._..%&,R...'t..$Fz.....i{x..B..%......f..#..]6..C..=.......).}.)...'.`.;!1...f..._........<3.7T..W....%d.,W.r.p{.+<[.,S1.(..V.j.......'.....q.&yF.....,.....cli.98..........'E.-!..f~/.+.`.%...,<q.P.W.E...DwB.A...M...&.3y...?...Ne+.@..&...(..+L..n`.....<..VC:..."W,.....8.F....{.....5.M.gB=.Wa.......nR.A..?Ui.......I.B...0y.n.5e...D`f....f.##.O...........k...~i.c.>0m;..C......o......Z1./..>.Z..R0(._Xz..D..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\241__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.486340781741177
                Encrypted:false
                SSDEEP:24:4DKwAKsM7rR4/Z5MbyKZVZjH0TH9O5Ye+QUiln4V:+WKnfyx5MuKVZDNEBiV4V
                MD5:E64F756793ABDE05430E8752BB3D9EF5
                SHA1:7918E2DDBF76D4DAC7A1D9486827AC7B58DD64D1
                SHA-256:B0186293F78BE899B001D30B4ECAE66C7B898B96D8BE183B8BFB49279A85C187
                SHA-512:9D46109C4238ADA9D4B57F31570CFD730CE4B916D5137C344C33C116F4DF513F507442A79255DF5AA18F3C7B9F764943F18EA97873142A2C2CA06A27A5B05249
                Malicious:false
                Preview:.e..X$.z.jO....'[a..:.M.C........=.B..md.?*.k.{P#Y..`....wP..t......R.....X...9<&S..32..|......RTt.0&1.>..Z:.m...z....R...i...f..}..t..M.J..;*<.".|.U..`.<.......k..1.H..c.?f...32k..p.X...J...:s:)...lh&hmm...Q.(..... ...:.J..^.L_g..X...l..T.S&)...60..G.<.z.;.Py..SQk.N.<,..b..-.F..!....y.+.gf...Q+=G..\-.#..4.X..>|.|y.Z...@..a+..0Y{_...c...~...4S..6D..,...[....Z.2.m..Z.~_..D>....'....hwx..KI.........,ntPH.?.?.C..'..z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\242__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1235
                Entropy (8bit):6.950439273803286
                Encrypted:false
                SSDEEP:24:nDli7WbUk2VzaOLeJNkNS3ylJxTsLQbMSpZVZjH0TH9O5Ye+QUiln4V:nDQUAfA3aJxGoMSnVZDNEBiV4V
                MD5:480B63555496365D965774E814FC547F
                SHA1:DE45C0429D4FAE111F2C836B91D8B09E55A336F0
                SHA-256:30C23E2563F09D958AD33653F335D75AADB3A9046B47367FD6AF7AA367B882DF
                SHA-512:C9FB7404FEEBE2E5F6CB77139BEFA4B46FCEADDE4AA978D682176B5AE51EEE5750E534D8274BF1B08D223BF7C10BB2EAA12522368EAE586B69D2EA1E566A2D26
                Malicious:false
                Preview:r/d...X#.k....8.._h{r.....T...I...2..=....b.b..j7f?.e.H.b..w ..r.........&.}Cu..r.-..-.I..ui;TF...Y.h3..|........f6.N`.....=R1*..$?.G.o....$..hv...F...YK...xk.O...e%..l...5r@gM...0.D..K0'.p.....NN...qy.i..........\o/.......3g.c4.._.ON.......k.......~....nhqZ...$v...0..(....].{..i.@...U..q..*.<b.Q..ip.7*.... ..,..`.J.u{..A.<.B.NB.@en..+...]....W..,e.jm..d.p......*].+?.qhh..rX.N.4.F...(.*..H..q..$$`......M,......r.m....\.)..0tC.a$..........".....f.....N~@a..[._IQ"4.{....9..V..^.jy....R9S!fN..Z....9`...;(.-..`uZ.......e...~.:\....+AR]..2.2....C.h."..".Y....$-.....Mc!&...=Q.k...^3..vo.7W}7.~D.(.......G.Y.C.q..Mv.qv.L.:e...H=..b.Rh.5 p.....909....d.}........R...bH..8B.dj.'...._.........#.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2feb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\243__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1634
                Entropy (8bit):7.342883781024294
                Encrypted:false
                SSDEEP:24:6o+ZJSM1o75ylxD1E2OhqY0Qx8HkIf0gNBC+dgAfUTZl2ZVZjH0TH9O5Ye+QUilq:sHjikN1BgA6ZIVZDNEBiV4V
                MD5:3649E59EE1F6905F138D2E5E0AEDF7D4
                SHA1:303F084B0EAAC868294B3D24B9CEADC422CA546E
                SHA-256:2B8ADCB05C3EADB55847524C6B833CC48D430AD04248F1CEC79116E77F90BF37
                SHA-512:CA9DEDC6B80BE45A64C8B9F85295C5268A5F64322177020D3562E780124515E26B6454C2626D09CA9442C70BA3D0F8A2D90CC34911F7B21A13B0782940E3C183
                Malicious:false
                Preview:.-.v......4&...(<..&.......Dxw.......X..B..V}JK.4....T.-*....OL".,].......A...B.0.D.(.p....`(...].Kr..e.O{....$m....E-.[dj&i...k..i...k....q0.......F..$6..m.).F...-..=e...&j.a...y~..:.!....|#Gq*4.....[.E.F.....hs...|w4^..&NE.0..SV.. ....G7zz.AV.[......y{v.". .+.y8.fe.Q......^%beT.x.D>...........K..q.Av...Y......>.G...`..5.....G|N.......A.%um.....+.}..yf......Q....'..Gj...V...ua.....].".\u....{.,......N..P...c..~F....e#..J..v..BS..o....qI..GYi8.|0..s.d$...lj........2{.S..+5...*s...c...;.a)..D...E_..h6..JQ...(...4.P...(..C.....k........b..w...&..e.......\j....U.yko.wO..<....iz...jb./c..5u...9./...s.[.....|k|/y....*d...B......J..&.b.|<.*Ik[.........)=".."Qu.W.a..K.....8Qlt..."U.#.>~..]....Y[}v.5.....@..><Kg..G..........}...nnn.~.9.1.)S.C9....9..,l...j"......Z......?........B.n.T.@R2>......@N..... ..W.....s.H..+.Q.[.pCG.......BpN..D...t....d.-u.....='..1...r.....Pe1.P.1.;#...-J.Spk.Y........Hx5..@....g.. .y.u.Q...S.T.Y#...,..pm.zf.."

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\244__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1894
                Entropy (8bit):7.468139645239917
                Encrypted:false
                SSDEEP:48:dWl495qJecuooHDe4/QgA2tgmcOT7XLdCNVZDNEBiV4V:dWPgcuJe4RJxLdCReBiV4V
                MD5:D777DA8713201DAF124C5B549BFB3392
                SHA1:7D46B0CC23E808AB1F877BDF62257820FCF78F17
                SHA-256:74AEC4B4D244A5B631EBC167D49238B99DB255B867AE6354264A8B5F75C835BD
                SHA-512:65EFF3ED5518169B296152E99D1D8277A5853A732496E546FC0BE800A70281E10D41E1E9D05B72F0A96624743C2E842F52C9C0C2236A7B31722A88C757948829
                Malicious:false
                Preview:..!~.z...{.H.2"..C.....b.U.^4*......Ls..U.6a.N.....Tv........X..|.`f.."......V/..Rw...~m.16.@..w...6|...+.yL.F6r........4.'......m..4.q.o..,..g.......[....g|.B*!]x...$2..G.J|Qn....7.........g.,..}(v...1..DV...;....j@qn..H..4..a!./A.x.........8.V0..*..~.Z~....q.......~t....,K.?~$....B.v.E.....hx`.4+..mC...6.9....1..Ds.d..c..g....y=%..PBT..z....L.&.qq..h.S...L...I..<4.......}....u.R.FoNX..C....5..........\..B...M^+&-J...[Ib.2w.:..l.....zh.R.M.'.[.S...../>w..Z.tl.#..eZ..>$.[63..N0+}...5@....S.q..Ic\.......~...G0.....!......i.B.d.Wj..I.....1nI.u7.J}.r.2.%}g.<V...,=..6..B.,.K5...|...'...^..=....[..i^...!G......Yw..}._h..l.M`lO...T....,6..+.,.zMjB........nz.W.g.Xf..V...gg.t..2.......mE....9M....H\,[.I....+......T?@......&..).o..5..)......W.......T..H/,..._...o|4..$...\'. ..F^!...C_..N.....s`.../q..c_..S`.uk.....T.6}.3...s...t........Q4P...2.o....Bdb.9......=. .......R..|..b.2..&[.....=.!...N.4h=M#.`.i.S.9f._.U.lO.Y..r6.....TTe......].....m..c.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\245__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1012
                Entropy (8bit):6.592115283861076
                Encrypted:false
                SSDEEP:24:Y+wApWzNkw0FzVpDkP5IZVZjH0TH9O5Ye+QUiln4V:Y+HWzKdrW5EVZDNEBiV4V
                MD5:E6D0DBA3E5BB8A5E98C0324C92300A25
                SHA1:A3A52FDBF14E43534BB86F9EAE81286115ACE51F
                SHA-256:4AAC29FAE0EF1E54842B43D24A7AC1BBF1D798D3015D3190C6AEE7BEBAB5467D
                SHA-512:48E04318570D473CF9259A2F8DC37BDB46E32EF22297C154BCA42D8500CFD94568445EAF61E091D44F248E9E9D3BFE1D07D0D27716F978BE982972F85CFDD634
                Malicious:false
                Preview:......a..0f~Pm.....F.y.N.D....U6...{...../....c.G.x...j6...w.H...I}.KL/1KI.?..`..*....6*)..'...Y.te....N.bb.......9....n..&._ie ...P.....?.'.{=.v-.5..Ol..}..I.....4....FgKn4..B..f.dW....X....d...e(.x.5..@".._>9....+...q.j.j...... ...2Ew7PO.<....t..i...C.$.XZ.|O.!.....P5.&.y..A.".p..Vp.....2EIrf....~.G.9.....oH...EL..N...0..{.........Y.X...[...J..1..{....' f..2"6.<].R..W.V)r..X_...t.........d.. .9...)N...... ....{.........p.b.!H..l.......0%O..@|v\6:8..NUf......C.........Dc...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\246__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1304
                Entropy (8bit):7.075233395002409
                Encrypted:false
                SSDEEP:24:ovKBvkzPfh9+BzlRmjqJK17VhWxRoG/vZVZjH0TH9O5Ye+QUiln4V:VSJ9+Bf9w1xkxRLRVZDNEBiV4V
                MD5:C2FFC8025F90A4FDFEEFFBD84DFB9B45
                SHA1:1E52BB99DE108497DAB339240BB5B2592098DBF8
                SHA-256:55C700F1B567025C7778EDD665B05254C3B066F6D9C145CCCA2BCCF3594560B5
                SHA-512:959156DADA9CA3CF569C712DA9AC9B1F9F4814B7B365FA2DF286E5FFBCC1A3BBA9BBAC627145728E43E62D4244F62AFACEF8D25FDAB1CF06D8806927CC9EFEF6
                Malicious:false
                Preview:K......@R...Y..k....#J..e..d..Z..".w.y`o....c.O...<......).Ia...u^..Jx.8..,R.........1..b.^{!n.@.f3...g..$'F........k.S.j$ ...[..E...I..V....#Yk........B.k...EatO...^..*. 2o...\.. M3.W.g...O...SN......y"!.~s]W.......,......]`DG.=*.-Z.......H.e..fJ.\[.Z0..9...<..W..W...._*.g8@.@..[..+9..D....r.i.b/.s.~..ld...74....idH....].../....!...\2*..>...r.6...CF...=..(iJ..t}w."Y..^.#..wM.T.n....pT...g&....N.....E.{.Nr.................J..i7...........DY..i.(.:8j.."[E@387R..xTX Kl\..*.o.0......b).=.<.5h..L.g.....A."H!3.(R........!hl........w0..g...D[....B.......#@...pvw...X.3...|...i.....Z......U.2u$.3...._...-,v.eCs.G..x....T....lUV}...G..%...j..g..B&...#.}W#.*|.L..2&..<.M...I...S.X...n...W......S...;.dW.V....&..H..g.j.0....k.e...U..]..|..$...A.7.w..r..e.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\247__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2340
                Entropy (8bit):7.638227760044168
                Encrypted:false
                SSDEEP:48:kTX0CH0ZoJ1eV00UDUjyYwBHZKgMnVZDNEBiV4V:XZK1ede8iPMfeBiV4V
                MD5:30D8088D7C40AFAE54EB56005A8E7F6D
                SHA1:DAEEA9CADA25FD940AB5D38963F0387DDA7DBCC6
                SHA-256:6E60F274F3F5E047D0B276D3892455522300DCF7851D8EF1D058F8FBEB949CEE
                SHA-512:6912B77BCB42CCADC5ED553985494D0AF6B99505D5913BF7741A86DB277FF3257A9568251E264AD4A1BC0F32462727FF509942EB9606FA281032B20904FDDDDE
                Malicious:false
                Preview:.~..........%.].B...;u.._.pV-0....}4......t... Z..6.....|C`..^WV....U.....%..6..2=#..m..O.(..T...+.....g...F.N.'...m.......+h./...Z...l..`l.o......~...NB..kg..0i{5.fk....Y..x.b-..).e..P'.u.i.nkh/......(............n]Z..Y.C,..4..LH.....2...#F...P)sX...QIhe..............B....J......l......Q.p.zv.M.^...T.rQ<,...G.O$...5...Hq.......b......0-..@...'.b.........g....y.K..A<.N.N..R..,....H....}....I$..w..os...;..o... ...e.......Y.,.!..`k.c......M...,.09.-.`.....(#.L..cU....9.)..@..:8..@..Xp^:....^5.QX.)c..]..|.,...VQ-+~[z..x.?L.I.)d>is"R.9C$..DE....G.a96.\..l..I..){E.<.B..R,...h...[.....!..9p....Z.....6N..G9w.;^.&.......nFE.n...^.X:...xEM[.{..:...h7...\...[..&...q.FP]>.7:..{.+%V.p.32L ..t.]8.,/.`Jw./...}...5^.wR.h...R#B..SYx.......eR....0......].L.".h.C...._.W.....1Y.=>...;^..'\n9?.i...u3V?.V.K..":.M[&)...U(...;2#..bX.i.C9#....1....b.C..]O....R..{...R.V.G..+..B.a.O.0.Te. )...Ch...E...GH?...Y.....eU..=..c.8....k1U.....p,{s..t....=......'!.2....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\248__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1353
                Entropy (8bit):7.117124501328112
                Encrypted:false
                SSDEEP:24:XBn40SmhLBnELZyEoKY7Iltz3KyTnME9ZVZjH0TH9O5Ye+QUiln4V:x409hyFlKyTnlVZDNEBiV4V
                MD5:73F40BB2A7D92D4CD10D171D013321E1
                SHA1:1BEF806A49F2EF04A7CBCB7DE2FA6857481871BF
                SHA-256:DDB532B7F709D39778417F2D65D0BC049F8DEDF97BC3CA4F930CA0F8CEAF67DF
                SHA-512:483145B7D51A682F4FC66F16245FAF6EB174754BDB810B93B8BD464D458AA8E445ACA441F1EC2E27F81D3B251E94283A068F0B6ED8BE19454764F850F14B9197
                Malicious:false
                Preview:..C)qy..{...&../..a....3..~.C..l...]ef.1.!.GcE..'6..R....3..LW.[..F_df}Z.c........w."'pR..b..stm.(^D.......,....k...)p..........5.P..]3)..35..P..aD.b..j........i...A...z..Q.L](Fz..%+.cJ.he:.........\......:(...%....v.{k.|....a.v...*._S..........lu...rA...."....F._.|.M......n{5.r#.U....;2........j........$.C..+.B..8....!..[..\..L.4u...}.........V.q.Y....:K[..b...w..c..k?.1..r.\......O......h.w...@I-...b..#."..@..~~g")..M.W.S.T...@w......Pl...S..^..*..9..........3I^.....2.nF.1.X.-T..&..z!...S.w..0z.. .....A..F.;.....-..\rYX....<.`@w.....A.....*"=K5..R.......B..=]........8\h..M....K.c7.....%g..^..."....-u.. .:L`.&..w9....?...{....7...U..".q_-............K.@....x....$p {.]....5c'qR|.'..]e..U...K...C/.#...R^....>.......9.Z..B...P+.3K..oe...&..H6n&.\.g\Z,n..<.b0$...t.<d~.D..6w.Rm.T..yF"-(a.p.'D.G%~..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\249__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1154
                Entropy (8bit):6.803874028897926
                Encrypted:false
                SSDEEP:24:PQq7Uj2rJ7rRyZt5EAesUGBkZVZjH0TH9O5Ye+QUiln4V:oq7OYJBwHResfyVZDNEBiV4V
                MD5:04235CE0575DCFF7BF4779052AECF4F0
                SHA1:8986FE562595D70AA9A11FCEE4E985A3769E440C
                SHA-256:F8454C8EBC6509C00F6542A96D14D728CE0D78ABCA7191348A33C85D9439FC33
                SHA-512:D0CB5E79448298727207FAEBD76DD2D53DCF8F6C08AC17F71D50A329AD488C65551FDE22DA3A5A77905202DF83A5D329316E1261B8BF7F816E207AB25F387097
                Malicious:false
                Preview:...-....e..........>.>...0!....V..(..kA-Z........D.Z-N.%<y.c*6...g.r&E..3.9;.......A..S...\..Q.=.".q...'.7f. b....!.c.N.3....GB.>w=.V..`\.,...6...A>.UM.A0.8.z..p.).pf....m5.O..73Zm.Q(.......'H.Zg.=...52.,..W'=..t,ijf.-.w@/....<..x/+=..d?,....?....Nes.....P}i..Q{.'.....)OwzV.T.it....n...+...D;?.M.-f..kZ.u.v+^{B..}../..(.%.M........K..H.r.Ra.%..*cX...O.'%8..B\..@.........rpc.."......9{z%....|95u.w. n......d.....y5..?&..8H8.^...[xF....d..*7&.~A,7..9....,..j.h...%...S..?......z.f.hJ...d..f...W.p@..N..X.1.e..G...PrY.|..a..%.0.%.&d5w:..>O.......OQ.W.....i.d^.4.+ze.O.[.e.d.....3|.e.1}.a.......C....L1VV...%.........0P460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\24__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089
                Entropy (8bit):6.683051160388325
                Encrypted:false
                SSDEEP:24:wwXJNIEooKMFOkVdYg4P0N4GzFKEZVZjH0TH9O5Ye+QUiln4V:xXkkzw24GxKYVZDNEBiV4V
                MD5:576088940AF294D74AFC64CFC78883B7
                SHA1:2B1973B38586C5D4D48AB7111C38FF575DBA6DF4
                SHA-256:129D1C215689016809D229715C4D466A96B9D47379EA5F550F43829A59DE7DB7
                SHA-512:1D39FD972FCBB3476BA18C746673603E8CDA2BA2BA6D727708A4CDA04AFBC545497AF12D73E876B2414CBE5CD5D7333EE104E8C68E4BCDD8192B5395C6B296F9
                Malicious:false
                Preview:....L.c1.I...al.1..A.......9-.B...0.p...'..j.:...Yzc...&.U. E.........G.....d..\;k.;f.E.#|.,..(..i5|..XpR&k.`T.....l.9bi.eg.6..5.l.&..p.:4..$.b..6{ ...U.Nw.+.zA...t....a.p>^..q...........C8.....@.B4U%..P..x......O....5.y..:.z2=./`b..U...r|.zF.G.r.gW.}l..K...a...+..l.].80(........`(.^.$S`c.M0...a..y.6e....Q....h..3;F=;.~zZ.a...<.....N...V.....x.....TCA.3./`.;..Fl..]........3;`..d...0Q.f....sK......$.......E....G.yr....*....e.5.....4o." ......6..R.A..2|.r..;4.J.,U.....T....q...@C...........7.pg.!OE}W.($...i:s.f.$..a.E.e.q.p'q~..f..M.._.....$.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\250__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1824
                Entropy (8bit):7.418629382518003
                Encrypted:false
                SSDEEP:48:RSbqsWKP7ap8tAQOOSCyDa5/tBJV8Xy9fLG0yOPVVZDNEBiV4V:RSbqfKuZQJSTD+1BkXC6ZYeBiV4V
                MD5:EC5D9A953BCBFBC2F4ACF3D49E3DC51C
                SHA1:96413D9B13A527978BDE40C434C7836F089902E0
                SHA-256:BCA7E28867A5CC70745342013D150EDA1651358AA79C53CE7C2C635BD88E15E8
                SHA-512:0A9ADAA17D964289C897C96DA7AC8EC2840516B521562C7CF2D8BB5C7911A11A8B0F0239559C60FD302EA1C21581CCB1384925490449236CAC91E44DFD808A1A
                Malicious:false
                Preview:.5...>.x..@.f...nh>.....[.......w..u|.....'...`E\..e..^n."..:g..*.....YZ9.S.C.ZTE1n u..jM.(..........q.@....z....{...#...<..V....M.4P..n:'.q.A.H.c3)E&...EJ.'....tn......|.\.M...4y.`.{B./?.......>^an=.....^/..Z0&..3...f.h.=...yS.Q.ED'.".Zhg..iyW..\.V.....+.....;..........jb.CU......*.......].D.."g...lrd..{A._.|..1.......0Jc.]...&.f..n\.".#..d.....K...L.L.. ......;...\....P;r..R........G.6...=..9.+.E..M..{.\.yh..R..P.g......6.m.4.\.80.9..Y..[J...PX.....>.2...`)u.`....,....A....j..-fE..D`8yZ.>1?*.6..l.aASl....^........E.4.({d...;.....>...y.:..).?e.,.>....dXH..a...?j;...5...`...i|2.p......`n).U*.|..[.....lH...2.......YE....4C.D...i..c5..m.F.WRpH..*....Zf.;GZP.....Tq..P.z..M!..[.......^..].....<~..)...........u.y?....+._q....y..lA#..*u.$.W.HN'....f.b..H.m...(....Q. |G9P6...*.].t.......d'l.o+e..gX.l.SG..p......a....7U.x......l..).1=.R...C..A.+a!...0~.......Fsz.\.s2h......&K..M.;./G..8..!lz..[l>..g....I.I1DR....*.........:...P.2[i.nA.p...L...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\251__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1351
                Entropy (8bit):7.120996477483865
                Encrypted:false
                SSDEEP:24:n+q4ELNucnNwkqgOgW34l+m/quAbxqO+TSsZi64SuZVZjH0TH9O5Ye+QUiln4V:n+q4WNuGNwkqU+O+m/qxb2TNyVZDNEBD
                MD5:F2B6206DB6967C42F1B12CEFD1660FC0
                SHA1:9A0DF1F6D2E839939DB96E9C327BEE1E34F0B197
                SHA-256:885BCF132FECC2012262662AFC2DF718B6258DF4F2BFB529CF7AC5133157CFAB
                SHA-512:FF41CDCB46AF70A8962E96042D1719B1909F665B280777FDEC601643FC125999AE9A9966AD2720227FA6A7988F825349948C9717552AF8363D5DDE05C87F8494
                Malicious:false
                Preview:^.......Ca1.....fft..,....+..z....K".7{........%-.3jE....W#.R.Y...n.z..^.A../...VX%o...9...B[X..5...,2.N..G.u...p....?.J.=.!...V..p,.."...Y..rd.8...ef.i=.,?.d..B...X..F...v...#.N..!!OyG.........|...e....Q3.....d+.A.Q....~....~3v.t.g.....5.*....6A..a."(/.......?C....}......(....W..4.0.......E...<.s... ...b...'WYd.......)..x.>OdN.|...{...............................Q.....'....#......}...X....;.V(.D...K.TQ..F..u%a..0..N....U.&..OV...i.....s'x.W...'.i.....'.eF....u.....Y. ....grL.\[.+K...L..=.wp...T$..BjL..Ei.....e.Y.WKpfv..g]5.l.2rj(.#.....0E....W.H.....N.09..i..O.N..,1.|.....A).f.;.%....c.5.l.A8.S.=A.........>lZ.....x.....`.5?T..R=H..O....(....M.bS@..{.x.HLg< ....W..... k..e.}.._.M5..i...F...n.~....1M..uY=..\....g+.i[c......]n\.i,.......~.ZE..p.n...^]B2.K.s.Oz..$$...<...{..!.C".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\252__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1188
                Entropy (8bit):6.945079016707578
                Encrypted:false
                SSDEEP:24:2YCrGX+fOHqJw9WFSHI25z1thRsk5sRVl1xZVZjH0TH9O5Ye+QUiln4V:fHX+f+Uw9WFSHPzffsk50V7VZDNEBiVq
                MD5:2CB814B494EF850F9844659FA6DB27C9
                SHA1:82D391C2D2D0D3C5E03C7AD7B568FB98B4B75E20
                SHA-256:FDD35E6E3CEFB349609067E46AC04C80C5891D39AC71221FA5A7CA28B69AF5A4
                SHA-512:D7B92E672C38B277AD598AE80D99119BB8D455284B0A01CA7CA71A84CB3A0CF73B0B09E7F05E4D40E9646B8BD2F150E196DFE0B632F79FA741BC7C61A9F92440
                Malicious:false
                Preview:..W.....F.S...F ..........;.O.g....A.J..P....}........{. ...o.$....%|*..w]o.....X.-.Q.>..........*.ld..e.......H.W?.F".9z&.o....L..F]....z.LM..7..I.r.L.Yx..@[?..(...-.?..a=|...a.c..z.......~ E.\.....B....0.(....K......_. ...#...].+dS.\...9.(,..;b.!.l...U........hB.#|...%!...Q...0...wo._o...r..w.;.B.M...Z..)E........n.8...Y./Sy.H~..s...../..zv.MHN'q.3.!......j..MA...R.......}P......f..r%.H?:.kg.)...d.7....U.|U.>g..1(..4aZm..\;.J..I.vX...B.....l.%.J.*.....B.{....2...A<.u..d3.....x....8..7.+E.b.N&Cca.e...*..........(.....t..A.P.....q....W.u&..7.b.+A....n........,.<{...8/...B..F....H..j3=..Z...i...U.......m2..v....~j..x.b.H.C..r......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\253__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.8973392322003875
                Encrypted:false
                SSDEEP:24:QefynViRMniKSxOZ5vZy2HADOxS0MZtsMeZVZjH0TH9O5Ye+QUiln4V:mnVUMniKSs5vY2g6SsbVZDNEBiV4V
                MD5:BCDE1E41221C2EC2EEC01104AB8E2010
                SHA1:31F8D0833C5DFDAB87E6AE34848C7E732C8EFD30
                SHA-256:CAE85E9D7C1A453415BE52A44379EB55F49A75FBF2CC385D44C5E0089E2D9EDD
                SHA-512:EDC36FD12F6B0D0D022DF5615B7ECE45CC6C64F248A3BCFD7981596E2D93A5EEF1F848F5491D32D269CF80C7AA6AAD6822C96E2E1E22BC47CC97983540856E97
                Malicious:false
                Preview:/..cQ-........*.e....B...m'.J..T?1..5..|%.P..].'\...6.x}N.U........$....O.x...P...7..D.F10..i"R$.|..........r.T.........m..'[..%..L. .]./O..o.V.........TA..Y.U.g.. 0+....J...t..O......Xl......7WV<.R.[_..E..r.....A..=.[.,..:..y'...z..j.J=.x*..z'./....Q9....v.l.\.`6..._$............'..u.O.*Tj^.o+r...O.B....:.z.-).....J....&vY.w.&..9..9.Z...xE.9>.mD(...3..4.F.=^?....N.......%.?\..#...d...........l).:9.........&.m`:>.1w..9q0....d..pZ.sO....'IP.N.l.2..ml.g.XI..kx3.i......R..6 .>.m.$>.9n.8|of....Pf.......W.%b..[;\...P..#\.....o..!..CG4.<.n.....f..g)_].F.|6T..4...R....r..z....'..r....|..$nl.c.....J....*+|5b.hD....'....\.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\254__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1218
                Entropy (8bit):6.974873810416632
                Encrypted:false
                SSDEEP:24:31GyXfiJ94qpRX4fiE95dJEcoqn84RyZVZjH0TH9O5Ye+QUiln4V:oyPs94qp94KE5duqTRCVZDNEBiV4V
                MD5:46867C80D287C913F39023C90D34D1A0
                SHA1:3B9A2D4C96DE4BF66891F3E2F5D3721B924356B3
                SHA-256:1AF011667C00EAE90FD2C08B16FAE52FE21F4BBCFB2D1866594F7668762FD854
                SHA-512:83E92C493BF892008F0EFF48945B9E5C1848E482773EAA99BE71F30234E8AEA3A91FD92F502BE26A940537243AFE9A57C9296FA6D3BCEB64B4C0DFA9CB11B912
                Malicious:false
                Preview:..E.';...%.t.\..+.!..+..Q.....~b..]..........x...Yq.(..R.E....h....Ji.n.t.oq..V.McK..wf....#M.....y/'..G....MmX.}........^I.#..U.8......K..!d...$V.6Q....."Vrc.Q.i."..........Bo7.-..,.M..q..{.wNs.>B...........'E.>KY.....g2.8.?.x......%..Oi...1...2O..I.5pN....c.Y.2..>.....x.P.#.+"t.CZ|,..U.06.6...{.6d.....I0.D......H.o....rg.^.....SjcS.....1Dk..d.....7k."C..]`.C..]y..g.b..T...m_C..p.z...F%. ...B..............O-.G..0.O$^.m..R.....O.....m...K.....|.....z{..p9...C...l._I..re8h.)....*..i.f7. ...|J*..I....;....G.~&j..[c.%..`a0,Q...p.wv..b..W.L..NZ4...C<./.......Y...T.*g...sr..;. .kJ.....%Sv OPG....w[...A.N.9y+.<.MH.M.A.iQ........zsI.....k...>./Q-.T.%Z+....\..>c.V460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\255__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.77227434685274
                Encrypted:false
                SSDEEP:24:06dBor1KhOlboyWqdw5g+IvZVZjH0TH9O5Ye+QUiln4V:DIYhMAqe5gBRVZDNEBiV4V
                MD5:D6884222EA942B0A45DBE117631D50B4
                SHA1:94CFDBDE0D9A565B20A5EAAD78ACC486683E5BF5
                SHA-256:0B00D94F1B456DEBA5880C3000C25A77DDB5173EA61B7050C86C17FF2FDD89AC
                SHA-512:B1ACA5166900FC4DA63B306932BC8A9FA5EFC6FA45144C2D1DFF86AB46F2A0CD97D70C431B5FE7CE3930567E2E46A51864F784D702BA5DE8F084ADF1D61594C8
                Malicious:false
                Preview:....a*..%.B[......x2.vX.s..6........K..q..! ...b:M..w;%}.D..7..nv...xM.K}T.N.,K.. ..R.*<Nx.e..$%...4..b..p.6.O..DG..k*S.F...?y*.T.....p.......i...lp.O..".IULmV...Y.;..#.0....2..~.'....,.^+,.)o#}.&...G..4..O....,^.4.....Y..].y.H.m#..........=...$...q.d...N4...'>...Q.'....r...Za.... ..bP..&!"....S.'...!L......,5.=....Z'.......&^..qM{....I......+..D..0P.L.N>qvf.M/... ....{f.Y.....zw.t.......%b.........A..RM..Q...*w..x.N|....,.RM.g......+.x.+ ..f]FGuj!k.Gw...0t.!K...c.K.......7\.Q........m.:.\..?..A.I.....D....o..nwei..".>.aq...D...{).460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\256__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.654337589510666
                Encrypted:false
                SSDEEP:24:fHD4pJR15p+zHfzJ1vvoCTmOpZVZjH0TH9O5Ye+QUiln4V:cfp+bt1I8mEVZDNEBiV4V
                MD5:E607865512A4546A894356CDB2CFBA12
                SHA1:885FE4CB8311119763DA81134FB95B128AA207BF
                SHA-256:A872A81C67BE5D4C3B2D650A5FA1AA54EB52AEE2D3C3C75EEDB2AA872820985A
                SHA-512:150E0DCFC17DC30EC2220A7179EBB26F3F7C22C476A560F6BFDB2C958E99191FC682574CBED374336B5C53A64227B6CFB1EC5DE47105DB300EFFDE778E704E23
                Malicious:false
                Preview:.../@.*C..2.W4.k.>)rz....!1..rnZ..!R.g.Xw..+3.....{(...!.`...Q.u|.k..i.!.....M.Y|....{....I7<.....6hlb,.......4...xr...2.`....=..z......../...C..6.:.*......XV.....p.....f.:.H..E!ao..U`$...4S...RN...F.....P.?......5.....[t[?.....szP.....o..[..2 ....P...|.I.#...v...8...=..T..Hf...Q.....`.>CS.......q.qf.#..S......;F....3v.`..K.o@Z.~.W 2O...h..`.1....`...T.L4TL.x/...tG.uN.V.u..J4(..2......".f..a..wJ.C.R.P7..e.vHL=..8.l.e...kF.....A..+.S....VVa0.....jx...?gY..5.eM...........g..SG..A..n.u..k.].<AIs{.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\257__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.4460820082824
                Encrypted:false
                SSDEEP:24:y2sqlvcTO17+j/DQIYWXhOuNZKDd8yoZVZjH0TH9O5Ye+QUiln4V:TpOOiDS729VZDNEBiV4V
                MD5:E2D89C7A7DC23F9D19C390AB2C8F5E37
                SHA1:E7E39E2B4B5D8741B99945149073B802147BCB5C
                SHA-256:ED9105433E80CC194602D796FE4C5F4C2C6983126B73485F3D8F2D65952F0EC3
                SHA-512:CA7086094BA95D926565F754B9DF492D07B084B9B1F5110F889E62847FAAF70D741F8A950908B8C1CF5358B4F338F690CDF8DC69C7DF5F1B6235243445477CE8
                Malicious:false
                Preview:d...~..y.7.?.........c.T.._...W...t...g.U.`B.C.8......_...._A|..b..i..1H.....o.]..B.6.c...Z.V.Y...SJ.?...t...(..y..~....@B".RN.+...O.{../.t.t#..MX.c..P...m.J..l.]....i..]...k...M......e...A.8......F.).OK%1n...3......b..M...7.u.6....$J......oqA..O...vM...~,x.X.1.N[.-.=....iAN.NF.....l}F.C.YD.6hJD....f.6I4.9T~....brX\....UE5cwHu.k.{6..a..\[M...5...C.G .Q6..:.8>~Z......ng....". .zX.g"+y.:...X.k..[F...."...c....7.B..E..P...Q........'460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\258__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.957625730938131
                Encrypted:false
                SSDEEP:24:7+HV4tQI4JEScHY20z9gMZVZjH0TH9O5Ye+QUiln4V:KHKiFJE3HY20z9gQVZDNEBiV4V
                MD5:115565698A7B217E5C6C5B3F3C44108A
                SHA1:291D7FA79E1F022EFE68A272F8030BCD05D63455
                SHA-256:161AFDE7121A7E452D9710E78487C03DE7887F884BE464CC6FEC313E563ED882
                SHA-512:D497F6E2F33D3A039E59948F523DE61ABBC49CC0B92F9095AE33FC7F1CC77E6897DC4B10046CCFD5E221F32CBB4459C927D57EF748EB655897EAC0D9F00A8748
                Malicious:false
                Preview:.m.{.|d..+4.Z..Z.D.3..|...P6.@`...u.6E..5.d[.j^d.-.......oP....)$.#.2.nvn...v.^....]RB.M..1..4u.H..d.........Jz......."WY.[.....N).?.p....A..^x.7.XSmx$@.o.....p u...2$P...g]..\E#.".<D.w..`..$9p..m.i.,-zSo.....(G..$.../.....+i.8.=....y......8.=..m.{4...3.%.....|.V.|-Pw....R..._.$....u..y.0i...zv...i.....mlx.$0L.Y.7..V0|9)K.-..8.......o+..T'2.^+d.t.~.......YMa....H.y..0.U..B.a....l.RF...,3a.&.JQ@2.{.I{.....J..D.a_..C?..e..$...xCk<.>X.(.R.s.7(..qB ...NMY.K;].~B.....hsr..$.ya.9.&3............|.?7_7....0o...EU=...8C..-...{...D.....u.Zy._a.a...>y...bh...@;.....c.....'...'Og3.C.....W....C..r.Nu\....*T..BwoQ..VD..N..[..bI....vV..a..7X....A....?R..K..K.l....N.]%.a....x..2..0.X:.v^460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\259__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1354
                Entropy (8bit):7.122772054483433
                Encrypted:false
                SSDEEP:24:1S8OCzbFZAd19hh7y0zY9PgQ7xNlh09ggtuZhOo0BZVZjH0TH9O5Ye+QUiln4V:wS/FO9375zYyQ7U9ggbVZDNEBiV4V
                MD5:4C39BEA5B5B8A6CF2DE15DBE72841F73
                SHA1:548F5C39D0F2E9764AF4E62097C8C459F4005704
                SHA-256:71EA1FE05EC3CD7E5CC4008DB2F6034B05D2DC3EAC689013D40B15EB991CAC5A
                SHA-512:48CF32A93181EFB3076CE69A3E4BD7D0DADEA89EF79D7C071D9193C472273BD3B386903A750690690B4EDE55955D5BCD7B32480591AA4C5446F2EABCA5D4B77A
                Malicious:false
                Preview:Bf...4y)..zI9.....1Dv..Yk..W..G3...7..3.5....W.I......./...J..k;..;.X..i`.[.[-.........Y<&N.Q..r..\.Yh..#..8..x..x.(....b...9.J...ba.A.H.\..rV.dmEu..AbXM.-.{..B......-x:..l.E..6v......E.`qtR...."..).R..m eB....V.hB.C=.0.]K..Bt.m....@...i.u..6...Q#42...V.....H-....;.M....O}#....ZJ.R~.`S....j.A..D.v...D?1.....w&...F....K.s80*.a`OT...3x.a.X.w.j..?c...cNlY..G.._.....r.....6..0.x]....HS\.I......xs<..{4.........S..>.X..}...%...;j..=....IX....8$(.o....h.T3.+v....s!.&.A..1i.C........S...sK....sq|.Y...\3....G<.....h..u...t....i.....tj.L....B....L.`>..R... .h...j.......m-.;.,....%..p^+..*.K...<..'.^pn.!..#]x...A.....j,vB.31.'....D(i.pW.~...K.w..2.F@....I...a.........S.DS.x.]R..d...6U;l.L..:u...bi.:.S).u..j...5......`.H[.J.\..,..o...u.........v&.....v......3....W...3.t1P.J.b!....'.!q.].....}S........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\25__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.689969204315918
                Encrypted:false
                SSDEEP:24:KkibYEUpt0//QvxmbeLwtq3dfK5GYGi6WBZVZjH0TH9O5Ye+QUiln4V:TmYLe/iEbeLw43cY/i6iVZDNEBiV4V
                MD5:09C387DB28969E423B37CC239C3BE973
                SHA1:452EE161AA77175910F8D02C5BE3FB460AC2460B
                SHA-256:C71704CD89778FA5889CFA29F88DF96D8A3A07584D99EA454B7291F0360AA372
                SHA-512:3B6105FF258FAE89A2C0EEE6CE683B543BDADB7D022C668132406E009CD69A3B1C68DE5A77CF0D21F8F9EBF08A6A1FEB3EFEC6768001AFF0A52A5D11F0304CC6
                Malicious:false
                Preview:..-....H@.:..F.8`r1....;*.....8..lP.<r.^....|Wj.v...-...s......@.....Q./}].$..n...a..1.....uu............d....%n.u.9...k....c....=...u...?..X.F._|..].Wi.=.T.&.'x.^..k]...t..j...@|?p.$.w\....|7.....T..........Sk.X.%.,=..'..........T.M.4.#.b#aI...H.RL.T.8g.........f.....D*S..;.\Z...6...,Wxdjq.%.../Of^".b....CXs.{....^.M..j-6p...m.v5qm.l..A.._D...J>W;...a4'.e..*.5Hi.k.$...T..o&..L3...[..A9_.K..v...r%.......IZ._..~.{..).....x..b!..g..$&........4......:h.........oEw..B.....h....w)Ca........F.......p.....P460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\260__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1302
                Entropy (8bit):7.0704912326985605
                Encrypted:false
                SSDEEP:24:kDwaHc0raC1damtuOKlv482i1m/+tL8rNq8ZVZjH0TH9O5Ye+QUiln4V:kkH0rDdXfj/2yVZDNEBiV4V
                MD5:A31DE081F25FC62D6E4CCEB586531B6E
                SHA1:236643B6C66C7E53DA9526C67239F5AE2B9D36BC
                SHA-256:165CC073ED7DA536AF5DAD6154EA17C99AEA80FC4C8BA644692F7422A417899E
                SHA-512:C7550C5DC42B37552765D145E23B769A13912A958FF5DA616D70DEEDE64F3C419445A95EA16AF048A43968ECF29F23D450EE42BF64F316769FC11DBBDB312777
                Malicious:false
                Preview:.lB.).K&...]...m..)._............f.A&..(.w4.*.<)...Q..;:..........v]....^...[2..W......z~K7v2.F..A......Ft........R.G.....A......E.$....3.0b.....u..#o.*.k.;q*?=.S..FL.:A...U1...6....QH.i.k....#.].V..xw.|.J.H..F.T..F..~.R2..6.......!x........'..G.T....:nb.{<.h...e. .Z..H..}.....x.l.YPf.".x.B./..h.{C]~... .$....'l~.zDP...%a..SgYe..~rF..eB.......q..j*o+..n2.C_A.c..h~...Kq..|.`G....c.'.'|.n{!..%.....W..p..A.p.3..-..[....y:Iw..H.3....e...9....T..L;....^...'..5.&N....kn.%......W....Ao..%J.>.6G.iB.PH+7O>.v......./...46e.M=...9...qd.^$Wj....hc..L....;.....`.)t.9.-..%.O=j.....3.][/.#....|..=X7..\2!.4..|J..~.v..i.1#.NI....G..#m.).@.....E.l.c..-W.._.z4...U`.....q....m}..=...~...}Ax...j...~e.......9.^;x...V.....]...gO...._k.v..W....^...22p.....>.54.`.M460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\261__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1295
                Entropy (8bit):7.039758884305935
                Encrypted:false
                SSDEEP:24:GAo37bS4y53ASbGnLIcoQTuDwoX/xkZVZjH0TH9O5Ye+QUiln4V:5X5wSbuLLawoXaVZDNEBiV4V
                MD5:449DC9A6EF31A6027FB14F471D728371
                SHA1:17E9285A4D3B0445F4933B46680C2710B8FD8196
                SHA-256:64D80E784F450CC2486FE242ED9809460A64B96AEA207D027915D0C1F1515FE3
                SHA-512:B24D1981E30D10A882F024322170F757BFA7756DB39B917C18CF23A028291D08BAC6451EB5648C8DCEFBD1BD1DAE99C1E87179E9D64594AF2C0F8D15B6ECD0F9
                Malicious:false
                Preview:q_.Q...{.R'...r...c..B.\..`...WV:V.+.......X.;..!...lJ.\I..qWT.-.8n>v...AS.7.5RF..m}3_....BG2..Rjm[.M#....U.3..c..`......@...v....~DL...C.jw.z_..}.G...wd.?.4..g7....v3.;...J^.......k0....U...:.8...E&C..w...dz.G..7....X....U...&...`..d...R..^.B.....XC.X.r.....=~..$..l.:...:7.....7..7aAe..C.....o.:....ye..Kw...o.........&..CE....-...~....oh..t.d.<%t..U..1..wy.;.&...<.......c...dP.r...m...|~..H...'<:.3.)....6;."......T...n...!..OJ..Dg.4@....FH.s..%..Q7..h....?}..#.u...z.V%;aU......L..... ...ybV.bgP.#..Y.......T.Z.uL.:....E..a...u.BN.f%A.*.A%Vh.......(..t.....{..?m..a..zH._....a#.}(.D.W.[.F.3.+.~9..or...M....M#.:.\.u.....}..0u7.5.~.~....B].._.f....+.h.c..+.E...Kj.W7.~..f..x.Q.../..Xh.@...Yu.~1..Wb.K.>Y0./.. ...;r2... ..+\M?.h..tr...6-6.*pk..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbddd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\262__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1228
                Entropy (8bit):6.959965624284669
                Encrypted:false
                SSDEEP:24:OM2uX3mpJ+ZsEMQzupkrqpts0obZVZjH0TH9O5Ye+QUiln4V:dDH00umzuGqptE1VZDNEBiV4V
                MD5:CFBA7088BC11597BBA6B77EF7CA963DE
                SHA1:C14E8A2F55DF9F6E721CAC191B24B8D2CA1923BF
                SHA-256:61D9A6C18DFA75E00495025713A1D441700866349A69775C8D220197DAE05C3B
                SHA-512:33E33317AC533650B90429314522895CD16448E0D4D2C4689D9C1E92077C1981B832DCE98398D6FCB3559A894A673600BA753777A2B46D9C2009FCE1F63A9556
                Malicious:false
                Preview:..j..)....U.N.t..7...>.......A=P.|0....."..L.....CD|....".&PV!..;X..j..\.J....85.A4.Y.$.OlZ.<:1...}t......L....{Nt.O.{...E...x/...e.v.{.7.....=Yt2.s....8.....#.o.,L..pz...W...%"g.@....{..JY0.....<E(.qz.p..K.u.T..X......Q.9.....%-...yt..a.......+..L+..X.X0...8.c....[.nX.e........F..2......"..........=...R..C..6..ciL.......F.Di"..\h4..i.V.EAz..<.+!X{....S..c:CoQ3R...K...-..........l3......2C.."<G..8Hd(...qlNO..t.v.....T....N.,.-..@...p@v.?w....1...~$.r.2.o.d.M...I...D......d'....A..8..5C...8!:*..*..;.82..g..n.?..i.R.tQ....n.6.L.Vg...q.%...E5..}/c......ZZ.]R.5..b.bp...R.>_.@2.[..1`Ro._..4.....W.O5..N.H.eQ@..s1...R:.d.z.p...7.......$..+..:.==g..G>.=..t1S..Q>.$..F.).}....S...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\263__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1300
                Entropy (8bit):7.074248935427961
                Encrypted:false
                SSDEEP:24:5JLoFUwkuSf8VUjMmLqjNx7xdWq2e9VPy8F1LNHPlZVZjH0TH9O5Ye+QUiln4V:UFUwkuSUVUp0N9V2+w81zVZDNEBiV4V
                MD5:4AFBED0D60F5E43500F059BBABD012B8
                SHA1:D0D087D49C8AE637C9EE7BFFAD6E8165F53DD7D6
                SHA-256:D2E323CA26BE26639B98E8D64BFD0A0F00876D64C43075ACF24DEF4CCDDD7101
                SHA-512:8E4DAF78478DBC98751F38F70FB527EEEC1D6001B1689211934B70AD19DB923F3D14281AE273DF5D5771B212B40A9BF0D091E474E10FBD6FF90CF1F935747CA4
                Malicious:false
                Preview:n. U.V/.; g.%.DgDw...g.8[...P+m..B5..(fW?D.,.<..;*7.$C..,E...rs.........JZ\..5.)....t.Z.......VfR... g.......6..G`.:!Y.'......_.xz.E.s..\.."|.[...$..k.7.9..|.w.V.=.br..cS..1..>.PR>.lV.....,.o.0.....[.>P..T.M.u...[I+x...#6.T....y.....w.Q...{.n.E.....K.D.....n.#.....(D....)..Z,*.t.....T..8LQJ....a(H#w~..t8S.JRWGQ....2.Z0....`..fk.../.J..t.-j.a.S.HC`...t...~.......3^..<.W..6. .O qR...~.TC.....n.h.:a%.A..+....z.j..X..[..a..... 6.PV.C.e..y..*N....d....2...l...^.C)h7Y.vg..d..V.mH].k.#.QIMm.7......;........&...KD...a...jz.J...T../.@.p..Z...x.M\:_..P.J..?..d.g.k<../.. .....P"....,...'Z...._.......).a...A.EM.)3....>]..G-^r.C../.u....Q[.$..w.Rf.........|.@...{...............eZ.\.x....i6...W...._...Z.$X.}E7./.E...2..n&_A.n.h.|.I.2h..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\264__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.804870966790255
                Encrypted:false
                SSDEEP:24:teaUZFGkv/+o97NL+dySk02sJZVZjH0TH9O5Ye+QUiln4V:tqFGe/97x+doP8VZDNEBiV4V
                MD5:9FE38A2D020B64BE297913B29112D82B
                SHA1:960C5C02AAB763307F824BE7F2F1AA12F47543F7
                SHA-256:3E30E190F3B0AA20E63E82D9764E08BCB6D594CF542DD072FF00FFB07DEE8171
                SHA-512:061A807434EFF1BF9AB2833C6ED6D13F7B1300F62452BB87C3CA5B5B0B354C1693A511507CCA951D6F80D880B00BCC4AFF334728C72A6C6C722A1706EF0C8B94
                Malicious:false
                Preview:.......W..O*..p.W.I.).W........ .#tk.`.m..;}....et-.XN...:v....1.E5..&B.3..j...p|~....L.)...a..r.f..q.......#..tQ....A.....S..l....0.{.'.QBC.E.!....Ef.r.D....k...w..h.Z.\.:..i.X.mg..PF..U(..G..F.B|J....E..55%P.f..f_a..]r.w...;.&..c(....z....S:.;..T`..Bk..-..6...)...Wm.e.#..S..%.4"tw...,.Y.....C.Y@.pZ.a.+.YA.....F....U...n)..}k.v..aF........R1.P..:..-.?..4z'&.....GSS...-...eW.s..W..l....-..v.A..'S..@.....nv.).}...p.......9./...l.....V.....>.].Y..(..*...|.w.....Y,......\..O.......3....P.#.!<%.h...........L..........>...[....3#$i....j.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\265__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.673394867646828
                Encrypted:false
                SSDEEP:24:Fi77MMYZXsONEF7pb64fAvfVF3ZVZjH0TH9O5Ye+QUiln4V:I7MMYplw7pbZCdFpVZDNEBiV4V
                MD5:F36FC77C79C3BD438824B466EE1AD27F
                SHA1:EDEDD063F789F5A3BB04B05ED3BB4038F6E1DD87
                SHA-256:E6CDFFAE534C8DF48D12323FFBD1DF9CF137B01849600C10FCCA3DD47B995370
                SHA-512:F50F679C9E6EEE4B25ECBF23933A7DB72222F14B7BC507EF1571253D16D57B3D74CF3239F9FADFEAA473DC6F4EECDE86292E512268A2925EE0CE87C88F24401C
                Malicious:false
                Preview:...y.Z..xtQL.....*.l..6Cf.?.{".F.c3...m\..6...L,.(.]..........L..D.@.g..B.Q.....F.a..M>...z....>Y.........j&i........o8.U...I0.E+..y....nW...ad..;./.P...m....om....,....W...Si...:./...K....Re......=cP.R.....i.Y.'rf-.qt...7..6......)..g....Bw.0O..[-~.CJ.!..g......7;..sf.Xp.2J=/.._M..._...X.W{o].VS../....W.f..........ax[.....R.....$...X....x..+......x.S"..M+...u..r.b..P.~..c.f....K.t'e..}...[B..K..o. +..U.+.F...I...M..%..!(m.....I...%!]...;<..;u.k.@'{.R^4..h!..X.....#R.TnI....u;%.(.!.*X....:.MJ....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\266__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.484053453841245
                Encrypted:false
                SSDEEP:24:yYsMwn8yoTlNareFpRtrevuiZVZjH0TH9O5Ye+QUiln4V:TNWroRVev/VZDNEBiV4V
                MD5:16876DF2B9B5E42AAA93D3A8248D94EB
                SHA1:59336A17D54306825D6904E4B17DFA707BED9864
                SHA-256:01308E4C258F27EF104F249EA4D6A3BE6E6FD0DFC621C20B3A5847D7C1CADAB0
                SHA-512:B2A350A2C6E7550E3947FF51AB54BF54BAAD663588459C39022D41EFA5ABFACE92CFBC058B4AEEBDCC0FFFB2A9475490011CAC4E53629DCB37BEAB668AB67BDD
                Malicious:false
                Preview:.(.u........$E..........C..mm.6..1...3.V..2.;.....w7..z....B...%&....[h..3.37].U'A>./.&G5.v.i.../.m.S/<......J..3...xe1i=......B...\.!*k.t..$. .....2h.(......F......?...hv....[.g.U........ .B9x}.3..>..m-.SZ$.K...OR...s...J....XQ.:..b.$."..e...x..d.g.......]........oFUz.....gNZ...`8_.H..f_p....`......T.o2.c.R(....r.H.1......;...S..}.fr2....\)...{...AJk..:L..Z.....d.........R...$~.l.....vC...&..D.D.....EJ.e.W....Cd..[z....E?f..;460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\267__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1239
                Entropy (8bit):7.029017799246294
                Encrypted:false
                SSDEEP:24:B0b+p2RXFmhhea1NfTGywaxUre77uEZVZjH0TH9O5Ye+QUiln4V:kaMmhh1N+axqC7uYVZDNEBiV4V
                MD5:86457624789229893C9B258149543C67
                SHA1:947BF766038AB428E9AF593A6FC148D194CFE44F
                SHA-256:7491EA12AD07CCDFA398CDEF026093EE8B53094A0353BF29694A837F534725B5
                SHA-512:8419DD39D3A40ACBA4E361EAAB0C1A7A7EDEF1450DF582828ABE694354344A16E1357CDBA35F5745C7F5139EE27BB1CA1D73A33779232FF550D8FEF281EBB99C
                Malicious:false
                Preview:.Ht?i......O..R........+.0.J...x.......]%.]..%$.Y..<m(...l....Mi.......$pQ.:..-...*. ......@......xJ..........O..w_..WHl@.V...d.p.{.Uc.....!Il.K..o.\p..+.&r...............y.Xn.Y.q.'.P .:.w...Y~....E..].V.*..7...gP..H.."{y.......D..Q...Z.....(.c.p.3..S..?2).....X...h..v}~$...Q....W.KH '....P...B....Y.1N..m...Jph.....W.. .a.m;}RS#X~=.. ..A..*fI..=.m8.Fe....g..o=..I.r....2wS.F.>.1.....f(..?.d..3.[..1.2[.......x).!.K..n.&...yy...9...O...Nl.w..=..$...'..P.......6Q...7.j#{f.E..a.t..G.7......Q.i..D.n/.M..cU.}.q.*.'.H.bg...<.L*MXq.,...r.d.W....$T.-Ll}_.hM...............D....eR\. ..#yLm.[.g.}..*.'..I.T......|.(K.+.._.[D..H{.....n.Z..;Z...<.....V....Oo?.W..Yo.J...'I..o....(...HA?..]...<."z.5460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\268__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1218
                Entropy (8bit):6.973615375021692
                Encrypted:false
                SSDEEP:24:cvmkKQUQSksuN0mvXeKqjJ7ppe9ZVZjH0TH9O5Ye+QUiln4V:jkKQUlksuN0mWv5p0VZDNEBiV4V
                MD5:1D83C489736AE588A4D1C728AF7538AF
                SHA1:4FFCC562E2C44D07D1FA84ADB84ED42A16F5D227
                SHA-256:CFF44DFB712AFF9E676AF2DB4C6EBCA3EFECE1BED0A8EA6F4D630E5F74F636D1
                SHA-512:C7DB85C83023A5700323F156AB58855C8B7171F63C1FA15A43DD61A98CB63F02BDB591EBF218B92F810BAECFA0C32EC32038BD4080A233F8FBC1F6A83004D082
                Malicious:false
                Preview:q.o....'....N6.,B'%VQ..Z..p.p......8..J..a..O.,G..'.Wm%...H...&.(.......#"....J..........Y+Fk...&|S....J]..O.O....-..S.).4.E..]"....0I.YM....e.e...X.T7.+....s..X....&..^.......~...a...%.$...{.....v.U..xO@.!..e...mR`........+...R...y...g..].,(JLcW]~4..x...k....g|I..E.q..._.zI;M.wbjj.7.U.....T.....x.s.Y..V...L.yY....f..E.w.-....=!......3.S.._iQ.k..!.cF!.32....[U..L.F>..U.G2..b.k*%....*.....&.Jk3`....\cl.Lm6p..z<..~...w.....BGj.G..:._...-_..UB..Z8..w.-P....n....?Y@....J7t<.5=..zE\r9...;.?................... .!..l[D*...h_.=..[..Y8)7].<.e...3.....t.4..\.M5<[..$;m....+..3.'.B..\.....rC..a......=....z5..P|L-+.Q;..{$7...RJ.Fa{4..G.....2..?.v..!].S.M.&.N^.`b...n.cy.......cy460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\269__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1241
                Entropy (8bit):6.993834211565154
                Encrypted:false
                SSDEEP:24:1vQPZFVMUYcn/OFTt1WQJs3uE/ECwZLZVZjH0TH9O5Ye+QUiln4V:yh0UpcJ4uE/3wXVZDNEBiV4V
                MD5:E66FCFEFDD4B42DAC9859149041A2405
                SHA1:C2AE569ECC37FB4BFC60E1A75A0E4C8F29AD7050
                SHA-256:BDF9C803A6B5006A5BCF39F394C380C82EFF63DA3843BEE334647388BB3B517C
                SHA-512:02329A1EECD9792CA4FC00E609CC651DE42B1BAD5B2A819DF53F734C222AA37BC5197F7B52D6049E79513A35A7987AB213939DEC7BF8FC85198F872554767F6E
                Malicious:false
                Preview:..&.n.-.&.L<..E..~....;...5'..])...".Fx..&.".A.S..v.9...h.>..[.VP.....p.....c...9r....X.-|....V...2@|{C....y...O..)...P...|=.J...U-....~..M.?.$..0..(..M..m.....[.b...1.#6T...f%..<m..a.Yo+...w....Tz.he.T.n...SU.].X...]..4..[.~.....2...;!..1 G.5..0].....)..G.B.KLAC..v.......:.4U<..;.#_.UC....)...>p=D.4.i...iv..nE.gcl'.Jf.*~.9......F.M.....{..Y...S4..y..1..8.q..Q.V.$BI`..!.:..&Y4..M.m.R......"/......A...?6,?9..~.2U..K...d.c.=....:..v.....L....!.. .;j....X.-.E..6.V?....U..}e/...Ma.._.).mq..n....3.P.=$a.rf.......!.....$.UL../Pv=^u>\c..=.....ECl.S,.,~@..?o....Y...Cz.(.....z.'U.x!.d..Q|........^8.g.$C...P..H....4.Q.Jyo..*UM"....rG.[..V.T.....T.C.....R.1W...60..W^.....p..q.......0X.,.9..U.B0<460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f668

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\26__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.477640159210058
                Encrypted:false
                SSDEEP:24:nau5uGDmWre19Mz/CinAZVZjH0TH9O5Ye+QUiln4V:1yae19ninsVZDNEBiV4V
                MD5:2C47B5AE88A518BE87DE25ECFACCFAF2
                SHA1:CBD86CB706BABD7727D3C0E14BE7582AA8474742
                SHA-256:63184772237CB59922D1851A0F0754816097D08AB0CEA4482E9BA7BD5DA617A2
                SHA-512:9095F4ED800522CE87D3B3CB513E359C99EDAC641E4AF02C15F42B82567153FFB3DF9BF8755917E1AB79F01841D522CE01F39B8957BCB00B88C8B7AB263EFE8A
                Malicious:false
                Preview:...4.P..6>.wr/.,..$.rR...x...].L.wL...{.+@....)....R.5G.I..^.....s..a.<.,kk\...c1.Z...m.{..L2`.#..+...ZI...PQ.n....?..0/...].....I;Q.P.7f<.-..{U.8.M\..p..R..uk.R.|.........61.F7 .@.....q..`B.O............r.5y6.7 G$....V..;66..] D...F).p..~..D.....s.4..X..A.2...l}.t..AB#...r.&?... $......o`J.p....V.9a..mzMR.....h\..Zj.1voZ..EJ.7...z.......n.-.....kj6....x.....).+'/.....T."....+i.\..Nwd..!.&.....VwW....f.gg.Sk(....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\270__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1082
                Entropy (8bit):6.732918042145616
                Encrypted:false
                SSDEEP:24:mUT0neXXvwbrbOtCWs9BiJWPhDNRZVZjH0TH9O5Ye+QUiln4V:mUCeXobOtuBiGVVZDNEBiV4V
                MD5:51DB4E60A768604714F793F0FFB0D0B3
                SHA1:942671F2CD9AA95D24ADE8B4A25055D8E05E5CB9
                SHA-256:C0292C4A89A2C47D91E22494CA903CBF9A809CD7462DE73A13F0CB79CAF9ADED
                SHA-512:603CA3DA8D375CA0DE1C2122AE245893BA60E5D19326B0A9E2E714ECD89599B5C6E2D49FC8105E79C263AFA374F113F649C295ABA80E8ACEF51FAB173A57DDF2
                Malicious:false
                Preview:s..tL...f.........`.5..=v0w...3..R.s..0./..Z..K.".f.:z.....8..|....t...Cs.^5u.Z.N[.2.p....z.tG...I"...b..9.z........j.......Y...C.3..9...R.....-.6..>.D.L...L. ..h.P.b.a.../.&8......K..........*.o.C..r...C....Q.\.Or.*e'..<..M.H....RQ...U.j.g.ey.[...`.x..{x.~.)..Y#.s.....4...!7.^_...97..{i...-...{75.x...&$...x...L".p[.6...D.......G.......d.G..%=4...`^...Y.-.K.pk..u.......OQ.....8.2>..Zp...k.k`.lt../gp..n..".|...q&.....z.}..................1....G..p....AO.h'.......583..\P..B.:.$.1..)g...Je.<FVW.V`....W..%.'.ZL..-..X..D~.. .}..'[.&d.&.S..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\271__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1038
                Entropy (8bit):6.647086015080001
                Encrypted:false
                SSDEEP:24:C4RZUearULWvaEGlvc7iZVZjH0TH9O5Ye+QUiln4V:C4Rq7ULWfaYyVZDNEBiV4V
                MD5:1DD93D87ADA6A7EFFA6EF21FD0153BC0
                SHA1:2E8D47E7BAE4F11F82F746DE22843A5DCDF1C573
                SHA-256:9D35169B5A1AF15B7CD30B1A018E2F666D00D26B94E16C99FFE333E258D1C3AE
                SHA-512:6FF9445A20588A41876CB30D8B70B25929F40CF4EE62D4278A18126F985957FACCBED999AC6B63C3C44BB9E8FCEA6DBC1ED115DD96A7B13D948BF44983F35860
                Malicious:false
                Preview:i.......}'... .....t..Bw...K..v.`.......Fp.l.%.8a.(.........3.-B.........ae.....$j.CZbS...+hWf_.....s..`.S..Ce.....a.......O...X./J)9.nT.' .>b....(..n.U.T.Q$.k:...:.x.C..8....t={.D(.G...%.....|...!...;._. ..66.._...T.....;O|H.......k..e...M.NgPd.._..=.+.3.ex.A.. ..a.1....I_..........a.{.........2.:[1....2..s}...F._z...H...En..F.I...`...~..'.P8..n.....z..G.F:...>I..$2.l.Nz.6&;9.4%._.Dcu.D. ..\.:....g.Fq..............rb..Nr...h(.WN...\>..6U..$j.....x...t%.{G7...)..l....e.2...e...,:.......y..i...]....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\272__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):6.510387494463902
                Encrypted:false
                SSDEEP:24:+pmMz7+XC8rviCwsHUO3sheEZVZjH0TH9O5Ye+QUiln4V:+pmm+y8fwsHUO3sZVZDNEBiV4V
                MD5:C3EBA9AA7D24EA8F64E12EE422D58C7E
                SHA1:CDD60936CB59FA95DCBBFD31F4A18E9E5D43DA02
                SHA-256:E02EB3A7C49EA107C0219296021E01FED24548F7BFF9DBB38C8F63C0A4D33D19
                SHA-512:97E0939D1A3BAAEB4C14D3FE8525340443EA765CA2097C6C27A0D053D36E762CABD1DED4063FEFE7C34F0DFE68837B83EEBC883A65B368D6E1D5CF2EBB1B3EAD
                Malicious:false
                Preview:.....~.8`i..ul..|..c.l...eI...$..%...7V......Dy.A3.k..\#.3.:?nr..7......v..*{..Wq...X.....|.r.z.u...G..=/..!.#..i.5...v..Pc.M.q.q.{....T...pRQ.O..R.....L...7.*v....|.....s.F.1..A..8lYy..._..w7....=.\..V.....0.0. ..r...>.]..`..h...."..&....PW.....)[....K.h.{..6...A..z...YP.......rL...V.Bb.3p...v.Z.W...fiJ/..g....H.;#.R.D..W6....T./T,H#...k......-}.Sq..OB.j.]y...)..[,..JB...TTQ..?...s...vX.........0.....,.Z+C..rIZwg.,...@.Fj{460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\273__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):6.979071240809787
                Encrypted:false
                SSDEEP:24:deNlacXjYYZVz9JZLbZRPky99i7bZVZjH0TH9O5Ye+QUiln4V:eaY9NZLNRP7iZVZDNEBiV4V
                MD5:123B6A2DBCA1DC2B8192CD554365DD18
                SHA1:BB7531710A8A5375DD8166563C6986A1FC1C85D0
                SHA-256:88A850641C85982691AC318C99C00A7F6906773ECBE99733B231E6EBE1CCAB93
                SHA-512:33B45F2074AFF9993EFF0708680787BD861AF93C5813C1C06C5665CCE915B8F38EC5126C9386C7B75F01778E78F49E23FE481C5DA728F2288371669E8BA47DBC
                Malicious:false
                Preview:!dn.s..KO.....85...u.K.`A.]....s.........i../..?Te..(.>.......p..Y.....0...#.......^.E.{.3.......bL.........&..\q.I?.Dd.=...9.../x1=.....a@'.N...bXQ...O...i.....f..g..~.....qZ.}..y...q......H]...#..mV.LCN. .*..K^w..le.*Y..;>D.P.rW.L.:... .....<.....-,N ......e.......K-..fl..R.m.5.....*Qp.V8v..J.....m.!...].ms#7...8.q..DI.T.,.Br,......"z...q..Ua.j.b0r=.....$!=......e}b.5c|..].c.....m.-.7/....\.{...i.e1Vy....../>.kq....1..=@.w a...M....<....SB.T[.(lP.A....W.d..*R..u..1UQ......D.Y.......!...HM].c..W-.Y....$G..<..1.w..$..g....y..o.......|........X..2:.u?..F.y......6.x....g......?.(O...o.?.......a.d....d... .wNLE../.`......T...7.G.#.A.._U'n..e...._..9....)..%Npen...(..j..#..i....9.I..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\274__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1288
                Entropy (8bit):7.0504275689892735
                Encrypted:false
                SSDEEP:24:PIAY1Xh1iF3K3UGC2SF4MqPccmyenUtmZVZjH0TH9O5Ye+QUiln4V:AAYJhoF3K3UDVGMqUBjnUMVZDNEBiV4V
                MD5:C199EE7D6CAC0F130B34E46C496FB3CC
                SHA1:1A4FC884BD5EA1483FD2A47AC0BF2B489AC57F43
                SHA-256:93196F2FF1798E34F02F5C446F2B9D77DFC8C0E401895615444CF0AD5961A29C
                SHA-512:860577D995B22DBB08D6615A34F7BD840C773776E54F77F0E8CF0D2D7A75D67B8BE81497F53B2A4660A0CC7B72A78D2CE4D1AE5764FA71C3C64A99195B466FC3
                Malicious:false
                Preview:i2..j.X..F.`.}?..=.#1@..%...m.G^........h.._..O....f*a....F9....e^i<.m.&l.y..&.v`m.&.<...;....?.4.E6.. ..u.fU."s.l.C.h....:#..E.Et.8...&.....k_?...GbTx.ZS..m<..p.o}....sX..kc..5..u..e...A..k.Z..:..Ci?.0.>..\....0%.D..C...[......{...E.C.<...........t....9...W;.'..R..-.>b.IPz.v...o?.R.x.K.9.}.v.......)...0H...`..J.rb..9.yZ...&.#Y.h..4.VkA...0...`.0.+E....%..i.q..F..+.+..>..1..".d.v..~t...S...u...~...Y.o..g.....p.G.@@._.M..][........)%/...5.M.[.z..|l.....E........]..R.M.l^.<?gQ.qPx^..5.....e......b..+.`.b..1.H..~..:JV..{.C.O|.c.C..(...G..^..4`..IwLk.~x.}V..>oE. w.]."FC9.....L....!YC._.S.u./f.....TF..^.c.0.....O....SZ...6..PC._)$....a.-..M.T%.]..f.....sGn......t...cqB9HqV..&.....G..4n.E.r3...O.<...'.RZ...{F4J.gNL...a.'...H.+460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\275__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1774
                Entropy (8bit):7.419346414708897
                Encrypted:false
                SSDEEP:48:eHIewArZO59+5XUjgreEBhFU8GXQVZDNEBiV4V:a4oOHMXUue4x7eBiV4V
                MD5:7D3DCF4E9D5F5B268BECD0E58D5F00C6
                SHA1:FDA9AA755B29C9E3FC93E65BB66D04D938BF5E70
                SHA-256:9BAEE54F2AD86918C77185540231D56372998B38277719C692077CFA56F863EF
                SHA-512:586BB6036CFD4C3FF9805678F85900ABA03811AA9EB23AB1CFACD0AB72E0AAD6D5A1822F12FF0C8880C8992B61BFBF0CB3E719B17761801E384AA8C1E8B9DBB5
                Malicious:false
                Preview:.u..).K..\Y.8P..#......e..{.".......:.M..?.,...(s.=."(....=...v.....'z..."]..3...O"oU&.3ys...p..........S..:}-.......3..]<...K.&.x.<...Aw....m.#.......e!.Pk.(.N.\.nc..9y.\..q.;J2..E...4.B.+..y...z..C3.[.Vf.f......Pq.S,.."U..}x/N..a .L,...........#O...A.a.J.5@../t....gw>.Z._..BM"....aJ...#.7.w.t.2..u.,.....B\p&.....$...........e~....uw -..W...|.n.%....S..f.1...~.8.8.[Qg....(.A[.a&.@..a-...T.....*.t.:.:Q...x...B.;.M....e.....S..[.(.@J.F.g...[...b.6./.....f..*..Y......P[.[...As.M:..q..G...az9.:J....v..:mo..W..2.....^..$......k+...O.....}..Cs.c...7-/..Q.pG..z..#.$p_bE|.7...&.........@;......].Q..E.).l.#.I.e$.v._C....|.y..V.....8gA<..S^O....,y.R..|..i3R7.w+..vz*.qY.`...F.a..'|..%...7...."K.Z3,.1...FM#..v.....E-~.%.`....*(....u=J^........`..+/YS..Fr......Z\.V$..c...bL.v5.iR...q...R.@.C..jl..k3ntL..\-.~Ut.. ..o.p....J..X.x.nY.Hw.......[..).._{V.`."1L......B..{.}GM7O'&(G.v....g....n.v7....D......t7....K...<7.z...T.3q.........\:.....T.....A`6....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\276__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.749712669966739
                Encrypted:false
                SSDEEP:24:UfA6ZVa+TD4oF2WsTe6HmygfqZVZjH0TH9O5Ye+QUiln4V:IJ32Re6eyVZDNEBiV4V
                MD5:62803F5F1BD57E33405FF21E05532F5F
                SHA1:9F4567AED330B2604BAC52F812ADE23DAE785CB0
                SHA-256:0792B66D34E33154EE6BE01AF1857CF0F72A952965C6DAB5EE85DBA3F2FA1802
                SHA-512:DC048256FB3448EA320600711464421934E7D9F31C721E57CBA089003742B1CB81247C04512AB0EDAD0246B72FC2127C4FB39767FF8FFE8830A81AAC7F1D0F9E
                Malicious:false
                Preview:..hM.'..>Ln3..OAy..y......|..X*.3..B..E..g....8....w.tK`..../7...}.....'^3.._'...2G'.@..u.....Z.....>-T,.5Q.....m=.I{b.....,v...z.{[".5?_.@..>...].F:..:'..o....y.$.h.....9..Q.l.sV..'.....[..N.<..OD.@:w.Rb..C.f..9...5.E.....lq.n.%.n$...g~.._~.e.8..u.L.i..~L....?.G.. .....x...]Zx....Bb.'.............r...8..b......D..|../.r{......1g*......m....1..uo..p....L..@.Qb..4...V..k.8.Q1..%Y.XZ....l.."].j....AK..9....n..g....{..@...=.eri.".qY....kOq...`...+........X.[...~x[y.r.R..d....s.^.Oz.*..+2.F{.. ...*4...;.n.M....Y...\..^.Nb.(.J.4.v&<O.#O.Z.).m.6.S3H}460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\277__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.653157419116207
                Encrypted:false
                SSDEEP:24:/0BFnIwyPzojZs9cbrZAREhgXxMnNbLHZVZjH0TH9O5Ye+QUiln4V:/4nIwlbreR9ho15VZDNEBiV4V
                MD5:4E0051ECFC8205C5499939507DC274B1
                SHA1:20FC06A7F5687A6768F80D502FC1651169D6F9B1
                SHA-256:B274FCFE77B470FC6011B8147098AE49C4B4426BF4B085438A3CD756817F0B46
                SHA-512:7BE7345DBB95CF6165312E72FAE16C88AE083944CA8795861D6BD56766B9388F05296E24648C2CD87730065D54DE2764627D3908B12B0D70F0B20D8C243693F9
                Malicious:false
                Preview:5.....3+K.S.C...,.........he./..Mq.M...p%.G._...9...R6..'WB_......`....N.|::....)..w..(...s,Qm..L.H..:3.".y;...g.V..r.`.!."..{.b.U..zXh.........rK.D.`2?..d.[......o.51..C.Wh.0$...........6I.&H.-.~.0u..r...F|..........?.'(..f.}..@.Y..E.Vw.u..Q1..U....=..............F.l.....j..u....a....@.<.....v.<.w..."5:......(...m............Pz.D.....[.Wc..EGU b1...o....._..V.C.w.o...UW..B........O..6{........5dIu%.8...'........m|..gb..H..B..."m...p/.=.B..0YD...0....e.A.~........o...9......T..,.gN)T..g..5..@..7j.iaG460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\278__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):953
                Entropy (8bit):6.440230101238639
                Encrypted:false
                SSDEEP:24:hcq8k6lKb5AxEHla+ZZVZjH0TH9O5Ye+QUiln4V:2kZGxCpVZDNEBiV4V
                MD5:9F9C5815F8133034A8B9E1B43066F7F4
                SHA1:1F0C5C7E9CBB98AAB11B0761555E50DAD585F2FA
                SHA-256:A26DCFBBF1BBE167E89D480112EDBB0ED9F8D076D0D73B6F0D5BD3C848ADD546
                SHA-512:91EFC2CEBD25ABF3A9370C45DB3DF1B45423BCDD5C27567B7B65AFCF11BD8FE7C36C6873BDAE937505C2274A42F80AE0F4C55F92567667F94ACCF7A560ADCE7E
                Malicious:false
                Preview:..g.....h.....)T_..#]...Kq@eQq...-E..;hM...]..K.b...d...#....o.NU.>P'..4.0.D... v..q$.\.../......52X.i9K]....&Ia..;0....6S:k[.b../.Px...[.$8...M$u.hOy.....T'.^........_...9..D.v....,...5...+.D...+.|o.I<a.........y.ax.qmn.X.......1B..W.W..o(V9..%......Z.6.$=.3R..../M..b]I...5^6.....2;..}..^r.]."}..C/..a......;.{..i0[.k....wz/.]...(Y..<.[..$<P..u.s:.@0.....t9.xz...b.VS.N...?.....CA....._K....OD..<-;...h..S...z.,.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\279__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1350
                Entropy (8bit):7.111280519131567
                Encrypted:false
                SSDEEP:24:m8yAX0Mz01KL/KWTYqQwW/1/PwyZVZjH0TH9O5Ye+QUiln4V:m80Mws/KW0qQwWd/PRVZDNEBiV4V
                MD5:088A35813E641976F6B62C856225DBDB
                SHA1:1B8485F7590054A3A78E2A93E5D2A5981E1CB453
                SHA-256:F44687A58A878FCAA7BF3919FD783005440BD3C23DD4F0BE05AD60BB62ED28F3
                SHA-512:6A1026C2DC9AB612F241B4EADC4FCD0ABAACB9F934A88A58C03A19282E7D7D43091D852C1FC878CC2E1588CD54633055CC600C12C552AE1FA142D9140ED42B5F
                Malicious:false
                Preview:.t..>.if.B.....3.L......{.....RJ...%..nMF.q.4.q..8......C.>....N.C.`....J?...........J.f%.S..D.+8>?..2J:,.'.2|.........v:6e;.5........x.6)t..A.D"......;....A....P.JS..y....x....cn\.U...M......j..#..u..._....!N.,.....u...|..kl~....o....B...H.....Kk....n.......Q.z...v~m~YU.[....x...~.....;F.......[+..'....@5@......B.&.....Zk...K.:.1..P@...%...q....8..k......l...6l6_.b.......!...4(....|.....A.L.&.)...c....?M%..S.J....C@63#.P..k.2....K,.M3z.g.......o....FNHT,}...4s....q+}.N.....I.Hh(....(=.f..P56X.)..L.....(k..e..?.|;T..c......!....c......H`.B...yn.|..[w..$0C.$L...'.W......,ux..G.....Na./b.k...;fady..:..!.l..R..*.Z......Nd..0....zo..s).....>.^.f\3wC....l)....`..9..(......ax.!.0.%.;$........hfi..../.M............R5.I.r......._..$[GC.B.\{..R...#..R.'|K...\...x..k.[.G...y2..l..%e460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\27__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):6.996795737427594
                Encrypted:false
                SSDEEP:24:VIzA33Zfwuoa6MACyXH0eQ7MMLhSoqRc247ZVZjH0TH9O5Ye+QUiln4V:qzAm66Mnw0e6nhS34VVZDNEBiV4V
                MD5:1C31438D99FABC1F1D9C8CA29EC7C4C0
                SHA1:756E86AF3CEB9CEB431673125AF0460B0CCD5063
                SHA-256:A3545788FABF1456E4D7617B8A1FC5BD444ED071E4926C45BF2469E799BD926B
                SHA-512:9CD3D063D3FF0DD19A0FC9BA0C02D15832BF582CC87A1851D00C2406F464E896C22C46740300D76AE0B9C2A6A6358FE7DC542E860A2A180CE086B78A7EB0FD9C
                Malicious:false
                Preview:.6K..u.g.B.....?.#..aag.e.4T.....!,.rP.7..z.%.+...[.a..?....4.IZy..&y..p.I.P6.o.......dx..er..q......E&.f.S.....'....(f....+.....J.B.8.Y...W..c..F<&aH..N..;w`...cP.?k;..s+.c_...'cg.#....)..@y..... ..]|..y...6.%I.$.+I3AgA..o.=......~%yF..p.~;E...>..vo.....{.9..._.,.B9.:A...=S..:.#+...C..M...'.Az.=...B.,h...&.#..[.h..F.+...U.iR.zX..(f.W8b....M.*{!j...J.c..{...[.]A..&.k.B...0s..;...B+..W.f.H.]0..}$..Y...H.^..u....n..;..k.i......f{Bl..%...`Z...lO.....b...O....~....G(.@7..\.,O.j........#?G....".0..#lo-3o...h..a......k..<...:..V`..a..1.5.|.....=N...H...>.<`a.{..R..%....Q.;?..!..K.SZ ..D*...)*O........[...... UZ.3.)....y.....F....;.x..........~..A..}...0...%...c..`5*R\..v.N460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\280__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):7.0019920249113445
                Encrypted:false
                SSDEEP:24:YsHjXKt1o5jsDExTT7qj5ndrTYyfD1bOJ4FmQhlXM2XtZVZjH0TH9O5Ye+QUilnq:6a5oDSKj5nfZbc4Fmcc2XDVZDNEBiV4V
                MD5:F48E94730CAF27F1E20E10CD17CE8D6F
                SHA1:137DE510BC7A7B41CAEE95A78099E55F02B477DB
                SHA-256:D2A227A9C41DBB81E63E689BDE5F8505DE28B713308B910735AB094127D862AB
                SHA-512:478E08588CD7DE02C8D625FF4B173BA015A69B725B828435793F3773F28EB0D7A4C90F7F96234861F8E7BDAD8B1ABFA0C04F8994ACD6A2B0D28941B90CF89049
                Malicious:false
                Preview:....P......R....{<K..WC.s.e0...u}...8..e..Y.g5 .n..F.8.%..B.~.....>.d.:...!d..'..@.`H..l.>i.i...8H.......8..SaXf...y..L....v|,.X........\(.M..9.bR].]Mx.;...r....>.-.............\./?...;u......|..t..J.v...#..59...........qA..e....&c.....r.+F!oY....3yg.m?.f.p..6W?.`....4O).pBIS.h5.....T.?.+,/.P|R...!G..9W}....rH....J.E.X.|Huwf`.*^...|.!.:...3W.0.._..%...~.....I....Z.h...).....+.'...uT....K.jG...i".d.....<.w.BVb.gpn..)w~.M.hv..m.#t_L@.ErT..aP.^.W]..._;..z..a........=Cy..k7=T..pX.......B....I.b..#t..?..H.!......-..+ ....1.dU.,...T.."...:..s.........E."...|..o"c]..(x....|..9.;O.@~.3_......]Z..G.."#.rE..c.3.b.uGD..k.Q....i.......]~k$.\...J...r..x.LR....<V........R.+o)Goqg....n....Q4i460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\281__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1227
                Entropy (8bit):6.975750108200671
                Encrypted:false
                SSDEEP:24:Ix+/AIiZQ6Gc/0jIulRt/uIwDffxhd2MZVZjH0TH9O5Ye+QUiln4V:IcoIih/0Eul6vZv2QVZDNEBiV4V
                MD5:C197C858EBD01A99375E5867233980A3
                SHA1:9443AFFC587F8FA838CE39B5767E683A381E8C46
                SHA-256:C181B2EC42DFA5FD49EBAD617036ACF4F82A206D175BA2535274051D85ECC581
                SHA-512:8B1B20DB7D230C5FB5BE7C0D3DEACF7C7693692DC77CCC44FA814AF3B264516AF6FC58EAF2A414EAA72ABE9097EA779951935AFA7FA0420CAD00717B196F118B
                Malicious:false
                Preview:.>..<w...h.).......] |B.L....Q......E@~.2.@..`.r..L+...Y.jE.a.+.RrHS.z..X.....y...(5.....N.AD'...P...I.G.]...nU.....o.\.Hp.....@..Otc...q.H.../.....&.2.(............e.$....Q.'.....4....2...J../I^...T#h9.t....W...f.....].t'.Im....Ho.\VZ..7.....?...).$Pc..).[.v.eN.Y..*D.......r..~NZ...0.Bd......5<'.H...E..S.%{hLh..:`.K.....;A..OAV.p.9....w............,...SW0..B..JoE01......:z.....&......2.V....R.....e.M`....SN.?.J.jYJ'........2.zr....T.qm..8..?..).`.Z6..Z(u.%.lJ..../.:e..9.\WH.".I...=@...-....$...........#M.(w.[.......`-...3>h\........e.s(..t....WXLw,.`..~R.i..H..|..d....i.KY........IT=....@;K..o.q.W.4QF...R..R%Xn.,V/...I.....?...fK!.'..6...!....p.. ..M.#....y..y1d.JKW460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\282__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1161
                Entropy (8bit):6.8614531319105705
                Encrypted:false
                SSDEEP:24:oj8afxumbQqm7xepJW+lCUoVFz+H9Jc9ZVZjH0TH9O5Ye+QUiln4V:ojjJuX5+lCUoVB+H9JcTVZDNEBiV4V
                MD5:FF491C5F8C91BDBFB9461DFFC1B81AFD
                SHA1:B67CF11560F8AEC433387E9269ED235E5D98E0F0
                SHA-256:4EB4CD1CD143046C6D9B7BC990337EEC41CD27EECF3CA60BCAD9A321B7E0859B
                SHA-512:56A1782E9E9FF5E9EA7274F15AC8A9B114172DABFC828BFA49B6C3AF89BC30371E14D487E5C9E2F05EFDA1A64A422DA2F22D80950A47977AE73476D10CA89D91
                Malicious:false
                Preview:U...?.2~....)....^.9..*..n<N.w0..r.."...........^W..Q.....R.iAI..`...*.........7....H,s.&....*..X4.*b;.P..Gg...9U.Ee.C...Ux.........n.......u..^^#z.F..^.W.._)0..=_.<.]..2.+abh.9..5k@v...H..<2..9.....@........5.D:...w..S(.4..&*.'.Y.t{....w.:.v.B&.)~.c.[#..si.8H.......c1.~.&R.N.6.....@.89..n......O.G..Z..d.....j.......6....J2P>...p.&q.LA.xic.....q... ...w..\:y.....8[.6.-..1f}.....)..h....#.....H.c.../...Lz.Q!G.Q7/.G%....}....B.%>.....Ck...=La....oc'+.....M.M..{.W....U%.kO..R......35qO?...9.&s<#.....bL.l[....es.@.u.....v...L..n`g.:R[...\){.sR...E......n..|.$rc!a."...hoZfgk...o.Gl.ub.. Fx.F8...:.Y.....M.@......i&h.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\283__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1239
                Entropy (8bit):6.945760684144596
                Encrypted:false
                SSDEEP:24:ekd5AxwzPdrxbjU2GHEaNiAEXYETYfazIwT2tjZVZjH0TH9O5Ye+QUiln4V:B5Ax6PdrxbTkEaiICYizIwSVZDNEBiVq
                MD5:5E9A5DCEFFF2A2783E4757822DE9E18E
                SHA1:32A47FB4B19BD1523DD1301DF544C66EA99F0FCB
                SHA-256:F5ECB21216049D698113353DB6315669C1C362157E2CEEC00C9C0F3BDD3178E8
                SHA-512:B1D54B1363ED081C8F90B5A31EAE26F9697445110F3BE577E4595688A892B1D84244DE3CA09269712AA1219358E96A12120509D6EDE309D659FDA6581856E1A6
                Malicious:false
                Preview:..W...M.D.VQ&.S.h..s=.....M..}.&.C....?j0....c.~..Tdf9....;.Aa.|,...o0..a3pZ#f..P.6E.Yh.0.Y...r.4.^ t.X...4.....R..>7.....Gc.0.k...d..Y.5.2.Kq..b..[\.H..P..D.h..f}.S../.k..7..O...K....2.]R.>...{.&...y.X.K..f...$._..S.7TG......?*.............e..z....9.......6.....m.._ .h?D....f......._&=u."6....q8b..Z.:..#l...g...(..|....F...j...7Z.....7e......!$.@.......l.SE...g..8K .C.......3...P....2.3.#kT..y.X.) b.<....p...5...L."...Q}.f..V+.!.!S`{..a..r..........B.........ks=>E"..g..t.h.Q.W~|G...>..B.0...3...`z.UFjD...S/.h...6....P..6kx.A.D...Axp.....1....&..}.,.t...3...F...{..W...$)iA......O......M.M.m?.......>.3&S.-.....[.M|3.(...H........|.c...K..+.(.Jv..h...... .T!p.oJ.#..Q..f.Q..j...PS....x:h.N...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\284__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1228
                Entropy (8bit):6.955772669466792
                Encrypted:false
                SSDEEP:24:FYnHRarJPdgXb0FbrPtnGnxg6CIoKsbZTgzpTsj7ZVZjH0TH9O5Ye+QUiln4V:FYcrJCribyxg4oZVT2pQBVZDNEBiV4V
                MD5:A1615131487A591D6D99F6DE4FBD31B0
                SHA1:2F4798EE14762D68CF5F3AD2CA9C53CE56F6F013
                SHA-256:B25C7C8130719F6BBFDDF45505BBA96888A850B88AD92512656A439DB5C2EEDC
                SHA-512:D712CB0D8A3EF5F99FD5ABF6A78D623A09266E93B767B52B94BD01D00F857844E633B777EDCE10F5869DECCD261E436C97E07BFD1C8C3253F6EDF10DEB209491
                Malicious:false
                Preview:L.ym..`_..{....-2w+.'.....@...Y.9"2..t.!2|..*&{*.DE....L...PL.{T..YV.n^..ag%N..W.........}...+....I$c..e)....`.c..X.Uf....7C\3........9F....\.v....B..JP..*VtG[D?.}.q.Q.?..#9..#. k..@....vC..2.#...g...c.K...`u...........}vc......Wk...|.|......r6.:..$..M..Q....+..U....<..O....5.Y.........bS.Dd..-(.=5.M...P.i........,...T..c.J.n.y...U.CD..wcm.h.......JE..Lb..{.|....K2.z...n.2r.... ..Ro2...[...s......+O_M..B..v...h.r^....(..ojO8.u........]+..*..b...........jSkr..)t..Y....{.`.....h.9j..*.5..}{n..N...P....o=J'=.1.<wd..1A`.Z'v...X...533.y{j.~.l....n.......s:....E.nKbl}..cv.o...y..y....$h..K...1.=0..F.(....[...2.t..vQ...aN.{..c...P......C......O.....@O.h{x....5q..6......O..D..Z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\285__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1383
                Entropy (8bit):7.137843674740917
                Encrypted:false
                SSDEEP:24:NrLH771pxbnZSLsloCnYkofY4i9aDUsFz3jlZVZjH0TH9O5Ye+QUiln4V:NLb7HiCnYk4Y4i9aDvrVZDNEBiV4V
                MD5:1649A97EAFEBA561C3F635CA8DCE72ED
                SHA1:098BC824B4D2F2A71037CF6653F0B39A848757E0
                SHA-256:3077247B970F41CA899B32F73C32B7123567631F979E9B244686BFF923C0932D
                SHA-512:0566E9D56658308C8DE49E1F0FE0F8FA81E0B6B39D8C9D03BB37975FA619113E611269D7F6E5D8238C2A7E3652287FD6604CF174714200B1319BF6E0FF862CBD
                Malicious:false
                Preview:..e..U.........+t.Pn....B*.....aP.W..7\B. C..|._..e.KQd.. z^!...y.T^W.M...x.F..'.b.qqN.y...%3..PhA6...U..g.....m..'.MM3..._......Db.....Q.?.r.o.Y..V.@.F.@.#..kh+....R..K.f.S...Sy.6o...H...QZ$...!n#.S..k."..f}..V.'3.I.*..x...K. .G...yI..?.........T.4)....6.@..-.z...i....@....g..:o.j.....>{.N(.B.N.#..}..V.....,*".i..Mq..K8.S..9\}..wj...... ...S9dT.4.\(...R.6K.jjGU.`a...=.....dm..pxM. ._..O.@..Y..cW<.n8.(..A..3...)..h.}...........M....3_.....~...P.;L..0*.EuY....,.-.X2.......S.'@......a......^.....h.3.;...}...&.-.....4X3...A.!.98.y.....YC.H)..4.3".b`J.fc..:.{..P.>|...Pg6..?..L.z....0w..8kM.>Neu..b..#...=k=[..WM......8.6....*...S.}k:.....,.n(>VI..o(..l....Rg..~c.#:.q=U>~2\%.4...u.........~......l}.8.X..$ -...p.=.K.00.:.......+'...]...lgo....O.#l.d..[..O9.!...D..o.Ln......}...I.G.........bm(.]\.j..S=.....H.yF4.XQ...>+..z.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\286__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.7574404988097925
                Encrypted:false
                SSDEEP:24:sPF3Hh8Wlx0n0J7f0vN36y4ZVZjH0TH9O5Ye+QUiln4V:sPtHhZlO01fiqtVZDNEBiV4V
                MD5:AAAFEC7CFA5E6B8F485542563A2E2E07
                SHA1:FF0CCBF51CA783D54D0FBF92F55037812D3A312A
                SHA-256:2D6471DBF762A1DEA41E28D4C19E056463BC6716ADDEE8DDAC1D8035BC626219
                SHA-512:CC7543497599492696A9FB9727603D533625DF32FF5090381E3BD49D29692D53071D237092687CFC6FCFCAEB5885C20A85960F648DA3E1FD25EBD4505EB83031
                Malicious:false
                Preview:...m..m.x...Kp....7.{.K..$bS..g2m...Q.K.O2.Xx..%..........k..aY....[........Q4..<.N.v.{.w.=.J6......5Dn....C...UE..'..J..Rr......S...w....O.6@NO..'Ua.1:....C.....d..H.$.1v.@."....`s..B.I.14.<..../.D.MU..........?z......>..;G...U._.......6.1....oR>A..r..uKZF.....3.Y[+..Z.*;#..7...............TG|..|..P.....w.B...#.AQ....J5Dhp..;.k.95..MJ.Zp.[....Q..q.yy..X..:@\....BJI*^........H.-.qS.6.U.....btCzlE...s...3k.=...0......8.....wS#.q.`...!...y.b..v..;a.&.U..}......]..[..... Q.V....46..U..N.de..)Y.<.h...=}...._.2....1}x....U..&o.E.....Un..0.e..L..}O.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\287__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.700214794869204
                Encrypted:false
                SSDEEP:24:i81+5qd8YjEQwerA/WrfX+X2PHgwZVZjH0TH9O5Ye+QUiln4V:H1+5DQwGnfXY2P7VZDNEBiV4V
                MD5:5D321322A66CA67457A54059885E7311
                SHA1:C6ACA0AE6E96BB9308275F50C1521AFA874B181E
                SHA-256:B081222364BBA9B1D5345F4AC22904156CCDFCA078EC5743CAA6BD6234E9C085
                SHA-512:6DF4D9658E0C5B3B0DBCABEC82C23A44164E50BD8AEDA01E844F835E648604B43F573DF1C8A2841DD4664A73A6AF45F25861108BBE15EDF045F9AE56E7AF09B5
                Malicious:false
                Preview:n.2|c...`..Y.8....n...23....>b..R.o.K..L.t....:~..R...R*.u.f.=...;+..}!%{...?..}N>..j....0.e.l...4.?vU5.]....,.Q.......6<6;A.(..G....('...F+..Yu?.....t...q.w.-...Y....?.6hw.U.I...>Q.0...;.J.NO.R.@...:p`......N.f;'+T.H..V..3o...&/....].c..-..>j......u. .V..0.%...T..N..zs.t8h.....Z..Q.(..gz..M`.~...q.y....}m......g......... ..r.nb..lr..H..tZ..<.E.l..f)...T.....!.....*s.(p.i.0..C.~X..\...@.......p.19..I......}..].b....]..O.J;jT...g...A2...C.....3A..z...0.*.M^*..S9"0#XU..lv....t.iJ....M....d..ZW.kq..gR.>..J..:.(.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\288__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.480821751324008
                Encrypted:false
                SSDEEP:24:/dVE2ksDZv1RCSaKSQ4KvZ1wnBZVZjH0TH9O5Ye+QUiln4V:fMSaKj31wnvVZDNEBiV4V
                MD5:C7AA455B00B93DA377AAEC255C329E4D
                SHA1:3FA32A3698C571F9D180E7FC31D3D9C338AD69B5
                SHA-256:8D8EF632419305C1E5B10B916DA820539EF06216AB7E3731CA87318FBF0888A3
                SHA-512:037D7FA6EFB5BC1177459425B0D7727BA823B1F73EF82BA00A2BC0A8FC813D409E74B2209E0D5BE2F36DB2CED20CC49DAFCEF07A0083379D0D9932C6241E9FAB
                Malicious:false
                Preview:...v..8r!].#..Ce...?.....sN.w.3..5.o.(....g#.$..]. {MT....+H........*.sc.e.....2..E..G.e....ft.nqB...E./<.g..c...z.....j....r.,...Z77Sn.\p.y.r.$.h.k.............B....3.rk!...l.X..6m..oy.DA&......3.....k.9...Q+........EY.{..l.."..kM.....r...]........c....T>..<}....k..-./.&H..r..O.......P..H..-......s.h.2^.....g.s...2y.r.Z.022;r8._^.o.V.]......q..o.)$.e.'_Z....N.,p..eip.uQU...q...*..................4!..K...7....gb.b@P...].....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\289__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1390
                Entropy (8bit):7.112973378646145
                Encrypted:false
                SSDEEP:24:TV8w7RLdmTP4oZBv3tNajx1XbukWkiXOuw8eabLbjZVZjH0TH9O5Ye+QUiln4V:GwJypN3Cjx1XKkNi+uReaRVZDNEBiV4V
                MD5:E4B5D0DABF62E5BC2E490A1BDBC25016
                SHA1:45015DBB702F38985C8CB0EEBC4DE6AFCC226C50
                SHA-256:9A7503B3FF087D17AC4C5C3E54A8643B62A5DEDC996B8B0405E6B9AB31132270
                SHA-512:1A01D1C139AD347F9470EA622067014A68A3B6B07F7DFEA829B1A2B687AEC4CA8BBF6506BEF986F0D4C3EC96150E7EF78E70648C3BCAA9655FF4F9C864340034
                Malicious:false
                Preview:.<.?...Vm9_.... /b...F....z....J.d.G...._. Z.|..!O.}z...,..E* .*....+(.q.O .efc.....g...P......1X..[k.o..Os.....u\....|SxOP..^.4...9C0.ha-...>..W.1e..........pCrn-M_......7...EUc.8./R....&..>.........b..x...R.L.Vs....v..UY...G......^.hfO.@...?...`1....n-1T./*.V..i.....9*.E^. .t....wD..Ze..d*.UEV...U..~*..B.Z.}...?.".YD.....$\...?P3d&O..*.E..G...u.\N&NS...1..K....6.b...d.\...a..`}d.~0.z..uDE.G...\.V.f...ZO..$....p...xm.[...6.C.Z0..j.w...n.Qj....4.\.*.?#...w..Z<U>h..>..Ex..q......h..Q..|...T.._.e\.F.......@.a:...Q..b.ck@..^.&.h.......$...ro.C.3W.kl,.RO.1]_.A8..{<.UK...[:.....*2.3*KQ.W:..\...>g..n...`d..1'k...0..<...I....9...t.-t.*...#...$.1...n.g....?Q.kY..d..'N9N..v.T4^...Qd..Wy. .b.....U.........li.$.3...{5../f>....M.....^....G.........".F.Y..ak..'~l?....)].(B...p..{.._L..7.........6]F..Wub.U.aNB.9...I..:...pu.....5....~...g460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\28__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1345
                Entropy (8bit):7.10980571876799
                Encrypted:false
                SSDEEP:24:PReVCuiz/3JRzyxKtUNp1gcwtxneCmeh+5dqEZVZjH0TH9O5Ye+QUiln4V:MVUI8+ZgcO1nmeh+5BVZDNEBiV4V
                MD5:6AA8AFD086DB21F7CA89349F75AD5F22
                SHA1:BB9B4B8A3DAC5D6B5F18127809FF99364D424F9E
                SHA-256:70D3FA93ABBAE85FF1EFE936B5E2ADAB8B0439C41A30900992E081F58E6008CC
                SHA-512:385639393AD2E0F8A207F0D25CFB7D33E7960DA44B3B5AE29707F0F06B86C6FA9C6F2591AC02CEC6EAD42A653B7FC91F13E41977CC94CD7DEDBBDE92C9D6C529
                Malicious:false
                Preview:..m..A-DfMt.B,..Y...?......dYo7....{.....;..x./.....Z......y.%{.. %M."H.RRE;.~s.!...F-._....y+..Wc...*A.1..Y.*Y.......d.1e..XJ.3.....sL.....~.Pr0.zF.+..o.=W9}Gw.{:Tm@.L......A.3x....eH....N.^S..W.&..e..Az~I?.).\.%.bM..3.j.l6....N....q.H....\z....6.Y4.i.f.......ZLS.......6g.g/.".H.........9...T....k,...%...W.U..9.=[elk....)#`.\..[Z...Q..A....m.........{...2..9_.oc..z6.TYF.b...nm.....Zu.^....&...F.......A...z^.....r..Ug4.p.x.v...^..C?..7..b....yY.YXY.1M..UK...u.$.gm.|U0..f....f$.......M.Q.H. H.^.,..Re..~ .0...._w..`E....V..0@..:.g....3../.l....E.R.R.....o./...V.4..{<....w..j.0[kE]%}.kdB...@...[x.fySS..6i.-..$..,../.$(...q...zm.F......zC.=J....F........Z0.@..}Pz.hu.N.pW......?...fB\......#KW.....lag.a.p..-...Ixwq.9..ZXZ;..u...U.F.af."y........+..$.......s1..H.y.hL}c...FN..DX460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad441708

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\290__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):6.969498945117197
                Encrypted:false
                SSDEEP:24:4jL0rInPEIodZRqf7h0t9FD9mCC4aNSZVZjH0TH9O5Ye+QUiln4V:4jbnPEIormodc1iVZDNEBiV4V
                MD5:6D98AA04B6F086685C04BB6D66792865
                SHA1:9AE590765628C9A1395E829B7EFACB4DCC534754
                SHA-256:670F5587FC8BEADF79980DCDD82C3E664E71A85E1F77254553F7A7D9E6566D53
                SHA-512:1F3A5B642AE675608EE8AD30A56F92F83CD29351CD5D3E9A7EE90C8FA0A502DA4D24136C064E70E2F7DDEBDA4137A6F36D04FFF519B3BC43DD9E350734B0882C
                Malicious:false
                Preview:...>.N..|...V.g.......o.........^.g..y.j....Cz..,G%.......Q..`.#..L.+.....ED..)........#8.....z..:......W..W.C.Q?=.oQ9H..X.~..A.R.i.E.U...?.il.!....,.I..=.#M....f..;{.@>.d.@..c3] .|\...0..Pr..?qqW.....j..f......-.@1...).P..N..b.!..5..}.B.-.ot....(....o4...'XjE*.....@.. ...lw?.Q)...A!......Jy..Q.A.|.,H..I%....V....y:...!tr.\.V:63.[..5.w.O.ox.....9.d.,.I.@....UP=...^...|....i'.c..........*..$...Wx..y.<^..i!..$......"~@..yA..o...~"b..R..(.....f:cQ.[..iw.Mi..U............K9....J`...~....Aj..-ZP..gz..O.F..s#...... ..P..z.......2....5t.y*.....(U....&....ca42X....:UC......a.4[1...W,.7...8.w.)b..p._.y.A...p.P..X..%'.{..jw............g.0.B;.@O..!.t9]e......HWG.y..........`..j.-.TU..Sg..b.A*.H/.>.n0..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\291__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1624
                Entropy (8bit):7.321557494374833
                Encrypted:false
                SSDEEP:48:lutRrij3eldPIU+mga7ie6RXYVZDNEBiV4V:cfrij3ECUZieKseBiV4V
                MD5:73DE469B1440C90D8452E3A6452E2F11
                SHA1:871CD854128813B52164F3AF9DE2F83219192BFC
                SHA-256:5E5CF32A9FCA1305C0ADD2989C472F258F39B96F9861EFCAB1F5C9549302298C
                SHA-512:0A6FCF1643FCC8CB92018E1833A0D56A59B285F3BA6E03CBF3F124DF16D586EEB70C0B745E45F6C41D3C0DD8453CA961DDC0D65295CE46A0C498ADDDDF95660B
                Malicious:false
                Preview:GF...8.."....33OGl.n..A.J.o.P..pk.XM.....T.V..l~|...f[..#..>.)......O.C..B....t..h`..h..$..0.^........;....i.Q...;._..O....s$X+.#.;&.[f.....B.H..P.....z..6...0......q.L.Y...d+?.....G..a&...Mo......F._....#...O=.R.7}J..S.|w..+&.-.b.W^b.......l.T.C...0..k.R/62.|.....e..`W..J...b......1N..."%.a......K.T.1[.F?E../."......;.c&....4<Q...+%...i..F.G.=...==.W....$L.y.......Ku./....T....9N.~...J.UBi.._....V&.3+...K..9......]?u.HLg8...x...vi...4E.....2.v.G:V.i-..C......U.....I.....q..8.)S...K..*....s.3.2:..V......A..\>*....,.....Lr..&..T%e...=.O4a..i.......zy7<.."s.5SG'os?...9=v.....&.......%P...l[...?......hc<...9.g..^.....h5.N+.R.;...._X.Q+{;Fz..=...!=...pK..dRC>.#+........0c<............@.......<..~..yo........,/...W5.....\..Z$'."..tJa.VX..;Q...' .1.....1.....)h.!......>.....CFQ..x4f.U...-e..\..=......f.|.c!B...@..".W_M.w9........i...-.....[.......H*G.5.C.^.b..}6}...*C..Z...*K>.....Uyv......H..G.%.b..+Q.....1.......b2e...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\292__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2341
                Entropy (8bit):7.611640170696023
                Encrypted:false
                SSDEEP:48:2D29Wm2nBDWJ1wXlCqC+9By60l71hDiumN5k9y/zMVZDNEBiV4V:2C9WEwXl/CiBy6aDiJ/kw/zoeBiV4V
                MD5:1E7D47E766B77B228AF246F972589445
                SHA1:8EF2F66623B5E6EEB9E2052712FE881F71626BC9
                SHA-256:16AB3FBDB98D5535E655211984B610B4C0815D863874656CF86DCFEDBB7031C2
                SHA-512:A5B07E58BAC5F179366EA055131F039B9F22A251CAD0CB3DCE39C0996B8F2951CD6AC7D7EAF41777EF0AA475C3C8FC9629FA12619C4653A96EA5CB397C84DC21
                Malicious:false
                Preview:.....4...G..=..B..*...q..SI^.O..._=.7.]n.4?....xj.@R.0#..h...\9$l......|...'.CC...../...,.aE.%..[........b.V..s.S...7.X.......0..B.J0...].c/.l...-1...k.8qN..u...O.....u:...a....G0...c.......q........^..E.r.l.aO8.....P3...S*..~.]5.....Le}.....mWd3$....z....p.8FN.2d3..&...k..C....5..LI.!....l~C..7:.y.tWk.......O....>...A..S.....^. V1.w`......Tn....p.cq...5.V..BHI>.......[8E.|.!=..Pv@*..*V.m..q.wU..9&.2.u....$"|h..?.Owv.......$....W..H......g.u.:..y.jl.-.....q....p.....B...|@.Y.V..{tE_&1..\.....[.._^.-.gT50#..{....g(....Km.xzOY,.`...S....&...@.W*..P....sL..#.g../=.n.vu....N..q.._a.0.y.p..).a.....f./.t$R3...Y.ld...x^_....~..7....7..p>#7.~uxz..ju...TRy.).......V6..3..C.Zg..<..xk.c..[1.]n.l'+.S*W.07.%.z.,.....b_..-.el..Mt......XT....tLD...&9i....{Wz.[.....6~.E+......a....;mV..b......;.F73.S.r...6.....I.'%I..a?n...s.j]|C..t.I..#..C.@.b<4.j}..4*.K...B....{..(3.UR.Z..6+&~.v%+M.P.1....U.....x..?E.5..uy.....S...*....-..L.........m.e|....,-2.ArF...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\293__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.920305309002066
                Encrypted:false
                SSDEEP:24:Y/+ZyG/zOcjYT8JddQlMgJ0pSg24uKYKpXEZVZjH0TH9O5Ye+QUiln4V:WjtiMN0HgKYKpIVZDNEBiV4V
                MD5:8040B7CE81E1EAEE0A60790DAD562B4D
                SHA1:2AFDD16D5D9F273C140D578A2FD0921B8FF5A073
                SHA-256:E171E8FD4B45BC559BD29B729389F7C7C6BCD5919D3474A43FF72E987F25BBE7
                SHA-512:469A406688C65AC60CA37346CB4B6E4166C15FFD0187F956A4F1BF495B8C75BC3E6C47D5ACDC948A62850E2E9BB82D30CE3032B29403C9BF5E4F3C6DE0913BF8
                Malicious:false
                Preview:..Np.QSo..%..4T....-..g.'f..qo.....J..,.....R...../4l..1u.y..fY\`.....y..~...#...N(.G]........=..nP..I...&.H...2..1JP(B..@..>|..RNy.......nK.\......eM..!..+...\.r..x..T.......-`Vh{.Q}<D....0.K..-d..i........u.().X.b.$.y.. .2/.2..S`1.Q.Z1^........"Jv.k...H.F...D ...a..%T+.Zy.. R.Q..\..w..E<..Q.A.'1T...........xF.x.m...<..........].....r.D)..]dF..;.qq..v*_/.I.^Sj..f;...$.....-.V0Q..S....r$.....-...^..P.#2......kW.........,...Z.@O[-U.S....6.D..i.q.....J..f.D.9.!....2......U..c..Qd.4..M>.8mB.$......9........E.|.i..?...Jr......nT4...oE...v7.C9.L4....Q..@.........o..:3!..,t.7..l=U\...~..K||..P`.)..M.}{_.....M...4....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\294__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1226
                Entropy (8bit):6.906697353499607
                Encrypted:false
                SSDEEP:24:eHlq4G4tgTp5FIwv7blFfbBnpt2MfZVZjH0TH9O5Ye+QUiln4V:4UHV56wzj9HrBVZDNEBiV4V
                MD5:39C8D5B8EBEB3C7A8829404EDD89F375
                SHA1:B67435653A1C5FABBFB9C4925D21E3B761CF937F
                SHA-256:EED441DCB7ED71902F2E80A402F3083DEF74D712EF16DF7836FADA23A0F28C78
                SHA-512:BBCCA8386221BEF2787818D8F9EBF31010A4F1594F35A8A8B84556D8BB7C10B826666FF8B67D92DD191F4FE311C077D4CD171FDBC7DF98D69765862625F04522
                Malicious:false
                Preview:..;...._O.9...c..V...d^..............T"6.E.n"..s..b.........{}...)....Z ).A...C..yZ.P....EM.KA.P.E..n..._..../:.\.\w.1.k.6.4..;..y:&...q.opd...E....8........O.u......m.2..b..?.[o~..tk?gb.b....}........[...n....K.*.P5.by.)'.zU.d...Y....'.d..c..yJL}.bAvs.....P.&P. ....Z.Xu...@Hn..YJ8~.rJ.h#b-&.T.!u.5..a0.....sy..3....P.=>4c.HJ&s..DQ..yb.@..hw....8.7"......:.K.U..c1..&?...5..H........[..o..e.>b..3H...0.b...Y".Dq7nW#.....L...q.V........%....y.....my..*....5J ....4..J`.F.H1H....Vk|.....}.....1..S.v....:....Ws...i......."+.w.$..1~..84.......Q....s....y.............y..q..P.cp......B\.*..].V.....O .o.<.j......AK.t.s._..8..oVPf.&.).*....@'......#`<.9.......F...z.v....8B460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\295__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1633
                Entropy (8bit):7.285262262273978
                Encrypted:false
                SSDEEP:48:IcGTscJG5xHjfrvlSSB+A3yJt8noDNVZDNEBiV4V:dcJG5xDTvlzyJCoteBiV4V
                MD5:502407A23D782C28FAF12DB43CFEF23E
                SHA1:0674817C0BB0DDBEDF40A516A35C5B39521CEF0E
                SHA-256:A7F95DC0653089F4DAD77AB2A9508A5EE5E26C22ED14DCC1B09FBB94ACDBEDFE
                SHA-512:2E4AEC5ABF8D0A982AE1A3C24E2BEF398F78A60CBCDAFE8D97909CFFD9D90600A184BB7275E98320FA3AE81F67A60BD36A2B735B2CA03D47B3B23BC5B4ADFFED
                Malicious:false
                Preview:M...p.......Be...d+.|.>.....U..:...+....9.=......R...G7%...../.4:0J..db..:.{.S?%..7..G.j..C.j.,...!J.^%....D....F..R$v..Bl<P..W.._..v.B......*m..#..~.E;.dh}.$$.;+....n.. .W=.c...L.S......9.nZ.......`(..Ix.5...!m".1T.`.-.!...z..G.x:s..Al..1.....}s..+>..9.4..>..P.j.&U..4:.Z...IQ..0.D_.X..U'.cx.....R8.6...a'M..R..,.....?...'. =6&51....Y..b....c.%.....4\w.aOD....v~.Af.x.n....N..1..c..h..H,.a.uE].m..L...T.:q....Io...],.M1...7..S..i&.....X...\...4_q.CW...n....Rth.......8z..\...\...2....#.9._9G5p..dtg..c.A:Y...u.....J.F%.X...c.Ah...5dSd.[#i8v..<<T..4]L....X]...E..4-.2U...3uo.....CN{....{.~&.b.X..,,.F.C...[....9ij.".M..l}p$<(?.n....sq.Xa9.e..q.....].`K...Iz...^.N.....?cv.^..1...!Re['.4./...8....].hj+....Z...$..4..=..o.?.%....6$iH.y....ziR.Q....f..A.Z......."......F...'^...&..uh{vx.Y.a.q.Y......P.:U;..{.GS.3(..h7.....eE..0..g#....'..>.^..z.k`V_.e|........5....&.....N.8..3.......tu.%..j/...=,.*..o2.t.:'..=..}....q....FL.}.ya.* _.....Y*6H...&.%.m.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\296__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.729133240235816
                Encrypted:false
                SSDEEP:24:ehojx+dPStNI/1uPM3ukdTnjq23ZVZjH0TH9O5Ye+QUiln4V:L+dPS0uU3uSTG2pVZDNEBiV4V
                MD5:4EDE19F5A060BE4151F98BE4F621738C
                SHA1:6EDD361759AF537D070768CEE5DEA49286F7B8C7
                SHA-256:080E76C2EC6EB27A28D02F4113FBF451300A4C0C92BFBCD3F2A86A9F5A8D892A
                SHA-512:B92D5FA04FE6A41AF6C2C632A8D4BEE854E5928D60591C7435CBC383434AAC8EE0D777CCCFD6FF4D4D68A2E275184F6D1EB408104571F12829C60AA8CAA4378D
                Malicious:false
                Preview:e_..F...S.T..4...#...4.u*.2.....bg....0U\6t..)..^o...UX46.a. x.........B.E.|.tj.Q.=.g.......'O...a.w....b..SzG..sByvn."\..jYx%Y..c..+%.F.:O..v....O......... k.ZR..`..W.8.7..Z..YU!H.T..k....-V...O%.....o...gqL..nO#>....\s.,....../8.j.....;...$B...P.........k{...6.l...........dt.Z..cd.x.ku....C.$.G.gK9..~.9A.N..c.,<.S.tu...D..9.....f.G..;x)..?.s.......5.Z.$.cP%....G.h4.3pQ.REydJ1. g..W... ...v.n....}......s.'S..zw.,.o.kl....4...n.I..\T..!.......z.....!:.d.....4...H..TS..p..Q..NK[.....%....|v.<:.O L...../.~....}?.A.2Z..G.O...T.+<P...8..M...c..N..1h.A460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\297__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:COM executable for DOS
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.666365290748185
                Encrypted:false
                SSDEEP:24:ogpkRGA9cTBRNgZVZjH0TH9O5Ye+QUiln4V:dG4AudRNMVZDNEBiV4V
                MD5:EB6E19675128A85E28DAE12C7787F5B3
                SHA1:781F6B2D33620FEC602E71C8264F3B20CE4CBF1A
                SHA-256:FAF2DE1F626A8B25F99C9B8B959B578F76224593C0D6C0BC42AED775CB74F812
                SHA-512:FAC4942CDCF7E6A0012F809AD77FC31FEE5EE111A0B8BCDF9ACE6F0DAB956457BB091BB88A2BBA9E9A68F0A8B072CFB9CE9FB1843F8F0AB14BF2CED058DCDA03
                Malicious:false
                Preview:. 2Wo.G..S.i...8.............m..||.N.FH......Z`.-{.."Z.2.pd<.:*Hw..4SU..S...i...P..c.idv...8(.s..|.zF...9..F..?.F....!..... .l^..c......Y.Z."I\zT.#1.@.U...V"...b.x...Z.e.;.....KY.8..M....u.........|.L..b.mlJ....s/..b.....u........?......)..# r.X...%....).T.#.$.B...1H..m.....&.K.1{H..#yi.G4c...:8...T.S....!E)...0.=..*..SlL...~..][.?D..|Z.....d^T$...e,_..7L..i@}\'...=;t.....@.sj...~.F..F.9.2.6<..n8.....jG.?.A...Gb.-Q..[.).vT?..-...M....v...J..*.h..mYZ..Q1.hS...m.tj%...-.i....$..Bkx.....k*......!.)Y<460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\298__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.466669260346239
                Encrypted:false
                SSDEEP:24:dtZBAkWzyQdwbesdcqJoZVZjH0TH9O5Ye+QUiln4V:vW+7bQDVZDNEBiV4V
                MD5:134E8E290A722E6C8F7D467EAB342F83
                SHA1:969B8C6A05A8765F5DC7D62F3AF563C4A21421F6
                SHA-256:8094ED2E33E98A87A6EE4A92591FED77E0E0AC741D2B3C9F0C2D123FCB7CB136
                SHA-512:60262DF685D2EA81EB4023C5206E69DBE47B97CEEAEB4269D42781B68105046412A578B104788445FD955F44FE37912A9A492AF65E9D44D6DE50493EF8BBD063
                Malicious:false
                Preview:6.Y^`...g.j....`....uG~....v......)~...tT.Ss.K..Q..7...6.\.%w............`C.m.......<(.s....8fY.7....Wl.$(.9;m....R.;...*.8v:[..qpO..%.V...S...'.\W.&{z./....ME..}.....BY.f}.Slc........2f(...t........SJ.ma.....e0.g.g....U....T....G....+..,.<A).C..T.Z.%.......E...Y.Nxk...67.k...I......C..ct8..;{Z...D....z..S..Hz6...4.......zG....$K...lf5tA.N.ZJ'_.=*NI..cYZ}P..YQ.)..8......;..l.8#[.......j.e.....).e|U....}...;C...i..2U.qT......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\299__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1369
                Entropy (8bit):7.1229863098302495
                Encrypted:false
                SSDEEP:24:ZpFcyJVNhT4ynfaIzfO8I5xI1Aj3lEZVZjH0TH9O5Ye+QUiln4V:6yJHFVfL28I5xI1Aj3lYVZDNEBiV4V
                MD5:6449D848F1C903D02CCFAA141124E2FD
                SHA1:0AD55DB1984B9DCC377DE3A6E0617D424FA818A3
                SHA-256:A0FEDAF1165AA4BC792F1E2E250CE3324AB8E0D825F39747CD40CA5A3DF394B9
                SHA-512:7F917B8D7160090EA289EEE4732AE1D26ADBF3515858369C944D89A5E6D5789504BDBDE64392C5324D25C264285299D2F141770BCF72BEDD89B1EA03B7D3BF36
                Malicious:false
                Preview:.......A.P...`p......R..<$2...h...5....A.!Og..R.....A7......d..p...na3aD..#..J..&}sE.'..o.t.33....Y.FQ..8.l.fm.....K.#.wx..c.1.+.P.fE....~...l...t..\.g{9e#._(t...wuIB(.uY..1]!..q.d....._...IA9.A$..p{3.E.~....U]-{:."'.....4v.?.....:3..9..5./...>.HWf..O....n..b...M......:5Z...Rp....N.+!.q.$S'~..[.......E.)A$O.P..0.....{...l....S.a..s[)..t>/....1.N.j(........j.@....W........O"..Q_AR.:........&m...f!T?lV.)N...O/..Q.a....9/.%...;.....x...y...d].v..*.r......v.Z.J.fB...1.r.. .%t.r.......S...D...Y;.qNB......+..!.&..3>-p...B...r..'xK...%..R....:.f+.g....-.........Q!.PO.vy.O.U.......d.0>e@..p.....T..:..'.b$sn..s^..r......q.=..!E.q%...,h..]...........1../.d..h.Sy..S;8.5.:...A.,.2.....)..:n.Q|7Y..y..j..fK... .....lG..+9y..R\.<..e5?Bk.x.%.b...xG..9........ ,.B...T.v....Y.'..O..`5...?."*4_..%#B-....J.....x8.K..&.........j...^..T......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd02

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\29__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1158
                Entropy (8bit):6.913605025655956
                Encrypted:false
                SSDEEP:24:gE4pKuvX7eIEDA6PelKuXiVQAfTW+QRZVZjH0TH9O5Ye+QUiln4V:14plvXCIn6P7uXJAC/VZDNEBiV4V
                MD5:6D35B43913CD84A944949F37B6BB5629
                SHA1:6AAD4AFA0F1EA3442C990DA14D2E191EBF4BC137
                SHA-256:745CF98C9F70407896B7270169DFBBC580F52A5F1A920A59F16FC71E06FBCCFF
                SHA-512:727C4B98259FFBCD0F0A889F888D3F9FB201D5692FF8B006DEEE6A31A8D73DD401729F0A917945BF8C50B030DE45DD2C277D6DB7E34FBDC7EB366F7791477B4C
                Malicious:false
                Preview:..D...u........B.x,...4-...{..k7c.i...r.x... ..=ZE3N.u...l+...,Q.."... ...y.$.kT.Q..^+.A.t.T..yB..>f6c.J...?...r4v.....0....d.X.T..%...9.Y.t.....)../.L....qao.E....4B...7o...+.`@L..Z..i.7[._g.Cn..<?..n+....b...e.F...1}Y..?.....|..B.Y..D..B.[.q:r/_."<...#[$...\.[c...P..WU....pA...d.1...W.i.......`Mh..2.7W..!f.....I......'..qV..S.<....HMV9+........F........w......S#..u..K..t..Z(..D.....M#..S.0..,).v......y..:kT................]......O'..................f9.]Uv..../0..z.....oH.\u...Nw\.A.D..>.\A]i.'..P.H..0..;_.V....dCR^.E.........S...tb.......@c.a.......B...s.C.....r.y..k..l...>.O:R..+.)O.....@A.d".,.\O__460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\2__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089
                Entropy (8bit):6.802378786072023
                Encrypted:false
                SSDEEP:24:zYdDOT650kMCycop8ctX1xSI0RZVZjH0TH9O5Ye+QUiln4V:FTdkz3opbDxSI0/VZDNEBiV4V
                MD5:9777B1F67EAE66646863308E62D2C296
                SHA1:51DAC944F533C10B39C77F4A170CC9E5C73AACC5
                SHA-256:FDC22CC0D801B5C1FC57FA41005770FC472A60BC251B6D3CE36FBFF5A96A89EF
                SHA-512:4B88748EEA418BC49993BA9ACF61E616B2952F4543E771CC53F818E4F6E56AAA89F34643184D6BDD5911DC45FD995FB1DF0D255B2EB5FAAD8E3AE7EFD20F1BDB
                Malicious:false
                Preview:r.tjQz..4. ...=6.P..w..) ./.T...=L<...k.cU-+\x.,..1..J:........?.......=J...r.w.....#.E.vX..mA...4.k.;.C..O..A.........w.....L.,....Tt.hE..A...H!.i.[]RJ......e.x..W6EiL...85...XR[@.........&....f.4....H...O.%O.Q.~...#'..f.\~.i.V.. >.......?..s.n.P^Ko^.Pv.....,.......B.jr.\......B...d..6!..M.y..U.....i.I....m......~.>...\k....&#.h.y......V....'..9..v...gJ.X.L.Y...,e].kME...H.d.A.}.;e.......0..l...W..._.....z.....\..nf.O..kz,b..L......D.........6I.L.........F........cs........{i..[....T..s.........9.d.l...v<.I.......6..u.8".o...@.C}.bD.z...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\300__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.799507023422962
                Encrypted:false
                SSDEEP:12:QXgV17AmiH+oGqByy4onTdljMKs885NvJGA9ZWQZjQtpao9xH/BxH9O5Vs82e+Qg:BHCG7yLHWLZVZjH0TH9O5Ye+QUiln4V
                MD5:B02C0C8F716D50EC21B0FD4BE5ABE994
                SHA1:6D8B1E1661EAC2930B369CCF87F694B08EAD999F
                SHA-256:8CFAC34483A778AF30D2DCFAC33EB04044F85E925A08F059B6035CB01EA513D5
                SHA-512:B52DB1D8B9CDD5E8980324D782B377EC549D0EBCB94F48947B6113AC559718382FF46EABD69A067271B4318D6FB97640D9A743324AF155AC4846A79789EC36B1
                Malicious:false
                Preview:?.2:.....~..9)..?....y(.......[..E.R.+.A....F.X....")....;..C.Lz7.\$.@..w...........d...Zr$.O2~n.A.n..E..>.+b>.q.&..tq..n...B..qj..*.../...N....L.k..?.........!$./...I..I.7$PK......M.."X.....=...|#..U.P..G.7.1.}.-v..tS...LB..;.a5.S...ED...rCf......@.p:.\E.....3... ......3.......R./..;GW.........Wh....>{.'....%.....j.;I..t.D3.....O..i.sl.....W.....$.u.;..R9=.7$h..'...9..U.\..h...........L.l...%.\Q......W..B....~`.......JW.MQ@\z.....:.M.D..X..... .+/.K.....X.W+..3...A.H..B.......^.U>...q$9..i.J......].j...Z....$.+DA.Y.O(....[..._..e...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\301__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.6975767955125125
                Encrypted:false
                SSDEEP:24:UdLnYIjnoC1zfdrqwpa2/C4UYlFSZVZjH0TH9O5Ye+QUiln4V:mYonoKTdqw02/zUQiVZDNEBiV4V
                MD5:D92B2EEF81AE8B2051DF6C66404B33B9
                SHA1:301F8844A3542D53CDE846283EF7F3E7EC6A7A6B
                SHA-256:CE806356D5089524193011BE59C65E5A259CE36FAD86CDB2AF9B4899F63A4438
                SHA-512:90A747B56FC9A0292401BD5B146CA6BFC614CBAB3795B60BEFADB38EB990C43F53CC716E3A415B10BA55AB90E9A6C111A82835B077C466A900BF7D94C2C268AD
                Malicious:false
                Preview:...ec,B._..9..2......K..#.....=..z.n.$.R.#$(.v..>....+...?.q....Y.&.;....{.zA......L.....{&.......f.V,. .%.........W.!..'...u....C..2k.8.....4A.`p.........O.O.....u.=a..%x....X...g\.......FG.U.[...:".|...A..~..8.........|.!..A.+..o.n.....}l.Z..t.[4{.....3s.%.4s..F.Y...'S.3.9d.~..,..9.7]S.1B... .#.5.. V..;,+..P.A.]L...U.k.<.]!W.y...@rIcG.........61)A.@ .....S.v........7Y.?........(T.$O.^{..p.I...w.....47....Y.............Y$..a.j.O:...&.EG=..b~..5.WA.....Q&.)...b&0.......-!..@..o.>x3..k.m..W460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\302__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.502573386737583
                Encrypted:false
                SSDEEP:24:15AYeeN9tdDX69/00jZVZjH0TH9O5Ye+QUiln4V:15AYeeN9zw/00NVZDNEBiV4V
                MD5:EBE15D32981D51097B5EDC8AE143F643
                SHA1:8E6BC0AB9B311980C281EDC9495053DBDFE70D80
                SHA-256:01272EAE13B2451BFACE842E159B0E76A343EE214C0920C437BC26E599175CF5
                SHA-512:07DF3BFCE315BEDBF9E4AE318DD08DCB62ACB7B1FFDA02F69A7A838FFA3DCD71D4E14DB3477A60B567BF3AA931594653ED3C76DB3DDF668B22C07BE85A69F9DF
                Malicious:false
                Preview:....U....B..3K..V5F.,....P.~..P9"aF@....D...9.y.Q..... .."#. S...8..`S[.y.....G*j..R.....+.!.<..iBs...K.bP%...#.q.J(.v.o..%.&<u..Os....J.G+L..C....nhp/^..po~..1S...c.p.F...n....|F@...s.v...'....E....qz.G.3}.g....]^...y2~.,h..\..*...S2.N_&B.E....,C..td.{..Y...D..,..=2.t..~>...{/D.Qec-.:.zB.1z.X.....&(.?.......c...V.!{]"R!..hZ...w..'...n.SR$.....rXw.A..AU.JC.}C..r1>%...^...`,q....A.#:'.X.lF.t...}N..{..Y....9......6\...e.F460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\303__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1223
                Entropy (8bit):6.974515391695829
                Encrypted:false
                SSDEEP:24:H2hnXvLTSo+Su/bEFjXDY4yGsSQ+OPf6RFr7ZVZjH0TH9O5Ye+QUiln4V:QQbEFLDmbSICR7VZDNEBiV4V
                MD5:C8DA77178366ED1400156CB4A4B4A645
                SHA1:84128EEDAA396A51A0A12EE0C9F19B3285DF6BDB
                SHA-256:F271393F2BDCA652E32EBA7D8663111981250636CCE79B94AD98DF16E43D8CDD
                SHA-512:2712AB4EF1A5047374E63CD52E6510FE3D598328FEE4A776A60A005C965AE8A443E2362C19BABC4482F381CEE6E10C1C0A4E7805D7D623801B0CA96B3CEBA2B3
                Malicious:false
                Preview:.}?....e:........kr7...l..=.....mR:.iU.E....N... .&Y.....p.....U.C@...)&w...>..l5.F1.....?k........i.r.G.oz.....X...>4.P.p.M..y.#....m..L3e...:J".vn...f;E....V3..A.....s4.U.....2Sl.8....pcs...D.9Tu...6D....JSU`.<.].'..+.........U7t.d...k.s..lRV Z[.n..N0.. .....L....!"*..U...n.1|I|]....pT..w."...Ew?.t>Q.....g..:.]....b...h....?-2.@.../.N....EI....F.=^f..B.....]+G%J...yN......h.r..^.qu+..!W..w0...._..b.C}..;(..g....#?=...Z.m.6....y....yt.<k.<.|R.}"..d_.D...Lw}...~....uV......CY|..V.XnDh..r!...Y .e..w../.$E....c..'..a5}.[.wt.^..jn.%.....<i....!..6...E.....6sP.)d.5.)`.8o:.|w...t.......`.Y.i.....p....n`R$..|@...:.f..@..x.I.._.p..x.v./#....2.O..>.....f]...t.|..c....$..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba360

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\304__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.737292758996403
                Encrypted:false
                SSDEEP:24:y7AAKfNKcvvFc1QECKkKxRqqxlQppbZVZjH0TH9O5Ye+QUiln4V:8AAOgclcfDxoqxIDVZDNEBiV4V
                MD5:6D8B2A424B81129CBA15AD0453FC4988
                SHA1:599402142410A3921E083A2E15BD85D8A26099D6
                SHA-256:0E5881052C50E1A170CC94FBFAF0F17D50010A625EBD602FA702D9FCAA9A3931
                SHA-512:5E949028579584DFE7B75DB1FD6C309D645C3B89A8D3D9CB3563751EE5E2739C8A1755E87CAD9ED4D333665F26DBC83DAD1886883BCAEADE08882507CA51ED84
                Malicious:false
                Preview:......VL1-M.V.w.,.h.s..Q..l.7..I/#G.Qdu.N&...q\..gJ...)8....\bZ.V.......D.....~....-...?...4..;.u..g.......k~...c..U.....s#X.L06.J..}....+h.6IC..h.O5..xM.y..E..e..B.x.C./{.U..n.M..%..7C...r..<'.SP.8.<.q.N...W...z.E....K.......%06..$...x.f...M..'....=f.7p=3{.....C.M.b..1...K....y.....E.g-gk.......\..<W....n.Ue.....<.VY#......g........Y.......0\..$fS.J.M...6..&..Iw.T.......K..$..Y...8.\..v7N0.-Zv..+....}.*5;.PI84l....q%....d0.3}..(..[.(<D.R."1......T..:...%...& Y,.8*...!.t.....Y...&n.L.t.y.......a.e!.@..!('.....2....(..b....=....Y>L.....7e1.B.iB.'.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\305__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.699111413251263
                Encrypted:false
                SSDEEP:24:ERyvZRAodtmI5Gt4ej1kZVZjH0TH9O5Ye+QUiln4V:ayvZRIOg/54VZDNEBiV4V
                MD5:925696B61EF026748366379C401DB40A
                SHA1:4FF84B25547A956CBCA25F943D6CEA67143C7002
                SHA-256:3A60A83B68B5C4521DE515444D71A7EA638E7C69FA47EAF62CB5DDBD691C40EB
                SHA-512:263FA2C7F800CF80FF8C02412B20F0F2C8240A657FF6FC24225221A8B9B7A9B1FFBEE1B632A1071EB6961BDBA07EA13B30E551F56C5410AB474C18FE956A00D2
                Malicious:false
                Preview:..J...:9<.YF.D.....s.b.'.t.h....eo.8...,-.....C_W...(..$~..NJa..J.A....W...(.[O..p.\.t.X.;6.#.L..>./l>.z.D1..e.<;.{.....-.1.*l=.6.I...4....?7}..|...M..T...>....X............\R....V.(......%...v....w-P.c...*..!....C...*2.+......,......x....6.......qu..c.........A....$.[..7...i...c.d...r{..Tp....F..B..X|O)...N..r.L.GT......xI"(O......G..r....I.R....V..........Mu.@JEf.Y.V..!.{...l..o&H.X7..'k..@..h...XN.LU.o..Iq.'X..M.7.d#jO'OW\.+.a^}.Z.1e :........^.....j.H2.LX....k.6abv..b.. ...~...u.el. .B).jt.Y460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\306__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.461095115612789
                Encrypted:false
                SSDEEP:24:ii2L7KiQvc7AJIiVze8SWPZVZjH0TH9O5Ye+QUiln4V:i1qc8ze8ZxVZDNEBiV4V
                MD5:519690BB3477A3651FEF19C760CA12D0
                SHA1:0FF963763AB892CD58D94F7018968E57E5093E08
                SHA-256:D9182B1DEB8381096E91E148A8E5F8BDBF0A0E8CE097E640BD93B31442CEDE3B
                SHA-512:956134E048D295A3FEC4438D9758BEA0523FB2D74544618426600376105040ED52E4BDE8B394A5357276041C11D13980D655BB6315108383267033BD4771ED9F
                Malicious:false
                Preview:,.`....[..*.S..h....Sz..Xw..Z...P.7!...[....2i|..C..US..[..|3@..MJ+j.....!%.=.2.Sv$\u&.g.W.d.2...f..-j...i......<..Ed....To..d.5 ....[.d..A"i-...>...Fl..A...@..n.Mp......m...q ....=....l............'.........c..r.....I.5..wh....>..W.J/b.+.d.K..<............q...........Y.?.!c.Kf\.....6..s...5.y...w.%.h..:1a^..U...."4.._...*../7..Z._..^7!......|.a.G.'.zU7n.....FY.....f.s.c..R6.m..]..M&.G(.+.....!UP....J..'.I..;...0.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\307__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1309
                Entropy (8bit):7.045270947530188
                Encrypted:false
                SSDEEP:24:UN4wrkkFBxGTYSK9ktnlGwuoBt8YrWG7tTrYUmvE/RXZVZjH0TH9O5Ye+QUiln4V:UCwVJtSK9TwuoGGppmvIDVZDNEBiV4V
                MD5:3F1ED4340321D2156EACF11D0254735D
                SHA1:DD356CCD3BA157D35C6797EA6B052F539AA9D84F
                SHA-256:DA3363A8C262C1492283CA59123A3C2F7E9CAF877D211C4130EACD396A145A01
                SHA-512:CC4D822F5B74A77A4CD5D8E9C67642DFAE6E76D3F704E6C813DE6E468C3025F0B4D0DEEE345A21AB3839DDBD2A11E021CF46A2623BD989F69D71F3DE42943A99
                Malicious:false
                Preview:....>......Jp..Z..xTx..D..3.l}....W.e=c.Z7.~:..w.G..B;...1.l..Zj*..3Y.`.y^....x. @KQ.i........A....-.H......%3..(..8......0.j..&.....`?..r..BPf..i.#S.5...D.v...d.........L.^..zM.g....d.....Z..O3Q.....2...._.0.z...ttN]4..6......r...l..>..d..1..W.n..|...E.2}.....F...-4.vDF....i.^N..Q..8...{>....Hy.'W.M......yG.)...Ib...,.u..z.6.;.....)..3w$\...1}].....=..flQ.(...=..^n... `]+-..T.L.u....<{r.4......?.Dq3.>._....d{`5.y...ii.=./Q....G.hv6xW.qC..YaJ..][....=p..(.J...MI*[.o....8.......}.....I.O..8....?Q......s.[.?....z.Yd.......~C.$./.<..J}.........m.8z...f.9.).r...R...M.3...!7.].\.{<.o..)V. ../9......r.'2?p#..x.....G..w...hP.<w......z.^..(...5e.....'.h2..z2..n./u...a..D..2dMD.eh...3....b..WA.....(Z{}!#0..VK...C.e.W.w.q..z.w6F!cM.A.....oS...h...C...T...z..._460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\308__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1423
                Entropy (8bit):7.216664171502025
                Encrypted:false
                SSDEEP:24:N9yX8Ae+RAzDI5ZN3zpO6P+236LQZmwX+c62LP8xrGBb4pQ0ZVZjH0TH9O5Ye+Qg:T28mRAsldH36UZJ424ZsIVZDNEBiV4V
                MD5:EE490A08A6013018BC3500F33D74D869
                SHA1:2673229B8455823F181B6A495B1DD4F84C56FD23
                SHA-256:84203C78E7C41BAE5F3E833E779BE52B390B1B9306AA0EB7180F3C69E08DC0B5
                SHA-512:6710FB5C11B2634494B433CE3D160375D5BFCF662465497E22AA892181716A5DB0250D1C65B4473566436B46EF38A6427830241AE0BC7DBCE8716839E7651EB8
                Malicious:false
                Preview:...<..D}.B.$U.8.N.......l...gV.JvT...8.+..s...b1....b.......B...w.....i/.}..-..5..}.-Cl...a....=.&../....n.%.[..\..Ou..:..%.)W[B...j..y'.`.>..@...V.....T[lR.`.=..wC3...9].U..sAz.<[.wg..$.b..`[...t...;...S.D.,..Z.<.-o.r..-.hra.I@......X...nAc.j.zd_I.a..g..`.j.t........$A.t.A:h......2...^DV.S..!}p.boJ..| ...."v>...@..GT.8....e..t.*..R.....Y..=h.I.a.0.....:.^|.g.f..)..|N...Y...0.+G... ...XbU.k...>.....4d}~..E{...%.8.d.....n..s`...$..0.}.....:.|~.@R\.G...%B9K.G...a.....91...mlm/..x.q.......8LY.Xh.U..........z...i8gn.J.(....t...vn...[b..<.#?J....$..8.... .=.i..LC.\jR..k..L..,7...z.5O..Sy$..(ok....G...|.u.%J;.~~.{4+T.v.....|.\.V...^.:=.w./...f..B.+..fA.........W.....&....7.+if...R}kW..M&.. J...9..y[.x....*...N..t.+y.t.VU=.......U.m....I..6..t.......#/....3.......q..bo...!s.sr...O.pw.=.<'".y..rs.V..../Rg..m.<y......5X.-.E.o_y...k.y..R(P..S.r......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f90

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\309__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1293
                Entropy (8bit):7.05347522694343
                Encrypted:false
                SSDEEP:24:OJbtR82PlO5XxnLsQSuKq+VZQetpGb6w+GIWS9ZVZjH0TH9O5Ye+QUiln4V:OJbL/PlODLA0+vQGpQ+GIbVZDNEBiV4V
                MD5:B355E1AEB79988F7708CF0B0626C70C5
                SHA1:825DDE7C0F8D8DBB0E6EA73F54CB08439572D86B
                SHA-256:6AA72B5F94E2D4EB7F1A45BFB664F4CCDD0A07A1FB81DD4653389F5EC96F03D2
                SHA-512:AFEE15C0F36E88229B85D120D2085F628ADB9584FFF1EA524F65E6906BEA4432AD865D7F62AAA11624CC0CA9DCFC7C508A8C9C8286FE64A962EEB07E96E9E1D5
                Malicious:false
                Preview:..zz.I30*.......r4..`......t.SAxv|.."ok...#.>gH8h.v..W....y.6.[!WZ........K.)....y._.b.6..B....i08....R.....*..+..ew...k.S.5h...f.m...._aG....5.`..........imM.........8..(?.=z(.d.N+Q.A...'.J.Y...Qye.r..LC..W..\.p..`.~......E.........:.d...74]x'.,..U..Y..._..C...Xd."^...........#......C.vS8.s1..8RL.n..H.c.?P...\43pO...&.&<eC..6.}..S..G.#......a7....1>.b171..ek.X.{..^.Nm4......:.....o,...{.>.........,+r...6.>..<*.*."*Z..2.o...~.q%[.....T...a.a..K.N......>V...........Wg.d.(.R....(#.."k.q.. s.A[.......&P.,..g./Z.N....C..5.....c.........K..X....M._.V..K"........4L.........T.n...1....w.BB.....YlK..`..&kI..j.zQ..^...n(V...U.`U\5q......w.m..(..h...>..<(...K....I.._..M..B.S'.}......m...Y........!..P>.8H....?|H..K..0;0Wi. x5.#..{.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\30__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1166
                Entropy (8bit):6.873893700597221
                Encrypted:false
                SSDEEP:24:TljnPVi5ZbV6Jagad8bmMmscVmZUhPaMnYKVRsZVZjH0TH9O5Ye+QUiln4V:W5ZbE5ad8bmMmscMm9wVZDNEBiV4V
                MD5:664F29448D67FCCE1F9B097391D67CE5
                SHA1:9F97506EB7699EF62BEC4928DA47C7A13AD6F3A2
                SHA-256:153DB0E6CBAA0070711F859C7F7075403DF10E3F443C21A49CBF04B053A1FC41
                SHA-512:C32BA08A2BFD4733EECD329311EFC0FAE419DE1E7590F95654D2821ED8F27896E5173F03E8253F06DD3C25B56D044AFB2813E2EC2A3FE81A65982851A2B43312
                Malicious:false
                Preview:6.*..'.x}...=VoI..c.~e3... +`'3.[.....rv..z..h}.1....p..O..6..*[..;n.6.i..s.1...S.....r%|.........].m...3K...O.%{.G...M..OUE....~..e,....\.l.d.)..L,...(.Sd....?<E.....N.^..Y...."..!...'y.Z.$.gK.m`..(....V|5..-.cb..P.......T.7..o.^8.j/.d..j..h.....>.[` .h..G.&#?.;@...V...%mLv..X@+.PE.nm....@..6....Jf)+/.e..Lw....<=.)....b.`..rV....P.F.Bz..C..h@.....).......Y%...'..FXX$.{.[.o9.e.dv......w(...........d."...7.....0.3.U.....0D...l.\M.........../...j ..6N.....fK}.yM.A...,f.Py..<.)K.k...$..pvr....g......p....1q..2...yX.@`..Fzu.z.._....gU.uyw.e.`..x.;.p.,X.%.H..."%.....8JR.[6.6..tP9.Z...6%..?..b#).h.E.S...e...y#f.vU...z_~.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\310__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1373
                Entropy (8bit):7.143005126043508
                Encrypted:false
                SSDEEP:24:EgsH/zoqUS8hekO589pgyjtA0bgCYmOGElKjg8CZe81hopQcoW2ZVZjH0TH9O5Y/:Er/8qUfO5CpgyrbnFOGkrffVW+VZDNEx
                MD5:45BAD3CEDAB9615287842EA403307C25
                SHA1:64317E01F1945E42EE50A9963A55DA1FD813214D
                SHA-256:4D0E8D9A21AA1DD42EF0D8177A922ED05809050859E7C27DCB6F89B2FD260EE8
                SHA-512:FA743ACC351F58284E1AC3313AEB03D7E3A68413CC207FA172C60612E3C2E17E63D1E878887E014D6362FBD73338902CF3DF5E897800FCD0022CACA89520E0C2
                Malicious:false
                Preview:...y.......B.~..^X......5..YuE\'J.....>..B.E.z.....S.........-...).f...a........(.H.o.i.0..l\.\.&.... ...V.j.-C..?..-..]..>.0...p..4..C...0..2.....UX;O-.""u@J..g...4.1N...K.7..O.$C.Ez....8.z...v..:.m...H.#R....@D.i1.X......f..../.kh. .I..c.J.O.K.x.:....b.B"..l..2.R6.E?..O..Z~.|Z......Q.[.{s?....;TS.q......'H7.$z.P.My3.r..1....3.."..!..%>.........rA..N...M4.R0.X.....9.#..Ue.........V...1....P......-.g......?..2....C..?i..r..[..Os....o..w|=....a..N..l.K.:..}B..c./........k...T...6.a..wi.+.._r...Br...K.rA.PN..>.7...9N.;....G..|f..!.?)H.6.....)V.....Te&....q..^-D..,...@@.....=..JC"}.X.?........!."/..S..z5.E/+S5..{.Y./....CGW...l........&..@.......L.jb..MI.S.....i.<..........q.."._k....Kr.qQ.r.I...?}..oQ..d..N[{..w.H.A...L....C..^..........g.7.\....._.d..#..3.7y..h...L>...5.J....h.3.z...t\..t..N..5p..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\311__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.969890539096081
                Encrypted:false
                SSDEEP:24:sTp1dbGEa8i5aMoEwxepPvdlSxoZVZjH0TH9O5Ye+QUiln4V:cdVaVaMixMPIkVZDNEBiV4V
                MD5:054585C445ACB2A6202160C994CE469A
                SHA1:17CD0A63894FA4E1048FA72A7E0FECDD6622D71B
                SHA-256:1664D5858D28E5ECB23508CE7ECFE2A8E4C70FAC487B517328D4CE529A0A08BA
                SHA-512:C453435AAAEA4510C9C1D8DE2FFD48DF1287B4B29FE68BA9B72E40FFBFA011BA1F389A764423D7AFF646E3967A15C11925859851D22F0B68C2FCF9A866B47B16
                Malicious:false
                Preview:8..$.?/.C=...{wvE.Kz.<......0.%w...wc.....e.[.m.;...g.:q.j?.z...6._..J.ZQ.'...NK..&......#..YC3.gk...Q...u..h..I?..X3.EM0.2.....mv^.9(o.>(-.....q!$... h.?..$m...[....,".%.Q.G...d..3i}....`.D..jA..cY.3....N....r(....z...z..?K.^.}@,..wu..G.a......r6...6L.:.a1.0._...G.x..;z~O]........f|.......1;.k\Y.. %ZhL...W.........a"..d...Gv.}l.^...ro...z{.>.b]",...x.q..A.X.s..>rQ.....H...+.`H.....^.....O.C.6.*....3.Q...........C+..J.u.9.R.^O..M(..'UAF..........qWR!..ob...2.k.t$9C.[.....q!g..z.N9(8.`.nu!HV^..a.....RL.,...FJ.Q..*......I.|.%.e..!..T.0B...]`....B.$%.......-p.....s.QG.3...X..&...pf..8%jC.....UG.N....1.R..!>(..op?....X.S..].Kf...r.<[..=.r`71.rq........:A..2I.....d...5.8/460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\312__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.805969412610184
                Encrypted:false
                SSDEEP:24:LT/n4DVGBX9eHodCGD30lL/fbbdZVZjH0TH9O5Ye+QUiln4V:LL4DYJAodO/fnzVZDNEBiV4V
                MD5:409C4B6422394B8B299AD2158E5B73DD
                SHA1:F74F7F0E276CE0E4FEDACA38095FFF0A16B7CECF
                SHA-256:CE52A03D7B8C73AC40CE0B6E10E8BFECF4C68192CA19FA5F0D791F03693A0C83
                SHA-512:BD0284FBB197376B0AEFAAB6D760BB91C4AED0FCCCE7E99DDFFD1B41B5B4D9778DBD6F4B0C5ADA38ED1C363784725F7E4937DD079439D53EE0BF3AEE30AFB9F3
                Malicious:false
                Preview:.3}_..j.$..S....!.$.....'.JT.....D.:...I.9.g(@)...N...D.p..i.-....y..2.&3..=A..."|...6~I..g.....?H5_Y@'X..a..... ....:A.tD..%......ig..]...).%]b7>..........O..}..P...[...n-....S4eJ...>...n...........U.`{..Z..X",.|.[z../..|.x.%....vF.....F,j....%....x$..wnr.4Y.D..K....$Lj........s.U........F....u:.T..s..r..{..`U.A...!.&L.....v....E..*.=.7G....d..'.-.Yxt...ER./u87..r.s........F.-..b`.n.n..-..m...F.d..$....Eq...n...0.A5..|.W........j.*.W?.<...Kc.h.k.i...,.....QmW.|y..q..Q.B...w..n.d...2e#>.V<..ja..J.?bB2d7..Ap.;.].%Vm.E./.h.*q.....jNo..<..Z.....[..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\313__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.664855596285534
                Encrypted:false
                SSDEEP:24:OX9axLmHiwjlmW4c09uf4Ua5IqiM6G9ZVZjH0TH9O5Ye+QUiln4V:+YCHiwJV4Tgf4Uax6eVZDNEBiV4V
                MD5:D235661393C421EFE554C5BCED68FBDB
                SHA1:D8DEEF74491185B8F309A07D3A50C4FE87E364B7
                SHA-256:53DD1F9979E482647511BF1EBA83785F9E2695ED328CD24B6C4FB829246F3DBE
                SHA-512:E31848BEF8127D6253B8740AC533BC4916F564B05AC98D9A0D621845E8D5F278476792366323B35DDA81EA8CAFA03A38BDE16A51142B378584C50E5817FCCEBB
                Malicious:false
                Preview:..^b..U.G......p...p.k.k.D....h*1H...UV.{...x.. ...;.O.}..C.? ..T.-...H^..v.t..q3.......9..f....m.I.K./0..9..).;.).......4.p..j.<.2n.."....x..E...+_k.x..+...^E..m...R.6.0.....N.>.!^.nY.~...-.|ExQ4..$?.'...6.....;y...}Dc.(......Rg....v.0..}.b...9`].wu)9..P.;6l+......ZQaq..tH..ziH}..a.4.d.|....]..]g4..b.._(........w.E.nx.....B0`.:...=.....<.&|v..j..z.t.....EWI..i..2...=...5q..v..B.{.lp=K..\6.. 4..M].GY.Q..]v..............p:....+`hL.P..R........7..)...jV..p..E8........b'-.C./.MjOs....D........-...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\314__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):966
                Entropy (8bit):6.535809433165381
                Encrypted:false
                SSDEEP:24:RzfbUnte8HgL20LyzyzQEe1ZVZjH0TH9O5Ye+QUiln4V:JQndS2VN7VZDNEBiV4V
                MD5:F491029E1FC751B94A9A6AC90D76E23E
                SHA1:17BB3C52EC340DEB06AD559F14097AAD10937B5E
                SHA-256:695F89C333268E449936806FAD9BEBA0D89821637DB154E9A2632DB930B01686
                SHA-512:2749D405E9A5797202854556120F18DC1AC6420E197ED48BC9F0B56E263222B975F7A0B5A12952A2457800B67788AC3A86BD265CBF41AEBB8CD9C8CB043DE60A
                Malicious:false
                Preview:..!...9.-%8..DH..YU$b.....4......(L._.t.........XN..F.[.W$x......h..NL..(... ~Kx.9..L....2..'..y...Z....^.}....J3r.Bp.....w..`.'.I...2>..kh.Z.....e.#...Sb'.T..s....7....s.(.....A.I..A..M.. .s.m\%..l[0..NB.....7..0..}.~..>1.....P\.T...].]....s.2.......UQ.Y/x.sx..{UVU....../M.@wi.,.7Yw...].0I}~}..=....9e. ....mX....>=....Ws...>......oT.5.X!!...N.A .y....R<....6..@h^..."-X..u.........[NU._.....@gG...;.^C.w.v.N......j.Ju....~....j.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\315__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1248
                Entropy (8bit):6.986852829717259
                Encrypted:false
                SSDEEP:24:XyoerWgC2p9legTii2NSehjSTL3zV0AtQo7UlpFYZVZjH0TH9O5Ye+QUiln4V:XyoerFhdd24CjSHzVrr7UuVZDNEBiV4V
                MD5:D0E969A2369BEFE31CFC63C60BC92A28
                SHA1:F21067D4317B7CA123BADC86B3B369547BFF900C
                SHA-256:0B37D3E35646BCDC273E2370DDD5E17A5FE294AD638B47F6A2B467E2190BB075
                SHA-512:23A0EEE79E0E4978F8BA5CE3DA8FDD76078BBE5F6A4B65D96F70B2EB04B3F5270FEBE49E694450C84EDC984153502B3DFB4865C11E6E02CECD41E5A4B4B67E18
                Malicious:false
                Preview:.6.......U.>^&_lF.<.ms.e].......i....RW.%...$........f...........HK.....................qC...1D."..g>....q%....}L.W.....T?...".....!..$.[...u.%]2WmUk.Y_.a..KF.w.6......}.5N.q.....zC...qH..9..w..g..<.)k.peh.ya.H|.xW.&.9.,...X.v.\........Vy..D.....?...s.oc......7.A..7f.|..t...81.t.s.7..P.b..f.J+......%"..#X.en....J....8cX.......r...+.a8.h...V.%....BqE..v._.k...j-.....fK.b..-......:.......g.m.R#.]...w.....#kI.z![]#.zt.L..).......Z?.Z*..T.F....7q...p.....="Mf[.g.._!Z.....pcV7...W..Yl..._..*....U(.Tg.z..E.I....Y....[..3..w.[.9&..Tqvj.S.j..G<.>..w..."q.pi.~S-.>..I..R....x0..(....{.....a....z..d..%...e.X.....uk.vp.F..W ..8...+Z.....g..h...p}!Z.u.[.pc..\mk.n...%)..C2...xW8h..:5!.-Tm.eHS..-...k.....Pz...fd...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\316__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):9592
                Entropy (8bit):7.952138915314131
                Encrypted:false
                SSDEEP:192:kTBGuvAXjTKVAb/tZ9Ev9+xfqGPzce8z6axcAN9l6zBsfWl+Ho+V:aB3vjuh7fdP9bmqB4vV
                MD5:DE43A81E86A2FB47062CB36D25EB970B
                SHA1:8F0A446C7AF1DC7AB27361F6676E86569BBD4A83
                SHA-256:8F33603C54E7A9B4E580636BD22DB4BBD24F133E0FD4615355607AEE06EF803E
                SHA-512:B7B636B6921C16968C6B3F571CE358BF651B7E560B6B8943F825EABC12E7EEDF74AE9D8EA9B5A089804DFE7348E86685128A71B12821D31D1E16087D8BACBEBD
                Malicious:false
                Preview:.g#......u..-.(n...>..Ut.H5swLHw)q..Y..j.t......B...Z..V.#..mm..z.....l.8..O~..@Q`.&....W...=.......y.s.`K..{n]..0;.n.%l..2.....$j 6...-.%Y..}.|G...w7n2g..h.......<.+j......."...Q.....e..=.Aw..dx.?.Hx._......].v.G..R.....g.._>x.$p.s.."..e.0.&.T5B.E.S...H...1$.......pY._ ......"...w...E......*:_..|`Y..3....3E.e."B.h2.L.p..w%....B....?....L..i>q.@..W..p.T..K.....Re$..Sp..'9...d...}..M...0..e.....b..<.:}tg.b...$.8.....i..k....a.x..d]a.W...".M..(8/.5ne...=!..cP...../d1P.b.qf.U...J.<.^.st.9.......`.....(.......M...!*..PJO;..GB.pT.....GN...].._.\J.......Z^5.X.w.`30.......E..c.x..Y..r.d...I}..A..'...6P..Lf...U,n..*.-.....S.F.+...(tp...&.U.J...BT.n..|....dd..u.z..1....&.ro...^.&4.k{C./..c.G. .....f...rW#....E..C.A..F....f?D..-....M..J..c.`....{..S.[..Cm..l.DG.OW<4...U.....2m...&.....$0.P...;..C.pE..y0.i.V.Z...V_.#=.3r.....`d2...>...P...E4.T.P.)....f.w....N..5.=.$.....p.9.DX..@...B.._.*.Vp.J....8..g...1..\HM.3.....'.u...q.7I....6.2..B.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\317__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1654
                Entropy (8bit):7.385269965424134
                Encrypted:false
                SSDEEP:48:Xx+BX2/XNT9qChTAi5BGsvzIj0v8XjVZDNEBiV4V:XxyYNJ5hEiXGfDeBiV4V
                MD5:57CE8805CAB65860EE2FB61A997220CE
                SHA1:B075891998E5C1D6352ECD9A1093CF355CA40FAF
                SHA-256:412E00EA1118ABA57C837076A611EBEC9CDA1C1FCC774ECAE15E04A0320A041C
                SHA-512:C60AAAA6E3C27D69336304E60615CAF842FFF1F5399A0D7B5C1BECBA0DF620E7C5355A23E132D76FA90D883C813A3203F7B5CDC8C97BF236C90CFC466CAA06B3
                Malicious:false
                Preview:^u...%.GR^..7.Y...p8\..k.dN{h......2I.C.9..G.5....(.B:,UV.....K;......9-A.+.Uf...d.....^.x".<.o..W.YQ.s.C.....X.#........K|..J.tK..+...M..W.$.dIl....._.O.......ve..................i.t.S.<.muD...pP-0.....='e.....;...!/...^.{.v..r.B.1.vF,L]....3...a...Q....kQ...<Z.....).......*7......)...._W...sX}...\..j..0..._....,.w.5..$.N..|.P{..9.........1M.).w.{.s%>....9U..p|....OS6IP.....GO...w..l..E..m...{......<....B.0[..6^...b.f?..w.~......>2.B!(nF...Aw.N..A,...9.n0I2.r.EE.{...k...l...W..Kw..;H...c...j`..c....b...i.z.4..8. (?-.q.j}$...!....{..s]$.<.~i....%ES.i.z.....v..Y..m*.4~y..z.!.&%B...|g},8rC'.&....s.v>.?.....^..B.Z..L...C.......+r..*J..H...)....".'...<.....~.M..B...x...'Qs.-.H.....Y.........u.......,.R..<..{..PV.t..(./.m.[..QTM...X......d&..C...RFjA.`".:5.@.v.2d8....s.G....#U...}l..6Uy.].....CL..r.....3...zf.................s.J..3..8.N..;c...m.Z.;.E0)E...e..O....b..o...l<]m.....8.V..%....P...&..=.....'.\.k.G...5.T.0K....j.......'."b.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\318__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2359
                Entropy (8bit):7.626859904465468
                Encrypted:false
                SSDEEP:48:TLvuWr3QwPa7irGB7pVExKjtNWlgLtCIoJCjdNDAwtVZDNEBiV4V:TfbPa7irQjjwgheCjdNcwxeBiV4V
                MD5:BEE55445DE55B900D003CA4ACBA4FECD
                SHA1:2403180298EB571686D73BB4BE295859016BEEAA
                SHA-256:9F592AB2CE11F378FA1E3EBF8FF140D611F10B54EC19C39B31A9D724892EBE34
                SHA-512:4394FE2E1C2EED374E6E2137DC6FF8195D06BE96DC966B13B5539AD862596DC8F379DB43FBB58F799C71AF04BF10CC98A88D172C3E8730B2A070B4B40D6C20E7
                Malicious:false
                Preview:=r`o.2..+.@..eFL../.|..y.t.q.........u..AC7.7.vF........sz.bvf ......{..b-}..s..9r,;..<v.....)..s..$<.Z4G....z.<....=oc..`,......`J..../...!.K....!.e..7/.I,......j.Yhg/..Jv.bS.....M..$U$.[..t0..@.Dg...d...y..^..$.8...@.plg.Y^.z..cc..)9.......i._d...8L.]..T..\Q..=....O;.z.Vy.Q..W/RSE(R...".Q.....(..U<9.....0.z...`.7.?._.1.zd..q.I...M.%.......T.O91.....!.._. S...........k:.]..dF.....z..u.pQ^.)....7Ej.:@...!oJ.F@....|..;..I...d80...)m........{...<.U.^.j....D^....#..@.Z....9t_\..|....,....$....0x...K...U0...D+........ur..PU....ZE....W'O....4".P..]...i.1.P....w.U...:..*l.\\...q..w.e.C....-...5........4c.io>.`h.......A..{....w\..wF....vV.~gQ...?<M,. .*m..7.1.g..\...[*W...C.?.5..3..J..*V.:w$.T.....sFeKv.J..'..6.......M...../*.Z..........!M.....OM.<.A<z.nbu.......<B.6.?~B3.u9.y..y......f......S+...q.a.v&..#.Iy...,...#.....,......)q~G.C..V...7.|.$......L[....k&.U$.....X...%eW(r....wB.Kb.q...v........njIE.;.......Q...{E:I.x.r.........A^...%.P..b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\319__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.532125828961472
                Encrypted:false
                SSDEEP:24:44AvCcNQbGNj55J9YHdREZVZjH0TH9O5Ye+QUiln4V:tGCcGGNtQPYVZDNEBiV4V
                MD5:4C73F84114B10AE5AE53D141CD21877C
                SHA1:75586D05CBB721F2BBEDAFF0315DA6124038C4E2
                SHA-256:2099485A4835E2FCBFF07CD202F07F4B7EB22B20256B753BEBD1D3E29E69D24B
                SHA-512:64A591C18B2E0D3DC68DF0D082C6F431E89EEEC853FAB1BC6EA279CA7C4A4EE924BC0CD39F66CC4429D1CE4C709CF2F57E7D62A3BC5FC95F3783D2CC060E6F18
                Malicious:false
                Preview:......,ut........,..=.</y..}...?......_...JjnfK.P{.5..g..>e.(KN...".$.....=..{...2.<|.5..&'..p..|...j....Z.KA.x..&.M.C..2.[.q.....9.q...j...y`....q.....v.....P.6.N<..t....q...gr.w.}(.D.6...E..>...;^:.=....}=d.B...M...S.8..~.G..j.L. .I.r..?\.|..BL...e.W...{w...._.b"..s..Z., =d.....v.....@..]..7&sL...u..1l.t.j...M.. ..m.....X..x$.x..U0;.8.T....9.kC.T.R..... q.O.j$..f.......S..\...<....~D....<....v.p+.j.wEmJ(..?.R.V1/...jg....1M*uNK0G[\M..c.z.?:..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\31__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1362
                Entropy (8bit):7.110365063383336
                Encrypted:false
                SSDEEP:24:QSJpf7ell3hmg5VnRBrkrn1wbqlk/ahFX6ZVZjH0TH9O5Ye+QUiln4V:JS3Rmg5VnnQr//D6VZDNEBiV4V
                MD5:BD6D1C37A2BD17222170A8C570CECCB1
                SHA1:9CFA97535DF523FA81D7F0070CE1B0AFA9A35621
                SHA-256:D461A2D727BD3F649605E75A95AD1FE2FD282F89929AFFC41A939B8F0BF08F70
                SHA-512:353ACEDFAA70138F0968788720B0A2D31E88CFFF8310F1B2CCE0C9FE0B1C14D52AF4BB2644B66FFA6DCDF2F85883C5251A8EADD246D99106FE42B2AC4E2BCEAD
                Malicious:false
                Preview:ftTY:............y..CS(.R..f..P.t..f.4.K$...t...#Q..CR..(..O.........F.m..j.h0...O..e..=VX0.%D.W.....z.<..S.C..S.4....M...@...?c.wD.c3.!J.yILU....k$...b..!......F...-.N=KVaG.z..nv..0...)..........|p2...,.~....z.w...;)ggH.tR...>....aM.\.I>.b..BR..Pp.Ie.{?q).U..8_..ac......&az.H..).......K.\-. ...Dt...i\..&p.c...a..B.....}....Vkv..F....AA~S#.c.....m.x.E/.J...u....+..Q...,..M.."....O.,.D/....(9~.....K@.>I.....do.N2........*...Jo.qx.>..X.7n..... ...%..U...?^7.~.*G.|..b....11.k.Iqk...#....w.LL.1S.M'A.N.y.@R}..............{`.z.+.?.$7...[pn...x.:.9...........}..W.Te....A.@..0....%.<.3c.:y..X<*.O..@5Wx.d...Ae.A.Y~.!.#.o.hx..I2.Y...,.ra.QUqM...N......|.N..P..y.......EE'=k4.let...s.3..e.Z..%...}....6|....'H.....K.I ..B..n..N..."RR+S"],...d-$...F'l..S<I].n.T...u...=#.3(.....f...dN|.k...'b%...1.F.KT..#.....t..:460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e63

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\320__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1304
                Entropy (8bit):7.027114725414512
                Encrypted:false
                SSDEEP:24:QCIaspWnulXf5BUQw76bLQxt5Rbjcw/QoWZVZjH0TH9O5Ye+QUiln4V:avlXfoQwWLQduOQoeVZDNEBiV4V
                MD5:3C71A87E962B7708138270BFAB841CF1
                SHA1:959002E9C6AA50919D211F2246EC6E2742DE9504
                SHA-256:6D9B7A66E0601DCC0A8A02C8405BD9B9CDCAA9341D85D35E7D0D2D1996B5D31F
                SHA-512:4944CA07D4804BB2B180288DCDAFF4A5D99803F939B48F5905548833629C4ED521EB4DB332B81D058B053A75BA2B8928FB59A51F2A2CEB4B74004A10846129FF
                Malicious:false
                Preview:..}.&..\.3..5.A..me.....H.5...iCo.s.g.dT...do[.C..)..T*.^...~<h.d9.,.k.h...V/..e..N....4&...R..6..0'K.C.^....O h.....|.v..9.O..4h.MJc......u.q<X..e..T..a.b.'/.C;?....0BC7..2.[.Z.T-,2.Rm...Yu........Se..3...{......V1vq..,.i.i.#%.(.F.-...g..~^.d...M.`...!p.F..]j.h-....%...ey\.Px.)..P.`>x2....xO........Jy3.k...l`.v.....^...j'.`X..B.V:...*ae....}......,.csN..........% .a......lPu..P5.{....d6....4Zd<..6.g..o5_xT..g.FI...=.6....[m.m....k..JM.6A..=.u..e..0.%...ny....Xu.......-0O.=.$S...(MZ.+.,e...Z...S7..s.^....j..J..wk...2...r..x.sq.....F.vW......=\....>.qt....6..G.b..|.QLt.....s..E...7... .5..4@.`)o....Y.oh.r..../.v....J.#.8.?.......`.k:.9.....[.S....I...9:.......jgO.O:#.GVX?_&.jp ...bGE.`..!=..w....m:L6,.......#......-&?.....G..[oOR2.,.X.F.h....!.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\321__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1261
                Entropy (8bit):7.037732438641585
                Encrypted:false
                SSDEEP:24:7oN5J5N6VMmn19DrD62m9mL20NvtFkUUZVZjH0TH9O5Ye+QUiln4V:7CxN6VDn1BviM20FMUoVZDNEBiV4V
                MD5:55BAEC514CC37F7766D9B09F9034DCFB
                SHA1:9B1FFDC96EDC893B78A1DC7FF6BA14426315CE6B
                SHA-256:71406986577EA68AA894E6EFBB4F58D07CD1B6F48B6399929D03166133647EB1
                SHA-512:08199E7BB6D2D12D5D667AD261431C9FD75BC9352A2CFB5A9F9AE64808FF3EAF573F32CB78630D427CD14C56387DD2FA4BB5B779D702F2476D069EAC2A72A71E
                Malicious:false
                Preview:S..!..aW:>.)...!../.fv.Dl4...!.O.k..z.Z.{.\........2r..m-.....bU..W......3....Q......).......A~y^y.>...pU.".GT....s. f.n|....F.......9.KpU]...:..(l..TE.:.:.R3..f_......*!..s....p.g..m-L_....2............d...!....2.P.H...u../....y7.....q).=..c%...!...u....N...../P..-}.b..qf._...+]..rz.xT"G...z.Ms..i...M%..^g..S.._.].r... ..u).'.f......V...\.\...).a.{O.:.F......../.w....~.D:........f........F.].f..5.".......%/\.=.@../<.....+..`..p.4.A../Y.7..k.&,F......5.'1$...e........-.]......I/..?i..B.\.../)....Be...$.R.......F.i(.k.;..l......G..2v..;#3.@.}.n"OZA./)k..?.......5#zW.}`.T.....avA.KM....C.M.S.v.7MQY."..#.T.c..t.E......LXgA....W.D....!Z.t.[.).{./2.7.Z5..^P......^_....n..D.r.[..K.6.cE..m...J.@...*}.d^1.{.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f6

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\322__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.756225155569481
                Encrypted:false
                SSDEEP:24:o+TaAwWcbyaLsGDy/LwTAVlZVZjH0TH9O5Ye+QUiln4V:xmLySAwTAVrVZDNEBiV4V
                MD5:6A05674ABEA103448C1333DE26ABD361
                SHA1:E4FE9B88C692B67EF1571835C5AD8C9C80B34266
                SHA-256:36BAC23482D85535CF89B7B57215E9A909E4746EA6647D822758C173350EB841
                SHA-512:034B98FFF346C77A274C2E14C2A1B5B3DC964433F57591FDB8A10BE2E44E57975C53B58D782E82B891809AC61EF5C8E6DC983BA85A16E6817A57DF2B009C6E69
                Malicious:false
                Preview:.m-.SX.d..#s..6........u\....d=;.o......MU../J.w..c..Y.eE....w...Dj..h..T.....^d.F.!.5..0.....Y../e.r]>q..)u.).V..Y.|Mwy...Bo.5..3.q|..h.+...h.E..3+.B..Z..X.8.YH.R.%1.m...B.w..B..g....'.4..5..Q.......z.FL.?VUg%.... ..=.ES.UN.p...R.F.D..d../...[j.K.}.....k.P.0.z..TS...l.3..<.....MQ..'K......(..z9$}..6...0...m(.s...*.U......2=.. w....2|..6x.k'.."...r..l.%..H.....K.!.......m...K.v...........N..s.`.@..7...j>..L...J JJE..a.g...2.."..]j,...L...q...t......?n.).5..W.e.q..."...{.y. ........Xb.H...V.ky5..j6.....n'.(...'r...k..U.|'6z...F....k..djEn.!k...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\323__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.626037368995321
                Encrypted:false
                SSDEEP:24:0wJzS/XoPvh5zJOOif3DfMDLMDtZVZjH0TH9O5Ye+QUiln4V:fJzdzzJPq3DfMUDDVZDNEBiV4V
                MD5:C031C2B0012F74DC00C4A1ED0599970C
                SHA1:6C817AAE07F61CFA5B220821B5415BAAA8011605
                SHA-256:03C72252CFF8CBF4FC1C085975D47887EBB73186E4DBC24FA5AB2C0178E1D2D1
                SHA-512:E420A89A766F51862FD74BD9FE0E16470E82991A816B3657DAFDD47E57A86B185C72948AD7630D0BEF7B1C623F186DAA50F5ADC69AAEFE2AD00A3AE02FCE3D3E
                Malicious:false
                Preview:......nH..uS..S9..d(../$O...T..y.R..u..B4..G.&..i.7.X...N....5>B..@.P.....}.....l#.RG.SZT.a#.......n.....n.E-.h. ...BT.2.,\f....e="&.K....T..{|t.....j..)....`.8.....*.`...D.......Kh...U.b... K.;Fw..].h.....>...*..y..)0.......{.}e.2y44C...............6...&.~...!.....}.y..6.'i[1.`$v.c..n..x..$.h.[`.x`......FK.p.<H....K......V.yo#.$.y*Z@[#.,f...Yt!#3..Q.[.W.......\...N5..S0..'.n.L.LT.j.....{...f..yH.A..un5..DL..t.2..........1?..n3Ui...v.wS..<.M.H.~...\....QO..2#d...7......2....*.(]..t....,...fF.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\324__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.421650066926964
                Encrypted:false
                SSDEEP:24:5D0Zi0Ag/SPwskZVZjH0TH9O5Ye+QUiln4V:5D0og/S+VZDNEBiV4V
                MD5:7E05C201470F221694339D4847672796
                SHA1:869A0CD819F1D960199EE53467B56F84AD1FAB8E
                SHA-256:1DCDB73133F735B094B571AD6E1B18B8E2622840D334C4DE939303B00A2C98DF
                SHA-512:8EDAF4A689FC6320A988F065776E92263DD47D66CBF87559266F282DCD3AE5AF86A5F404A69838116AA8DFABBFB36D3AD9EBD66472547422E4738FDFFC708BFA
                Malicious:false
                Preview:..S.;.oLJ....K.C.Y%sCx.7+..X.....@.a.5.L......9...,..Qm..tY*.uw.i....8..%o.m`A..u5....02..29.....*t..6.7....O?..R..6.,.}....I...1?={{V5...8../%.dv7WZOn.du_....T..`Y........s..%..2.g+w.......B..Q..9\......1.8..E.t._.!T.....i.V....kH6...w....Xo...D.....'.wfN"e..~.+aU.O.-...<.\M@....6...e.....G..5..h' Is....%v..0....t.fH...`.u..v...<....!.ou.8.G..2q[.f...........8#.._....,d.....h..]..+a.o...dUAK.`..1.....T.......h9j3..&`.].460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\325__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1379
                Entropy (8bit):7.117332828195053
                Encrypted:false
                SSDEEP:24:IPs3nDSigkbxIgdsFXAVRHYFnOEcLgE7ZVZjH0TH9O5Ye+QUiln4V:13DykbxGKRSHEVVZDNEBiV4V
                MD5:6E443FBA6194E8554695D4F8AE91FFFE
                SHA1:C8ABC7E05CC723D36C6F2F11FD8D94AAC29703E1
                SHA-256:1A0276C3069989DF8F65E9D2D6D9B66E53CA3905C34D4DA08DB923CA45550124
                SHA-512:2F507EDAA05610C60D3B0B8ECC6C2B4036E6BFE2C37DA7E7C82165371B77E125BBBAA73A597996D96C0742ACE67952E9AB7BFFBFFF2AE86C2B66ACEAE15C829C
                Malicious:false
                Preview:G{n.$..{8.~l..2^...[@..i*N.}."g5ZA)Y.m..\N9..?M..y....fr..K....+5./..B.M..Y.le8.>.._z.gi.....2.J.jAz.....^...c.......-.k..Y.:n^2W76{..h...:ExqCvE....~t.'....U...-..b}j..?....B.I..D..fk...N.3....}.D.{k.+..f..o..=....l.Q'.&.3.t.gJ..../.ys5.......@~.Z.....L$...}...DH>..8.....~.;P..^30^.wa@.=./0+...?V....Ll...ya..E.s..5..Uy.....n\......,.L.q..<9.e|,..j../...e......(X.......<P!..s.Y...@6....w.h.7w..$..8..]%.N.?v..._.7.....Fm...i_.T...E{h..".m........n..T.m.mM.U..]..........f..Q$...be:=}.:......wu.*J<....|._..5.....ql...T.O..fU.2...5.H.E.......{F..3...b.B....va"n..eAv:....r.<$.<..(.."4u<.^..N.f..C.Q.E..p.N.Z4.....T-.....,BQ,..x....P. . ..:..Iz)..T7.X... .B.&.-.$...:D$c...H.....V....2..AXN....&.KN......c......lb...aS..0VzN.F....G}m.`(~.>2r.$.b%..(...s...S[o=..?..bec..CdY!<f..".u.0>...k.m......R..d..n?.y4....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\326__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):6.960153668899404
                Encrypted:false
                SSDEEP:24:HCOMJmZuMYSWoeGWaJbp77EsNDFBOErMZVZjH0TH9O5Ye+QUiln4V:iOMJ4uMYS1HWklZNrOErQVZDNEBiV4V
                MD5:C53BEA994BDF464C9EDA55A97CB0D65A
                SHA1:35BB16CC743585033F998B1176F9C2812D5466A1
                SHA-256:E797FDAFE56978E8514B2649ECAB26BF27566C993E8DA938055EA3C3604C5F51
                SHA-512:88CDAE1423C7B0A82FEB36A51C101126AD8A6248DD810A6A7F22FA37E8F02519D66FC35D524FA4D78A61E69B1AB7C8525147476B19C038867EE319881083F782
                Malicious:false
                Preview:...m..;.....H.....i3...*.B.>l...!.r.....I..Ah.{...g.3.......G......gk.....~'....s.....v...ZL<.1.0.w.....y...j..~.8........-l~54.{...t...]R.}....O.g3R......{h.....l.#`u6.l.G.^.j$..r.T43.s..jl.b...zE.[..%?.p..\B.X.x#... .K.oT....i.!......N......#..#..9....e..!n7@I.....I.:W%..d.@.t...N...?.........g.~Y...v...aO....eS...5.j8..?`~.2..jXm...$.<.....xc.].5.*..vFU..F.LU6.g.5*.2?./.U.v.S...>v.p.Z.L.96...._..v....R...;..wi;?....s5xo....t.l....v.E....b.......)..".}.t.....R..*....T.x.3.Gz...>\,..5>`q1`z..4.X!..o^.........f.^.T.EX.o.-4bV....R.....ac}...Z.hH..R..PL......B......)Oq......8.........6..q;..3..d.wA.j.vw}..S.z]...[k*..qj.-..G.=.<:..ro....H...;1J......)_..f.Vz..(.Y.jR...rj..T.X.m.C.<u460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\327__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1884
                Entropy (8bit):7.490711756501078
                Encrypted:false
                SSDEEP:48:k7BpFm4k99W3DGH5yAwPQecs12MgGVZDNEBiV4V:kbEXeCH5yNQecjMneBiV4V
                MD5:E79E441495AD0971C5CF91DB49B786EF
                SHA1:4AB34D9BA355DB75BA608FE7E31001585B2846A3
                SHA-256:E92D3923E02EF50E6A57CDD03F68798EDEB7641152C0626761929217DB4D9C09
                SHA-512:E0CA1D7E5E2C8B77A73D0749648837713D5132241DD5B9036278918B5153EA61985C368E3F074BA044144708251C2CC8005CB97594DBC30E7DC6D058CD73104C
                Malicious:false
                Preview:v&Z|..zn..si._....!..}.[J-....4.y..I...>....^l./.......g&...0..j.Q.,......8S#e.*4.......]........[h)..^.$K...P..v.q.f.U..m&...>.D..l.Zug].6Y.}u..x..XF......Q......L...=X1..%<..)H.}!.F...R.~r.U....@.Zq..X...x....._..I.=..X.kfN..rZ.{.^....O.>..u........'.>....._.P8.^b...-.6.Cdg...jt.......h;..q..q..@..E..B...e*(.............%..#."P..r..4D...&.........x.oJj.=.F..8.X...k..a....M...\.5h.'D.Z:...g.i..%..u...p".K..Q...JV.e..%)&..........,#+k.l..-.w............[..f......?..8%....2j.'..%........C_k...f...,...e....I7I.2.....1..UTQ.Q}.w.k-.e.U.M.T#Z.}..9..L..}..L.U.a.Ikm.&........5#J.].-\.rSE_..4V,.j.:.r.....Q.........<..d.g...>~y..h.!...hTsOu.|...e0[N.(v....*.j#.g....]^...I<(.:...P..o..S<..c.~`S.........IE.A.o..j~..d.6ax....8..J....j..e5u. ..f.>...x...`>..!..m..#.1Q.g.5..5.L|F...g..Qp.f.z..J....].tr.x....*.U..9....%....h.)S..k..x.X..F....5.......,..{.f........0?....}}+...../+$.g.B;F....F..%..*.h..X0mA....hw.w.......k.E..H]. .#..}._..qZ@S[.Q..\..z".2.D

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\328__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.765528942799853
                Encrypted:false
                SSDEEP:24:2664R1tMLWY8nXTaUtx5pYXfZVZjH0TH9O5Ye+QUiln4V:2iNweftx7YXBVZDNEBiV4V
                MD5:3A01DBE93F20537150D1FDC33C09C12E
                SHA1:1876104CB68875245C1B0F28E6F45CB863985848
                SHA-256:D6DE7BBD0E24BDF9776DF91D898B06BE4E9ECCB238E4C05CFDFE79213D83D00D
                SHA-512:D4254E2A62E7396F408C5C7945844679847167FEA0C4F97D92B0EE7D44A8F180957EE62DE95E5955352B7607DE5035663ECE4BB89E9093C175BED82B360DCF58
                Malicious:false
                Preview:j.....,....s....._&...'..f..o:.R_.+yh.z....j{..V....Q..c.:<..x...s...0dH...v/e6.Z.F.X8.^r.............nx..S..Nc..7...q l..e...M.....{a....0..`...Q.M.g*.!d.'..<...H.X.....9.....Oz._*7.{....&.oSd$A\....I{.u....0t..I...t/....xoJ...@9....Zq......W......^..87.....>...E......"+:epCL.v#..>..R.....@.4.S...g_]N$.t.~.$.u.ft...?k....X(...i....A@..i...XC=..o..E.-....}.-...%..<..j..b.,.5.a.../..T...:J.&...sw...B..ri...jw'6)8~T........n.G...Y.7.....S...U..*..e..V....T...m%..^Y8W.#..nn.f...k8..>...x..6.........J=.{....W=..'. ....0l.T4.....j!....@.&.I%.|...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\329__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.611568841126338
                Encrypted:false
                SSDEEP:24:0cTtgYgeE81Urx1EA3iBXg/KkZVZjH0TH9O5Ye+QUiln4V:fT1geElMr2BVZDNEBiV4V
                MD5:3282D8B2722AB351BF9B5C223083E44B
                SHA1:9293948B88CA23FDEA55C4B2C5BFB4F4E4BE822B
                SHA-256:C06938DC63C1C1A2BF32ED2FB07F04EE0F84DF58BC9F951FB401077D39A5ABE1
                SHA-512:C6985915005DB782C20AB0CA2BA892EEE362E553BDC1B55C122C2BFF40F4F9E7AFCCF1A41165CFB64A105C4B7DC8BFBB427947B77554543DF6F74B31B4773EA3
                Malicious:false
                Preview:..n.&2..7o..D..d.......s..&...C...t.G..x.|..x9&.YW..6.f.?..\p$. ..a......RD..?.......;...t]c.B..YV.A.i..]....8{....h.7......f..d.4krn}l.8/...s_..I.._-..UO..e.d..."....U.\JrB....L}.y.....D+.}U.:..{..0.Y.#.8...o...}F.M..I,.BD.4|....n...3PH.....B..e........hG.........b....u.E#m.E.c4OCc...>..6."p7..Hb.........Z.....s...Cj.,.~.#.y.O..hm.).:j.u.!/.YA.....b.Xp.{.u=.O.\..T........:..a.\.B-h.a...\.....W..0...L{sI4.....$...1.^Q+{.....W.7..5..p3J...<.<L..e8...5Y.@.9Vk.3...1Z3...+.....w.........L.;_$[.eDM.7..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\32__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1377
                Entropy (8bit):7.128214670140128
                Encrypted:false
                SSDEEP:24:GHZqcAqAzNtXs5G01ZiMs5S+NIidd1EScL7wGcCi9Yi+hZVZjH0TH9O5Ye+QUilq:G5fAv/co0/iL5ppYgfCiD+PVZDNEBiVq
                MD5:A04CAE70DDB94F4B3397C652B63244B7
                SHA1:E704D709A4743DF1EFE27D17FC589118961B1053
                SHA-256:CFABB5EA7DBCC440B7FB0FA7DF5284A89539BD30D31F1C59C12C596296858134
                SHA-512:E7B4277E1BAEDB7111D95FD37088E8284AE98C7287D29FBBC79CD045D86911FE9F2DA7660ED91FE6336905D664A5AA42D5FCF14361C3819F08786B5B301AB516
                Malicious:false
                Preview:..yT....(....WR.F.Y..S.6...<$.D..*I{dH2..9.7..7.._H*#B|.|......z.J..f.u...-.e.T?..3...H=:.DH.nywn......t.D*..3.MT..!..Z..>.qx...._.M.*'..Q.-l..BZ..1....]..bB..]A.0o.....YEOHvC.....T.|.e`.W....Mrb......{...D...T.M..\.wG5cG.KP.j.r"....^.o.PH...r..l.9..|^..9..j .....J.)..jQ......'......k1R.v..9....lN...6.G.W..T....v!,...I.5.~.dY...RrRX....Gdh...N....xT...wJg...'.iFOI....*..w.LZO...........#$....v.4..."..Y...Y.iS..Z.J...n{x.u.5.thLS...[...Z.W.n........E}..$.?I..v/^v...t.G.........fw.....Qs<#..4......v...5....k..tLu....<...L..lI.{..6...?......r...s.@.=.B..n.u.Z8.).vn.<\d......l..1].....c.....X.....;?...]..rw.*.^..y2...x4Ib.....D4.?..N..z.v5.......a..="...^.*"w.`..Hg.{....`....J..l..{.b.5......w?)t.......h.#..... 5@a...w....ng....LO..g.;..2......Sr...K>M.....X...m0.9.=.p.$+..C.....S_sq.O{....m..-K..jx6J.qY^....BV9.p460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\330__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.526416284473143
                Encrypted:false
                SSDEEP:24:kvdLpeMG+K166FuEZVZjH0TH9O5Ye+QUiln4V:kvdw9166FuYVZDNEBiV4V
                MD5:5A580517F796D0405786B89583E78A75
                SHA1:2AEA144EF50DC7900933D2DA40C04B4FA2FA503A
                SHA-256:451357536C74C006B6028162FCA60781250712C2EB7B64356ACD9B64B152816A
                SHA-512:A783CEB715942C75F749E5738190F362D87B4A79D5B379248A4523E40ABAA8E0A198EB0A1F49B1B202E61EDDCD8C28F8A37047A3AF13F16B9BECDDDB16299D8B
                Malicious:false
                Preview:..... ..Msp......L.........'..d.(....G.:.y....6..SZ.....v..._+B..C...4..yn3.j.'...;7.I.k.s*.>......W..])....M....Gh..`U.F.(.F..>......y-.SH...R.......F...;o...\v.g:/....H,.F..C.`i.Z.+.8..'u.}...I/\6...Q3....................2..~.TN.MXS.XIa7...p.....e............?W..*....&_.L..C..>1...q[..B..ZQ....%N..,>..b..=.".;..P....Y.].<tT..S...=..Q....t..h...pi..l....X.e..9.?..'."....D....G.Y].{y....6"3...h..D.*N.......S_{.Dj...Mq.;460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\331__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1297
                Entropy (8bit):7.093682025651442
                Encrypted:false
                SSDEEP:24:Wqmbj6RfrPMcHAA7ampXOdw/Z8DpCfdP8dxYUM9ZVZjH0TH9O5Ye+QUiln4V:WqGK3+2yDQfhcdMVZDNEBiV4V
                MD5:9F9393A1D7F50F0BEF3D9622E72BAF4A
                SHA1:87B20AB929979518EE24688F8659FB52D436569F
                SHA-256:674FB51955438F2E7B50414500D43743EACDEA02BB861CC646DAA95E7984B0D9
                SHA-512:A719424F549472CCC3241BBBDB7179B09CD14CC2FD0FB6A1174380519C6BDE93FF7AAD24E3B27E63C26FA34C169C9FB98813CE9CC2137759A048B521C197D261
                Malicious:false
                Preview:..id;...eC...o..m[{G[u.HT..y..f....P9...f......Ed:...j ..p......uJ.j.....d.#.LE..../...0.*.~Dv..c..'.l..46...A.f..Q........L~{......=;.2B(..R.X...\..8...I...9.........V.b..@=.....p....B...V$c_+Jm..;a...v..%.....].....)..~y....e..._.|v.Lp....xZ...6...=.:c&.)SH.......c..i.$%H....H..N.>)....<w..x.......o......J..G.k.#Mk.QV..`..U.mn...*W..W.f.0Z|.}......, ?,~.....z..?;>.d..T....Iq.bg.\.....'..hjn/t!........'rU...n...H..''.P....B...E.&...`..X....uO...,.....6......=...RQC...`9.{..:..q...c.....y...j.gl.....I..+.BW.Z....D.a.(F..g..)z...@%.0..B.k......l..Z.]...W....U..2t&.3.F....M7_J....Q..K...t....d.=0.....;...h\B.U.Y.[...n.=P...G.p.........5._....f`,$kO.....'....t...T...]^..#..H...?}......./P........m..J$.B,.G..`.8.(...|...l.A1m.d..S=Yi.....tk460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\332__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1894
                Entropy (8bit):7.46271760901099
                Encrypted:false
                SSDEEP:48:IvUoxgr55701JCY2IfYdDc7Ri2/hVZDNEBiV4V:I8/5u10ofYdDcM2/NeBiV4V
                MD5:FF963EDBC8B3711035E1E914EABB8A60
                SHA1:0E135DFF66A316C65D74E04B55A312EF698CBAB7
                SHA-256:4F96F11CF35B24AAF30AAF55FEB24880BA058ED7DB8C9FD47FA69A9C3628D242
                SHA-512:911054AE77CAC2C21A8A9AC374101B79911BAB699E27D88029F2857D9307E260C1932AB420F0D4FF14EBFA18838508CE7E98369DB4C52A82A01654178A9D1086
                Malicious:false
                Preview:..^8{........0..U.....P.....=.B.$..P.....I.;%}.o..s..KWR4...p.g.G4.&......Rl'.............. .{L. ...R.D.eJ`.....q`%...CHI....4.j.......$..O}..._......p..{.Sb....Q.DX+n.D..'8.+a....<...........O.0C.2.c8..Ol!W.v....]1.....+..4.Z.....`.1...sn..}.7....xN6l..9.xVl3......._.d...d..i,6.m_t..s...M....i.R..%.u..`.....c).ix...N..r].[.....;.'.j.&..w.7..]..8...........9.N>....+.Sw.zx{.%.#.[...X.1.$Pk0.7H..#.w.....7....XtU../J`.."0_d.C.7..'.2....v....r...=.....&.btC.+.m4.:..<.VMb..s.@..-.......?...C4"..q.......~..n...M0 .o.c.b..*.b...R..T......K.....3...dV{...J..../7.....h1ln.}....p1.@..Zv.....m....W...gq\8.6....#.?A....6...|...zS.N....;1..y.k.m.....n..5......J.<c...YLLg...$.s?....%e.7./......`.. .*%..\.....am.L~%..]wU..S+kN....J.3.x55.2.1..,#H[<.H+.m.1E|{.R,..-.Ij91.JGF...mL...='....+...]..w.Q.....P.2..e^.".(@.\.k#>...\.R4.....k8....'..:.V_R.W...{...;..a..j.[B..{..W.....PH...hN.........87.:..^....`p...u~...s!.i..|X.1.1-.i6......yq.....m...P.8)Z..n.EYy

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\333__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1293
                Entropy (8bit):7.0573817950325965
                Encrypted:false
                SSDEEP:24:au7GbpG/mkcpI8Oo7d22AbTMuHc82w8eI46cPAvZVZjH0TH9O5Ye+QUiln4V:qbpGHcG8R7UDbAx82lRcPARVZDNEBiVq
                MD5:0EB95F959529457FDB5B8F41BF2DCEAF
                SHA1:C02359C19DCA8FD5B074B1D5184637376A3E9174
                SHA-256:8B5FDA973A19C8F8988B0630050BBEF507A5A803C4DA2108A199AFC9CE2EA14D
                SHA-512:C680E14282F0C1CE77FE9E49146ED12C6F56E16846391086FEDEBA0261B40E8F6D8BA3A3F5D17FD0ECCE0C3326B137CD76F74D0AFC0812B2F4C081884B4F0275
                Malicious:false
                Preview:.........(.K....B:.+%....7.aED.. ......<t......m.......ysw.'.....=i..........J)........N3}S.....O@..9..Bz..JU....a..."._.O*.3.,.}..................d.X.QvJg`@...L.".g.#..UC.6....K&G..i.....2.......'........7...<..|.Gi~..p{.X.2}.+.Iax.UhF..+..Kj".!..K4{K..Ch.IR....KT..<.i.g..G..._@..u%...<..K.1.`..pZBq..M-..A....{SD.u].j?;W....~w...8.K{.t&.O...R...8M8...*j&.F..".X..h...,.U:....o.\mF.l...+.."...T6..T..W.0.D..$t..WI.A.....K:.i..h...D$.....$Cb.>F.G1.".)v....7............E9.3.a. o@hW...J...|^........d....'.... .....R.<+.B..^4.M.@...b.!\O'..`#.*...O...FN.i..Pn.EqS.h 8...O..,.*...........`e.E....:.h.J.z.w...Q.1.......E$... >...F.....Hv;.7#c.-R..9..=. ....4..W.s..<Q.,...a-.H...........g.i,.|0J..i..8.}.br.......b......."..>0.(......~3..u460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\334__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1320
                Entropy (8bit):7.107097683225507
                Encrypted:false
                SSDEEP:24:UtEpiP1Li4+qQr3TbKGIR9uzXnr5eWkHtbVlZVZjH0TH9O5Ye+QUiln4V:UtJV3+prjbK3R9uzXr5ebjrVZDNEBiVq
                MD5:49D79154FBCF6546DF305E1BF4162E3F
                SHA1:A01FF2C34D5EC892593983B0E973B335E4CAD105
                SHA-256:F6818427B6532182CD879DB31309E9D4E184A6A7E4C484B5BAAF916FFEBF1AB1
                SHA-512:B1AAF2663CAC9ACD497C22C91121D5AE0C4430042D230FACFEC300C45F2EEEE49A3E33686F49B47A6A5D901B9B32DD8CE30BCEF71203D42B6F3D99A725521F09
                Malicious:false
                Preview:..z.e.]aIy.....e..~..x.CQ....H..n...>...z.$.T.6%..!L.QR.......>...W..L]1... ...j(M.K....#N..N..."l.V.p...1=K..2.!.{..$.R.....fO...)>_N~...tB...>...7..l..d...n..Oh...*c........h.|.a[0..P.f.&..LC..##.^0:..l.o&...D.1F.......*.hK>=.m..a.YQ-...ih...a.}Aq^...g`c..)*.H. ....&..+......C..(.(...h..u..p.a*|..j..F..-x.p..g.W.uQm#.h..".R.P.v.._....W...D...............X......3...') %.<\.. ...:......?..xSV.|}+s.?...#.....X4.......=>..VR....>..B.......4^.5...>..'.\.T:.!..4py.P.9...u.:....H.l.......!.VH +F-....L].....B...L......R..pt.zGI-......]..MDv(.=[z....HC.ct.:....0.../F...(....b>..KZi.qLz.'.S.VO.k...+v^./8....o....>V..&.I..T.9..kT6b...z.V..............qf.......IKL.?n.4.GLg.@A#......D..-..fJ.s.....un5.U}Q......!.xh.+....#..b...fZ....Uq@8...P)e........K.{....BR^...Y.=460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\335__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):6.993899274141913
                Encrypted:false
                SSDEEP:24:0WjrIbw88UkqTfFXSb9z+WM1diZmZVZjH0TH9O5Ye+QUiln4V:0Zp8HONibyquVZDNEBiV4V
                MD5:554505D80D4E4A803F907F53FA8321B4
                SHA1:14ACB8B216A63E67B8C6FB7335609FD3D24D1D46
                SHA-256:E9C7A983C1BBF9C36E3EE941AE268CED558EDD15772936BBC3CE76D7E2F93CB9
                SHA-512:556779D4145F346C2A08D33AB6B2E774467CAEA6E410E91D643845513D94843FD1ECBFFA1E2787833B2324212017D171FCF17BE4356D55F3956A8443BEBE14EF
                Malicious:false
                Preview:....E.s.0..ZV...|.o...g...../2.C.S.Z.?1)...K..u.O/(8..<......5i.K.W`....t.V.A...M.n.w..1...G..2`.....PT.y....L.@.2.....%B......T....@JD..Y..8..=vM.qdp....=".x.j....$dj...2.......#r.i9.!.F.L@.pX^!.9.....c...._^>u....% ...#T.....+.md.q.....CF7..+.\/..4.S1J0.8.s.y.3.p.[..2...&y?!I.../..m:E.g.=t.&...)....]W.:R'.G1....w.....a......Z..#|..}`=;....w(...>......8.....|.......h.D{]..#.M...A.U/..U..Yy..a......y. .s."...(.t.......T.&g....3.4..Y.43_.f.....;.j..%m..%.JX..Z..X....E.4).^R.>'. .v....6..../...c...\n.H]`..o...s..d....<8\X..._..Y...Z.D .... f.&2.M'~.][.A/.8.........k&.hW&..z....&...=mH..(5.jW.l..G.T.H0..y.E..t9.C.9-VY.e.....F.....f..G~.ci`.B....'......,.<l6.^.....*EE....-.~460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\336__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.900631118327557
                Encrypted:false
                SSDEEP:24:2oNtQRf4aWAXN9RjzgYEA/V0X8H4ZVZjH0TH9O5Ye+QUiln4V:BiJ/T/oM0VZDNEBiV4V
                MD5:A04B0984EC570E84C9DB5B5D0408EB0A
                SHA1:1D8C7D42A796D841E9C2C6023BB5F2676D24B491
                SHA-256:E62F7CA2DC173811CC25867A01939C02CE97D7ABE507165004A7F0F0A07C4D57
                SHA-512:6090FCEDF0A07EED26BDDDCC04FC4348E0A8121D2714324DF1A6FA111197EB467583675C5DD7DE91B926E7A3595D39DD3EB8B10C448183A5300A1B14F931F9E8
                Malicious:false
                Preview:..........1..W.[...J...Y1..r.&h)..@*.....n#X.{6_.p..=.....'.^'.....V...>..fa+z.dw.nF.g.1..o....U.<...A....,.....[R...>C\<.T.Z@.N...-C.m"...DO......9..m.).w._...7{.......'D.|.C..8:#\.@'6../.g...`|.MIr.D.:...b+.E7.D!.$..k......I[|3.<....c...?.j...u.^..r...F....R.o........W....)....i..n......_..V.<[..|8MxN...s...0nD....M.y.ss.A.-.i....P...8..Kz.R...owD.Es.!..wb.8..[.....u....s...O..@..r...bw>.2.....&..4..........(B..r.....Z..{^.S..!......w.9.}.x^..rz?..I.._.T.];7...q.=%P2.....[E....#...V.R..q..~.......g..}D{........`wi.......!.4V..,....lI....1.....LbW.>....z.E.f.QR..[W........y.m...,.......V.2c..$<..G...v....8..@..^.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\337__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.838724735423441
                Encrypted:false
                SSDEEP:24:lu7RYuGk6gILj0oTne2sFdtLuNMBzFZVZjH0TH9O5Ye+QUiln4V:luNjlpILj7TA4KVZDNEBiV4V
                MD5:FF4F8FE36000019AB7E7AB38161D60E5
                SHA1:7CE00E58C9BE8AEF8436ECB132737B724FC216D6
                SHA-256:1742B8FA70819B3E01A5AEFE8346694A0543EEED6FFB9C85BB3079D2E67694E6
                SHA-512:189B20073FA735F1E2DE18E52C32ADAB57838BF8F9E5682583A290EFDA171965E48B5EECA3EDD4141EA9AC0E54FAD90DBF6C6F77EE60D2A2D5099AD6E81D37B5
                Malicious:false
                Preview:O...~V...<..0UH.b$.(9.X+............w.=T.y5.2....A..y.*q.../.b.99......%.G..\.F.I..b)f....Gm.&0....?.J.8h.%..['.:.B.M.j.aHA..@..w...}....r{..*|...-5$....zW.t@....1;.v..Z.......z.S?..l.pl+.U....".V...md...i.s..v...'...U.U.1l..x4.....M.|fx.h...V/604....v...).....Z/.8.y.c....q...Q"...q...2.0......f.p...;h....c6......;.t..q2..y{3Uz.Ok3.RP...z...@..4o....`..TUQ..Y..........z.+.#..{..si#..a..v^....;.p....?.......N...OlW.....K....{.ih......TF..(.(.....X...E...Y2]z{vh.{u+a.../^@.....c@..!..8......5.S.4.L....k(..Wt.{(.R.=8....O.A`.6.]... ...8..a}......).PL.......iz.F.K..3.Zc#.....{...bY3xa.*{..}...HKu..J.'.h}cJ....3.P....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\338__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.9437637742269045
                Encrypted:false
                SSDEEP:24:jRf4tKWDlbDmjHXgRy6hCisuUzOuZhjZVZjH0TH9O5Ye+QUiln4V:jJiVHRy+CnpVZDNEBiV4V
                MD5:A6B0E66EE2105A25A9BF29938988FF20
                SHA1:BD5B7CFB39175C1ABEC2361A5673883750C5B9E6
                SHA-256:9FC98EEB1E68133391977F65968457717D548B4CAD958626FDE5296EBAD581BC
                SHA-512:8689C8DAD0CCBB9082C240F0873C8FFF841CFB18C7540CDB7CEDAFAF87319537955CAD4132C21E004A54947784C6A94EC3C95386E22193275AB6D6AE9C9F75C1
                Malicious:false
                Preview:..X.;T;.../..J..q..jBz?.......m....~........).\..x<..h.@.v6..yo...h...W.m.G...P.Y..`.Te|...K..9..rm.12].S.UR.m.U.&.FEA..u^<....pC.o.2...z...Q.....m.V...z.5r.5..7@..j...I...<....:W.@.....\.......G...z..s.bd..:.L.n*.c;.......c...v.....N.....a.2?60.dJB._$..**qb......n.T..q........`....O0.*....Y+.}.]e...>!d.5#LA.C}..N.".1..1..b..o..s.;....L.a...$y.......e..t..........b..@,..2e*...b@|sgm...mDv...l.V\.P'H.=...4....u.C..M...).S~.`....+....k.3..a.......p.m;.XO`.D..>..>..-..i(B.....P.w......F.E....)ZS....U..d.NH..r..u R.........%.r.x..^..q...7..h1.........lekR..e.....yg.T.. `...`...\.:e...1..B&.0J...V....r.ggJ5..1..L1.0a...be9J_W.Y.Yhs..9.Q.A...zq.523...J..S.8.....O.L..........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\339__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.870999389135187
                Encrypted:false
                SSDEEP:24:dg4aFjYfq83wjBzvYYq2186ZVZjH0TH9O5Ye+QUiln4V:dgJpiqKwVvYYq4VZDNEBiV4V
                MD5:6C053EECC496698F4187FDDD3B2F3B34
                SHA1:7487CFA06C661C54261E63D602D3DCC442AC0454
                SHA-256:B752C1E6F5503E26B380786DEA665A3546B2584B64125550B0903CD26CFC1EB8
                SHA-512:D5DED9573A5E595E1AF49B725F7C00BF0094BA2DA88DE07DC94D6A6A850C42E19B71502CF6FEF34582BD72ACFB91F6508BAC8E187B7BCE4466EBF63D9CFBE676
                Malicious:false
                Preview:...G."/~.{/......5...".....:.....l.%..u....<..$M@.8....p0n).3...S..{.Z...l....:..5....2....P.o.T);...7)..z....7..&\$L.....V...ku....y.OL.....F2z..V^.8.\.e%..Y........].M.d68;OQ..o.C.........Y.C.-.U....._...Z.......q.hT.%....a..f.Z......2._...u.)....T.w|...|/V...K >.:....'......Bn.D`v.;.UM@...6^yr..=..{.....j*.....G.Q.>..w.~...3".#.U3Vs...f*6U.iY.M..!..L......6.5;"3......8....G.=....B./"O...b...o.!..d....2*..g..(.;.....^Q&.f.#p2...m.m.XO..a...kI._...z...."..'p...lk.t.5/1.W.... ..I.Zl.ud'6.g(:.@..`W...8".m.e..SV..%.P...<1......f....$.".-%.:U...g0|...L......j.5./&..y..$....w..,3.'.f....+.....P...z.4........=.M......x.!.l.=460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\33__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1251
                Entropy (8bit):6.999277317181203
                Encrypted:false
                SSDEEP:24:G3EBUU++iG/je0b6d/Y7xVNlqPXmnZVZjH0TH9O5Ye+QUiln4V:G3EniG/8eVNkOZVZDNEBiV4V
                MD5:E4B1A03D061B04C723CE60E370110885
                SHA1:98AFBCD8C3CF046BA20795B495C297482DCCC464
                SHA-256:BE044D7E671D4BC9A18588FE41521BF497AA61BC5B5889F465D729A8EB882C06
                SHA-512:0AB4851A1CBDD502E6A059FF5FC71F08958E5FADC40B9BD32EFD495238FB8B7C0AEAD76CF245D5100D25C2EBCFFD73C22E881B7EB68B744743EE9941E0C67DF8
                Malicious:false
                Preview:M...%..t.%./AF.........b.}.3.c.l.h:ma0....b..2..$.....b>.rm!.A....(.....x9n.M.e....Z...............vA...Rww4..Eo.,`x..g.v@.V.N...$..j.X=s....*.E..<..&.:.rG...z.2.....B.U.'...3.....t[Z.."4.\*..NDF.eiAn...n..z.^.(..-...C.v...n.p...K..{$.Cz.I.Tr.&..1>.o.....rB....W..u.......i. ....=.z.m1....#..,.....mT....*...k...........[..9.*...g..!..s..@H~..57Z...a3.5.%.C............"Cg...y....X.R..qHA../........S7.&V..kw.E..bM;.I_..W..1..y..`#D..6.x.(1a}....Q..L.H3.*......N$|..k..X....&.R....-3h..T/..NF\.'..\.b........:O&......r.n......sM+)s......e...3..WfF....].~........*..8........d..V.<...H...4.Q .^.QQw.N..,.h..x......b.$@.n.=c.?.}<$.....?...p...^...M.=...P.9sJ.}..k.^4..w..f..;.7..o.N.\.../.......SF460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\340__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:COM executable for DOS
                Category:dropped
                Size (bytes):1267
                Entropy (8bit):7.0096999879876725
                Encrypted:false
                SSDEEP:24:yIAhZzsMTHUkgU43coIKuWbIFOeZVZjH0TH9O5Ye+QUiln4V:yIAFsgHUrh37Ib5FNVZDNEBiV4V
                MD5:AA6C2F46D8C0948C399E2D9B620B1D99
                SHA1:B60146A616BF73C41BA6C928C5B136AFB82395BF
                SHA-256:3A9187E36018AB04274B81385594BE20ABA23BC7A5A1C94A45CCACD99C9102CE
                SHA-512:171C5688424D85483C2EA686AF8F663691A71B2B2A1940D12FB67BC3F53652E798217F95E1BA6135B83A0200D83C9A1BFB0E76831F00FBDE898D5DFFB9CA8265
                Malicious:false
                Preview:.).p.....Y....85~[.2...}r.i..,_..u.@....q5..,...Q.h%...RK.[.k...1.......c..Q.HN.q..@........]..;...|..g..W!...<..v..0r....sO~..8......1.H5P...ys..`L.j.*.cq..I*~.f.H..x..g.X..+..*R...y..7.x/q&espX.Ue$..uW.&{4bO.Z.....3W...$.4..}..qx.k.h...*...DA..7.F.i4j....2...8....s$&Lj(#....m. ...n........Q.x.....S.,.L'.. ....m.%.#.5..T....a...!....\.7..$..bsji.~ .y*(...R....M..^.......b..(.Al........jm.?.K..:U....%7[.....E....g.R...;..c..m.4...-U..2..&u.1...)...E<..j.z.M`...).UL-..#.`r'....g.O....[!l.9fg.U_...q....I.b..".0 W.-.wQ...Y..7]4.sJ.........lVw.k...zq].R(`.<..[S/..])gZr.@R.....f.-@p.rX...]3.......&-..@..!8.O!.4.lu.vd.gA..l.dU...X..)...+sBCF.T.......h6...q!.V..X.j..YB..K..1.!.:..?J".w..&....'e..l=W..#)Su`}Y....5.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\341__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1665
                Entropy (8bit):7.3566158893021605
                Encrypted:false
                SSDEEP:24:CRR/T/TURX3RARUhC9y6Zr6PA+Jjnrl6+bUBV8PiQy3c2dcbnsFe38ZVZjH0TH9d:rRX3RxhnIMUBV6e3mbn0+AVZDNEBiV4V
                MD5:7C97EEDA8FF4E48371239B266DF72370
                SHA1:710842455E4C05DF955D234513D6C1015AB4347E
                SHA-256:968093B6DD17FAC0E3D57B9A1C49A7FCCEE4D035FCF19D488CC033B2102AE912
                SHA-512:AC664FAD8CA564C92ACB28435C1FDC5AC760CB27BBC64A870894C9404C9FCD118EB1F57B3DF1220D15D21D81F8686EDB68C37CE3251A8BA10CE69C99CBEAFE0C
                Malicious:false
                Preview:........h..+5lo..dX}................%t_q...O......Fz(}7........j...;,1N+4..........62./ .w].V~.....t.yv.$.i.s..8..Qyo..."......&WK...U).=..4....Xs...!.(.P`..0P.'-v.....P..@.....Y...n.@?.!..}.K.i{.jq~..CTSk..."*#4s..E+...0.M..r..C.>..].xf..x.....V.._. +,|./..k.8..g...=On.....q...mv.....N.....&....'.g..'.C.Z......`..[.2 .....uB..!Zv....8~-Q*....2.V......9..'sXW).*%....c.l.....H..1..\uj.4 .<'=.K....n..Qc9.....`1..>.........[d.5.... .d_{......".0|.q.......,........$L........X...m-.8..<@..w...vyx.6..>+%.....-...XH...Q..:.z....3...{..)...-.6...{...X.qT2!..@. ..]*..V....Y.....".u..m&...2b%.P.a}m6.$.).&. /Q,.x.......&...f...At....,.*..0..+3..#....{.DN+..&...=.F.#..$|...Y.}N.&...!\{..x&.c...@2....OE].S......._f?.X.?._]..Vwe>6.w.Y{.#..t....NP.#........24,.N..u..*.J?v...a..B......F.F.x.h......0:.<a..K.R.t..l^.U..<.jO........fE.S...i.I../K*.'3.y........Z{(`....v...!..(..n.../.Dx.*...w.Q.%....9.9.>......0.A....9.. E...'n.z..ijV...D....q@...r.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\342__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1356
                Entropy (8bit):7.124825910054472
                Encrypted:false
                SSDEEP:24:KLJ2LyjKsJsUGE1zL99palrD8p+aldhFxWRDtNVbZVZjH0TH9O5Ye+QUiln4V:eMynFJ9pKkZ4RvVZDNEBiV4V
                MD5:5A3D71BA1B53B03EF4776963E998A955
                SHA1:9AE470301A076339786A71B0EA458E35965BCF12
                SHA-256:8F58119207327DE09BCD367E08ACD08CB82D5A583F815058864EC3F67D25B855
                SHA-512:70D5824B1B4580AA2E6054E12864866D703156E22656B2C7C159C491C147D20B77339246DB4BDBF5375B69ACE126EFA25716015054F511C8EC346618BFDB650D
                Malicious:false
                Preview:us)..V0....[d......?...d....<....X...7S.....{...b.YX......]..{.f....:..;....n>L..#8.....`=q...hi.9...U..M.<E-XG...4...2&.$.G..&i.=.X2.-d.......S..U...MYLR..6'v....Q...w..i)..xv.......hV(....,...4..z..g....%l(.Ji....g.[.J.`.~..xQdm.c....i....Z.v.]...k..[..&Az.U......@|..)h...M..-.wq...l5@..L.v..?..7.y^.V)M...kE....9.g.....%G..M..)&..A.4@.A1.3...Ybs.g25...S........w...(Y.}....nW.jiIt.H2F..y...!..Z..j...w>(u.s.#C..\...*.W..3.p?...<X...ho..c...MA.....0.m0.+...]......r@.....8.g>.+..%G..(M3..=..d.f-...\.VX.'.8P.....^1*..'L..[. }E..j...t....T T...z.......#-..|J+N$..*B...XY9.s/......$h.v!V..8.Vf..>....~2[<...p..j.K...9.....q.......k.J...4sM....&4 "B.X....N.....z?..e...&.a.m.<...8.4...y3....23..w...F..).X...1h...Z:.MZ.._.........{VO..*.F.@xl....L..Q....,...U.*!.1{.h;td,O.}x.f...y......O{`460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d915

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\343__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1166
                Entropy (8bit):6.885130634499519
                Encrypted:false
                SSDEEP:24:RHtRsgoWCSa7SRsEPzL1vA7JhFM/bZVZjH0TH9O5Ye+QUiln4V:FgiPnL1y3YVZDNEBiV4V
                MD5:259BBEF889FC22F4E7FD0802DB2269D8
                SHA1:A4120CDD54CE526C16BA5C7C27A0699CD476B83E
                SHA-256:DE2B15756DC5FF13D2B97F5E3C83F240AE4BFB9CB1B05ED6C215CB248570AD26
                SHA-512:1449E5FCF49F93594457D95CE733E0B18A61FBFA5AD81B8A2C552EF7E98454F8A7F95E6D7AB67CF652B7D16F61BAC2DCB81E7091AE3726355015DA7A66E3559A
                Malicious:false
                Preview:....d...........[..}.:3.....a[........\N5..lR...J.......@.....P.n..2.~1.!...~...L...>...u..z#.{.=.=..z}..-....1.@......]..t...."q-6..*.8(....e....kS..B...S9.......f..`....!U. SU.od..(G.X.u...R..z.Bli..T...Z}...;..).nw?..m..a.T..y...[.%..L...R.*..m........j....A.d{..g....k..!B8..jT..nf_#....V.mE..e.6.s..~$(...|....p..uA...D$.i...v....>o..o..D...G.D......D....a.l...M8.1E..h5#L..u.......u" ...].]_.]I..zD/*@..K....Bo..3.L.z.t.e....'-.U....2....~..*c.g.F.m.!.*..U4..h...!,4. .s..F..#.....0..#..N..#.J...3.$8.c.k.._4X6V......Z.R.P..D-.P...i....C@.....Xg.fgn.....W...9.`...7..."($l.Q.x..,.y..*.R|......&.B.--R..D.......^....?.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfb

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\344__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:Tower32/600/400 68020 object
                Category:dropped
                Size (bytes):1174
                Entropy (8bit):6.922895379002459
                Encrypted:false
                SSDEEP:24:7Vr7atbFyyGk9gOSQKGngG2Vq9yJbeENCqQZVZjH0TH9O5Ye+QUiln4V:757aTy09g0KggBGcFIVZDNEBiV4V
                MD5:02A1DF23EDD9D2A2F2CCC46F5B47A828
                SHA1:F2AA3717241D62ADE08C0A863ECF6DB5B3F1C962
                SHA-256:C3E0664474BDD2664FB09FF52766C79C54A87427F96DB286881CD535218AB0A5
                SHA-512:8A46AA33C32D329F821BC0F878F9C98EAA7F694EF900EBFD1104EE5CA6FC3D63F68389CF369F14AA05AC0E7ADD2087AE7333CF9841BA4119C4516554CE03F3B2
                Malicious:false
                Preview:.......e...b.../.Z......vIg.h+[..S*..>.a5.dQ.p&.p.@......NVjwK.....2..v.C'a..!.b...H]Nn..B.u...+..XVx.k...}L.ZO...Q...O.~............YR...M.$.'....D...2F*Z....XI...."b...G..V.Y...A..*..n..... \....&.K.p...O.A.%$C.|."........i..i..Ce.lK...L.....}....3..t.o.....s.L..B/P(. .3u....M.X.\.&..xA........i'......N..R.)...[C+]eT....v.w.s.e...0....*..Kz.....xo.."...#...XP...O........`.v...`.G3..........{.M.5.."8..k..{.......Tm....5............V...{.3..u.F;...&..0..C.hL..x.8R...bhZ...g..z.TF........s.T..a........l...?.s....Vu.x.6.T.;..._L..=.....AY.y.8.he}.U.@.{.BC..[.8...~../H+Q......<B...3t..ju.@.....0.\.l....F......G..~..TlN+.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\345__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1016
                Entropy (8bit):6.649276725592477
                Encrypted:false
                SSDEEP:24:hlROjtBG9+lvow4LwzZoZVZjH0TH9O5Ye+QUiln4V:hTcG9CMUlkVZDNEBiV4V
                MD5:48F9F673072B5E8461AE47181B970B36
                SHA1:43ABFD7F4AA2353A56523CD266942A2D76E80042
                SHA-256:9A8C45F92EB900E6291E1558D57594840DEDE426B860389DDB3745037F8DBCF7
                SHA-512:1948135E1B62566741B84423EEB8F79CC98E5A01BE289B3D11650861EA568AC320FE01C46891067D07148A6A8FDCC97DBD3B9E04EF655D31E9CEE576CF4C737F
                Malicious:false
                Preview:P.:.Ua.-3....3$6..9..?.....,....~D.4a.....t.....w[;z&8.P...........<~.g.}..E.F...]9U...r.T.J..HZ...iN..n..Wi%P..J.".c.......bl.d.......wD.R.2.....?{.........d....A.XLd.=.n..v...1.."x gr@....Vpy..$.....z...m..j.s.A.}n%xk..x...G.O(;.4...O.BkS..>..Z*u ..-..,..h{N.../.A_.P...I.....l.i....Q$..=..$.\.'.Y.3..J.H.;..^g..d...__P.6..`.^..B"..O.4.b.......$.....I.o#.........^k..O.6.....[.2#.N.l.}......i.....&.nZ|.Jc.j..Uq.&...o...KG2M....'g .V@.)...Z...........y..s..#...W.....R.J...jx{460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\346__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1246
                Entropy (8bit):7.008631912326164
                Encrypted:false
                SSDEEP:24:UAlgjXH9k4IHk6OanU6RkjYDoEZVZjH0TH9O5Ye+QUiln4V:wXdkusU4kjYHVZDNEBiV4V
                MD5:5E14C83C959C0657BD711B4A573DB1E1
                SHA1:A99F7CAD7E34EC67DA582F04229DBE629612669D
                SHA-256:48570FE117CC26B59A77CD116162E0E3478E6166232771DC650C1A9CC9C968D3
                SHA-512:D33019A52B5006DA9C36246BC5D9651FC16455585378CE732BDA9E99E8FAAA390D073422124D2F125E901D4CACE9AECAED00F5A195E27152DFAFB0BCE279AA74
                Malicious:false
                Preview:_T#.1R.!.oX.t.m...^s...5m..M.|..K....1....opgx..(...."........E..P....e.CD..[.8%.../....w,...g.......2u.].N.M..`@9!......2.h.Hs...+....t...xA.Z..=.ts...U.>Q.A...F...<}.o..2...s..7.&.....(..W.....T...3T.)o....5`+^...-q.N:j.r ..{..R...lP5.<..~J.tI2...{..".d.g.....:6.s.dQ..+..+..Z... .t.....\s.*cz.nJO.yu'.PpE./M%a.-(.7..q.....-~lv..I..v.A....*?.-....q,}..9.......}..V.%...aWj.e.B.g....}eI.......m.dq....Oj...&...R.....#JX....'@x..`.u....V.:-.KyA.Q.79.*..vM..<..i.....N....I.....p.....7.bJ..........D..a....a. ..\!`S-..u..u.c.+.1...6.R7.%...gLN..+.`2...w..\...B....f....q.....P.... L.+..WLc+..x|.-q]y.....r~V..?s....}.1W<..=.UT...a.........r(...&..8..........B......#...|.Pu..(.....N..-.e0.|..h....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\347__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1218
                Entropy (8bit):6.957526228242326
                Encrypted:false
                SSDEEP:24:AH6SEEJI9cRb6Oot47IMus1tbnnHw84XXuWXSX6UUbZVZjH0TH9O5Ye+QUiln4V:AH6WBRb6Oot4LTtbn0NvUAVZDNEBiV4V
                MD5:F3914862B9D2BDDE953ED14F2D5BFAB6
                SHA1:2CE3D576B890895CC80920D2E26B484CADF25731
                SHA-256:AD98966513CC3987BFD003A8C15626559CA806DC4E97268CDD85D185CA2D25E7
                SHA-512:4331DCF32EF500D47C0422E1D4EE4EA706DFEB194D144345B8FFE40FE4A645F4A4B85F67A01FE6D5D7B56477B993B29EF05BD99A09E816ED94EB9B805942243F
                Malicious:false
                Preview:..@..9q..z....[.UeB.G..)..E.Y.}X~w.s_.0......../...(.5..L..V'.<.........k......r.g...p..h[*?.N....-.-..%.HV...H..5_[.........A.[..x...Y..Q.R.W..^/jWU..Sp...?..`.y.E..y.C1O..Z.D........n}....v.f..R.....3..~yI.yJ....u..opS!...5...f4..>.....u?....*8...&M...P..p8h.S.g..m....).K..XE.7x^G.\....N...;....p.{......L...p.N.....^:..._.......}...:_...FL.......#1U..I...n..M.u..)...m..6..E..*..+{Sq+..0$m.1C.;1......0..Ae..k....p.......r..u...yb<%S..P..)'.9H....u...0...<..7....3.z.J.H'..0.DG..a..g....d..S Y.y..-.2..W......'...z..H......;..=......>2om.v......r.jC......X.Z.I.J.3.%7....>._.iY...lf.L.6..........,7..4.?f.^+.:y%Z..T...K.d....n.b.5.W]....[.f.n.CcC.."5bJr....?...)......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\348__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):6.976249383288215
                Encrypted:false
                SSDEEP:24:EFgSv5hBe2/YRNHQl+4CeQX9WN9EgFe1qshbsyMEAZVZjH0TH9O5Ye+QUiln4V:YgWvHwHdwfEg48wIy6VZDNEBiV4V
                MD5:CFE8B4C09CB3CD474C471D32F38CA016
                SHA1:C41CCFC9439AD6C48CFBC62D1CAE209272D0D118
                SHA-256:D023144853C7DE383731C594B8D2A54A63A46C05B9B93E069921210726F783E3
                SHA-512:111B0FD760D4787D8C37A20C6899D16CC819AE9635805EF5FE2E06CBFF908B747ADF876567789672DCA4AC78FCFC4437C83BB30488FC6D82F204A17D770AF049
                Malicious:false
                Preview:..r.4x..x.Bc\.ZFN.g..u..........4..k..@.\.........y...Y!.....:)..e..!...IH.v.a........g/.0.. A...S.....!..K|.8F.g.1q%.....H...toDTDI`.Gc...32.C.f./j...(...C.p..o.........)QRa%.n...3u...'.K."vPI.7...H.U$..{:.y.4+.^.4h..|....P^.Y...v.@o.q~.Lx....if.+J..{.C9s..$.~..n#..W..a...x.C.'.....I2......b..k...<`3...?qq!k.}.07...}...$..f...P5..'dO.K./.LC5.,<\\.f....<.$.....H....$.(..>.xg'.......n....\..0ZA........Z?..}...\...,..b7...Q....F.<}rb.P....9...V....bF.6.....$.p..>kW.i.Ns....N......3wqN.,.K..=Q.ql..p... A...O.L..V1......n"....<`.l.....F.&.:i..d@.4.6....K_..2d..IZ./pO..vO.s............l7..^.n....%T...~.>.....Iz5...h...?..-.......c...9"..G.5z=F&o....H.~*.&>.j&..eh.E..+.i..X...X>1HK..3.zJIt.c.1....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\349__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1220
                Entropy (8bit):6.983238420230967
                Encrypted:false
                SSDEEP:24:77r2x0stHDhHqIXKHJqr/JmC4Mehi9ddm4kHZVZjH0TH9O5Ye+QUiln4V:Hr2xhHZkJu8ueAddxk5VZDNEBiV4V
                MD5:C708993777E857B152D17FD5A8AF6FA3
                SHA1:038AAD1DCFEB4DC45479256F92D28890BEFB2AF4
                SHA-256:2C034C1E410500C214EB773F3C31B59B92CD1B53EC805D23E34A9AFD25771BF7
                SHA-512:B5F6E48165D77A22D7C12641A328019091EEAAB0E8C10D7F4685779C6C410A199C5798C58C1F036E3D3D4587E16379A702335020C28C4D3A6888711A30897F76
                Malicious:false
                Preview:.F...<....L..$>.Y2-...F}.w...y...O..Q,.Yp>.."%%.m.K..v...u..M..^..Zj~...W..)S.6......T.] Mf|...x..M|J....j...Q,..2.4.....R...#.v#.^B.[.*...b6....@.1Zu....Ot.{./E.,.V/%*.....Y.....xa..A.Xn....S.....`s.f...;0..O......?I.H..P..~..6.nDG[.=9i....L.)X.$....I...}...P.e......-...%7.$.'.g..'.y>....*.....>.P,+}...........Z.....j.......DI....:K..3L.u......&.g..oJ.....m.....3..~...I.....`.=$.r....Sm......JQ9...64.=...\].....u~.6.m.hNn9...l.....Z.]..%.;.?r.7R....MUCXx!.2.....L.Z.P.|.(J...d..Y7. ..i.M....%s..a.7..g2l....wr3...9..t..p.Q....-P..~;.Lc.h....{......@..f...i)z.......!.......h...a.._.4.l....|Qk'....m.@....ns...1t.9=.1........[.X1N.zp.9....!.k..i..p(..... ]..U.]DpA}}..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f1

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\34__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):7.035623471707298
                Encrypted:false
                SSDEEP:24:a6zit0ZzOjU71CVtI+8Mthj3YysqSPITZVZjH0TH9O5Ye+QUiln4V:aeit0f16t3YytScVZDNEBiV4V
                MD5:3F71BA1022F8FE1D3639FA1D4B516D22
                SHA1:82C4761A91305A08813B4BF6321836F48C2C1CC2
                SHA-256:812F2491AE792CDE248245AF6E19308F017514B1015E9A32C27066AE4A38D5D7
                SHA-512:7D858E1018A5F3B8931260C4E22F9B4EA42A0FF62361EA720EC1E9EEE4AED8CC238594A703E24DAF03EC910898D46AA6E99B6A40E979631E089536C97F0BF0AF
                Malicious:false
                Preview:.c&...R|...=r.......A...f.J/P."..4" m`...*..3.O..w.M..%...............Ag>.Wx...@....)z..`..If.BAm.<vn<.N...........L^?.k.*B@....#....X...*.....o18V.^.......F.4.Y F%....&...Zs..n.."...h\.C..7..g..o..pd...A.A...w.....Ww ...&v..^..N.iw.P.t.m...........Z.'.`..mM._...2#...@>....A.....K`......c.s_:o...D...dw.;$d...H...R..I.\K'.....<....g.[.tm6,m.}.cOk...y........w.2.,....r2.&.jVA(....<...D.y..$.B..`..{<.z.c..:P..I..`..g....H.:..e..."..u...Sy...lH..f....o9.rd!E........@.. .n.../h....hV.p....?.....2...E(......t]....1.0N.......?..Z#nw[ilE..h..N.\.|....I.Y.....K.......r!...Kw....-{....}..I.j....u..+...xV..1...R].5..m..........x...>...k..Eb..0P...h|F..G...w. k<......w.M....'460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\350__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.992707326141297
                Encrypted:false
                SSDEEP:24:ChZBnimTYEd0uugAG7o3f23GaMmI28pZVZjH0TH9O5Ye+QUiln4V:ChriHBjgANPOGawnVZDNEBiV4V
                MD5:B1A983F06CA9C50A918CD8A8F185A287
                SHA1:5CB75B9F27A7F9AA5359B00A2C4B06D9B6A329D2
                SHA-256:BF891B60CF3EEB64BA3384D57E09F004C48DA80E8002134116F3ED69E5B07A1E
                SHA-512:F314960A9E469C69BE6F2A6A22375380D806813B25BE29E3C476E5C913FE9BCC15A7EC813FDFCA8C1CDDC9D3A6F94A61BA99AD408609DE926EF22B70A6DB6CFE
                Malicious:false
                Preview:..........5......9P.......+`......a....N...,..}.o..;.~..KT...r..q<.'..;..n[..f.6g.y..$t......p....... >.... R@B...76.'.~g.......p||z.P.dd....*.......#.........w.z.e:=W=..8..o...U.:N..z?W....'=.....F......D".........2;p..W.P...*."./...jT].....M.:...}......bpE.H...E4.K..<U6.+..o4G..g..w.d.0.y.kT.7..1...a..8.#.m...Q......&'.f.V...v..U.Y...B.6.W.Y-..W..."..].t..!.....5..q.F.9P.vN...X.......t...g.|./...M6..)..5.{.=..h.......r.hn.!M5B..O..2.@..E.i`....RR].....I...H.F...[..y...>...I.-,..3O .. .\..t.`w ....p.Y.y....-....D.....+.i..$/.}...n...N..". )\.......7.9...Q.....N`.__..&./O............=...qi.qx....8Y../.e..z..D.Z@......!r...S[RX....(...k.~.s.U..[.O......U..V.0...0..F..l....yeE.5..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\351__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1216
                Entropy (8bit):6.933731467249952
                Encrypted:false
                SSDEEP:24:CNroooYAZICYzMCqxpvfPxUWdfAU0d3yyZVZjH0TH9O5Ye+QUiln4V:2SiMDvflAVZDNEBiV4V
                MD5:E9B5ED0DE7568789D7ED9577C2335619
                SHA1:139B9861AC553DD0000D1957131545E959125FE2
                SHA-256:DC22D77386BEFBDE7B3E7E46D9F4CB2F65292915BCE35A90577CF674C0A3C1E8
                SHA-512:1C22DD22BBF38492F1F11BE5F950EB483CBA937A10843A0ABCA64C374A1507798C491CEB4ADDF21DF7013A3A89303B718575278C2B87305BA67E2B65AAA463E0
                Malicious:false
                Preview:....^...r.!....IX..Z.7..^.8..>..H.s..p}.......L.....Z7.....a..Y...o4....[.s..h...8.....4.S.c...7g=.}..{.C.?.(J3(v..,6>..&....=.*.:..>..C./Yx.O9.c..Gy...i<E...U7...b....9.....z.d.%>.m.....h(.^ )4....*.#.A.............CX.?....x.....D.Kg&#.`.....+$.V.....(m.:ol4'.g...<'&+.V.1k...t...d.jM.%....d....y..|%;.wO.k.og...T.IL.^.HL..H....x0<....d.|]....D.....Y........\...MW3&...;_..c../.[\J..-s4_m.?.&...C>..C...+j...0Z'._.Ty.C;.M....G....Z...'...j.....O..5.....I......HPd..........0...P..`...a..$x...4[.+....=.FH....K.OZ.......$.m)..fD.......2...A.U#}.j....p..a.U{.8!#N.&Ok"...:...G>!.A..=YY.s........M....k{.9.O/).\..).rpf.1A$.......@...5X..'.Z....|.>1k.ksb........2[H460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\352__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.7509859788368
                Encrypted:false
                SSDEEP:24:O2sNvgnO2CfYk/2QsKKV3+HGR+CXZVZjH0TH9O5Ye+QUiln4V:mBgnNCGrVV36qPJVZDNEBiV4V
                MD5:8F82AA2B5B0E83567418C829624E7887
                SHA1:985E3FB76F9C563A7131989A275D92A81ED79907
                SHA-256:00A8C629872CEF88FDE0276CED1F3E84DE25ECABE294EC360BD3F4E9F59AD30E
                SHA-512:3EADF20F5C818B644EAF9262C373A1A2C50A80B50B446A27079393E5F6D2125071FE5B36486A8AB33F1D4FA110421C07753B487EE1D637E19ED2E33B4BF6EAED
                Malicious:false
                Preview:8.nj...'...Q".X_.....;..../0.j(.16.1*...=....!.+.Jx...Q.....f.s:...y.......%..u..L..3...f....()h.....{,...-....R4a...5.D..?y.Q..y...8..D.o....).{D..}.ur.u.. ."...F.....-0..7.]....i..iy.....Y.0.2s.(R<Me,.:......V|.>.u.....E<...A.d..~z..1LB`K.^..!.{y.@k.PH...\}%..<f.}..."m[)R.....@B....#..Y2...4.4..?.4..4.$V..f..Us.......w.r9..!.i,.5F.I.E.l.q.......&.......h&H7Gb.=.G..U.0.=k..;....S.$.. ..{-.......K<......K.B...._....e...X}.*..^...)K.q'..K.}d..w.l}..W..P..I..).....'.../.m......{j.^@../|....I W..H..........[..Y..@\..a....\8s._.w.......*.FU^.v..Q.9be..3p.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\353__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.6889811282368585
                Encrypted:false
                SSDEEP:24:L/aPfSkmLhL4abGs+il5TsZVZjH0TH9O5Ye+QUiln4V:m3SkGFrbGs+e5TwVZDNEBiV4V
                MD5:F1B202B528211C150117013AE1280286
                SHA1:9753041270F526DB58522DA18567F372A800B0E6
                SHA-256:923F559B5156F06253BB5BF2C23CED88D6EFC0BDF10FEF7E01A463430F147DCF
                SHA-512:AE42FD0F79C5D88229F55F8D7947F2AA649BF4DCC86DC9DF26511411C453EE3CCF03B45E0275A5C023130F2CF4967A8FF553300B5BC2DD6FA1CEAF37F78FA74A
                Malicious:false
                Preview:..... `....N......P3...+...>?...pK........\.....T(...{q...s..S.)M.. ..n...nX.?.l.DsE...}...Ws......./..$#.c.x.k~..~L.|.........T..#.nn..q....p3`...a1.....M.Vn..{.q.<...[..'.oMZr.G3..O...W.T.m....)...X..sgv;..lEt.).{xP...pu...M_.L.....t...$l.....K..9..;.v-.x[.1q._....0.n.`....JX....|.B/....YS.E.BE..qPc...\X.....N6..Z......G..p..s- .yqn..b.(3 ......Wx.....!.......Z.....WNm...`.59;.....93....N......G]3^....z[S.TA.8Z...H.D.eb..Q\..1......w.~...x.U.B@S....D..e.2Nq3#.S&...!z.Q.uU...G.G.L.CY4....6.+ 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\354__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.465080495902596
                Encrypted:false
                SSDEEP:24:nL6hR5gIPsQetNcZrC6EZVZjH0TH9O5Ye+QUiln4V:Lg57nCcZrhYVZDNEBiV4V
                MD5:43F21E980DC14EAC7EF5B47D3AC1B84B
                SHA1:ACAB356DC3EDD925C922042E6E77036B18451C9D
                SHA-256:1A9729242ECEFCBA1766DDC9BAC4E1E33DCF4F2684BDFDB692735ED345AF9A7D
                SHA-512:6192B0BD07FA38A1633F1977C91DDB82F0143AC2906A8E723B9D3E38638D1DACDCD874DF59B2A90F549ED92D064A23DF4D954FDF8099F5AFEC0108BEEC9111B9
                Malicious:false
                Preview:; r.b...l.sZ-)D..K..P.Yb.k. .C.......P....;...m.......R.<....+\.K......s.`..).8.....m....t?.H(..l...h{. ...Y..*]/w."..3cC.X..F...C..Vl..g.?}........0.*K*....X...@...b.q%.6.)...j.h...?.E...:.J.V.2....MA....Tn|."7/.h....x..B*)..F...Y.L.1D[r.B d.v.....6p.Y.\.|5>..D[........rI.L..y.z...U..)e..?.j..o......Y...w|!.O".#m...'57.k-..K..y......uq....f.bW..~...X9...E...f..eDJ....^/gzhG.{../...:.6%-.).j.....`5..\...5......f..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\355__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.946532417540235
                Encrypted:false
                SSDEEP:24:BCQV5e1Bj3867dvhGyXbJGwK8L4s0hPVq8ZVZjH0TH9O5Ye+QUiln4V:BCQSDj38Qdvh5bJGTq0hPtVZDNEBiV4V
                MD5:B0FD6EE990FABDB48EBE19BC297271F4
                SHA1:843273E3026E75ADF94C8302F8524F9AEA5925E7
                SHA-256:302D41EEEAE95C2370DC40146CCCE58C311F9FB91345CA96B4B4C2A87CC3E14D
                SHA-512:EAA8795ADFD90718864590DE98FE536D70A39C1D184E46BB4291E7EEE5DDEAD3AF2BD09FE83D19086542B1AAABE32515D7E90829B2D37793350FA9C79300F3A4
                Malicious:false
                Preview:64..R.\.w.....l..S...>QZ...dw..."4....N...[Q?...../..3l.......pC..R.d..B...D..Xc..M0h..3q?...eL..w...'.{....C..w.E.l 1.s..X....~...@...U...J;....k.gM....X....(8...5..t`....&.r`..{z..yvp.t"......l..1>.\b..`l......tW}.Z....?$..7Scv.P..[.K..>.!qoP...g.rm...NlH<.S.s..R..$Xf.o.I+Q%"y.V.$.?..$.o.....Q.......l.W0..#2enu.......N`.......DV...B.....>...-....*b...M....<......]r^1)..,f7$'.Z.6%v.{..P..ef....q.2.'...3....=......ag.p[.B....:.x...D.>.a..0.......)..,.7s?.pZ.)Z]..Ld..........:.%...$.x.....pZ.)......U_.....o.X%..)dex..........(AP..>...?.W.!..._..7.yl*"...#..Wi.Nh\..c..>.0..4.._yh..9.`...E>l..0t!U...Y7..p.0...\.JkU.-$......2#..XytC.6D:D.p.(.....XJo..4".uf...Xe.1..E460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\356__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1656
                Entropy (8bit):7.349663227563474
                Encrypted:false
                SSDEEP:48:mFCcN7l8Ib7xe6d0G0rMSFbrO6foVZDNEBiV4V:uKIz0r/+eBiV4V
                MD5:8BB52CA75D0E670DCFA031EB1E45BB7A
                SHA1:6E155DCFD3A027A2A1FC895655E96E4182A62E33
                SHA-256:C0EE908201E45258859C0082E113988148265A388784535761E8EE5ABBB6C726
                SHA-512:CFA7154D66C7ED80D458730E59701AF6AC765A59E65663FC3ADE3800508F32E697B65EB494EB9D111174E52B821FBE526CADEC5ECD3A311D4321D8330D1ED849
                Malicious:false
                Preview:.L..V3.(.%...t...o8....X.g=f...f..'.K..D..I.....~@jCfK.t.AhJK........eq...[?J..s.......!O..|....d'.2v.NO..:...rrJ9....m>..i.$*....M*.....8.[..sI.......8.{R...o..|S.[.:...`..R.E...|...P.I....f.......{...D.o~..g....C....!.q.&E...*....t.UT.\.:...:e\...AN}.....-b..c..7(.G]l|..[.\OZ.K..4..2.d-:...R..S[.pt..Q?...U.......|O.&3........7*.Q\?q..5....!..?.. ..YD.. ..[7I....[fG&A|D#...^L.....E.'.......'....i...7....l...(G~."...z..6....{.1.j...;..(0E..b.."J.F......~w.Oi.....5.....Z`v.6.g........W......AE....n...........Ov"..G_....*..+..#...........s.._I2./..f..{S...M.W..d..f.E~u..".DL.WG<,g.V.....}R...^....M.,.w...Q..M{.|..S....E.....I.m....>D.-KO.2.9.Z...Yo.........Aq....9m0.Gl..J.......Rb..|c.@bHK.......Z.5..@'.....O.\..Avp..u.).EI0.!....=aQ.f}d*...o..K|+..F.... 2m.w.!...S?..r'.+.l...l......<..L....-...K.E.M.I/...`wp..]..&^.~W....Tp....d....Y.H.1.=S.9n.0....tW..&.....y..:...%.....B)8b..6e/;5.g.....d./...~ ..]....y...p...s...(.~.[..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\357__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.869013150645846
                Encrypted:false
                SSDEEP:24:phxd839W+TJ3lidzaK2bZVZjH0TH9O5Ye+QUiln4V:pnd09W+bidb21VZDNEBiV4V
                MD5:DB4AED8B6CFB57A8C8FAA7E7A2C0948B
                SHA1:170531DF7DBC89450BD46147769FCEBE56372D0C
                SHA-256:8E9064981CD38A679C1FF1EE2C8FB0B8673EB3F1EDAC91B1B7C39F14B892BAF0
                SHA-512:868DBAA4631966CFE45C779A3AF719B20CD8715EDDA02BCDA202CF5362DDBF464F119DEF52B7700E1DF460CE01AB44D8714D50F580985B2D7AEBBDA7131D6625
                Malicious:false
                Preview:.iyk./C....I5..CxU...?..l...R...a.l...*.b..2<..6!zW..i2'E^...pE1...._..D......&<. ....N,..%8....,7.D..Q.J.....0@...j.M`O..,.R....VliV.]>p..1......a...!...>.Vc..z.*...=q......PE^6".C.......g....5L.q..-f..d...!%I..J.0......~....8D...An..!..X..A..{..C.|.3.......-...W@KY"...>;.4G.-.v%.....{F.>..y..Q.I.Y}t0...Er...)|....n.;.......CW.?1...v..C..\......A..x..........}..u.f.#..lI.6,...k...2.......CjD.N..>(.'yq.Q_.'.).I..%.#t...(_..L..5.#ll.7M...'L2.....9..?...^T'.IxN,OU.<..)*.:......\.f......:.+..H.f....>1..#5O.*...G.].Z~..d...%.i.@..0.m>.W..tj...=.llu#8..W.J.xhn..5..O.=i....#.w....tl........-.wS.6:+....]....l.....".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\358__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1250
                Entropy (8bit):7.003773240264127
                Encrypted:false
                SSDEEP:24:88+Fy7RqSM7fK8Crd1sLipefJA5ZVZjH0TH9O5Ye+QUiln4V:88+FcUSZkLiwhGVZDNEBiV4V
                MD5:38CA99C6A1844398E75383FF93D2A15E
                SHA1:E24D685491658CCB78AC0618AFEE9342CA545CFD
                SHA-256:DC090678CA6E3606CB47F799DBE2302FA4192D250046F3F42A3FFA155CE2A962
                SHA-512:64D231675CAAECE0A9CF3B098232019D6440BC106A1F75FB9AC257DC677542A078252B5BFE4D82822E6C9831E8D279276EE42AFD362D03722672253E7D532D52
                Malicious:false
                Preview:..0..L&........;.d.. ".\.......J..7......_^..>.ph.*.O+G....j.]v....G.>r..=..Y...J.Ey..w....l.Y.:..?m.E..\...l'..-...;...L..~..(.8E(.r.g.35...L.g...Ly....3.C..R....:d......"c.X.L...3.3.."_....}...B......A/.C.A././?6...]..x.~...o.LHCB'.p....y..F...tK.......TU|.....[.Q...]Z*d.7..z.Da.....q......#....|9.E.a..."..Z.....H.. ..if.<...R..)I....p6.o........a6r.d.1.'.5......C(~..).$e.@...jt.|.2.....C..(.o.>.A0..#p$.~.#u.......h..m..d..T.._.=..}ple2S.M......O...H....vP.Ha.G..}m'o.D.9J&...M.I..l......IU.R...),....Y.$..u?4 ...D.qnY..f.:.7.dk...G..Z[.z.-p_...y.(kw-.,}..I....DN._.....P.....B..7..j..:&.."7#....|_..0l.S...<...D&.V...=CC.Fo.Wl..y>!&..y..u.......q.mr.Z@/...m}1.b(>.z.K.W|r./.f.b..1bB.Wl&..a..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b16

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\359__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1363
                Entropy (8bit):7.12329615308983
                Encrypted:false
                SSDEEP:24:2FAxXpIVeKIBx3Ng+RQCyJC1ZDka6tlssLM/UNaZVZjH0TH9O5Ye+QUiln4V:2FaXpvKIhVyJC1ZwxTsL/vVZDNEBiV4V
                MD5:77755D1B18E86C5050843ACB3732BEDE
                SHA1:80A27B1A5EFD8F65B28E37D05F7DCC3B66E04BDC
                SHA-256:D7F1B5D3DF4FD5F1E8549C4C0E6D871DA8DD96037EF944A310E6100CECCB8A46
                SHA-512:F443E4E4008601E3AE51736F804470CC3D8762E5B6DDDD6E64C08441A2A6C23A5651D0FD14B1032384E1BFCC7F07498C7197DFD2C53D7DEF669658D6E6A160DD
                Malicious:false
                Preview:GhL6..o.C.=<.Qgrl}...v|.bY.sdm....W.Y.....f....T...#w..K.asu7..-.ct%+...r.._f....^.Y.zs]..}..@u?..%,.9.F..#k."..G..:G.F.@..g.?....bD..p0..O...._x....pPGw....O..x...<.....c...B...B.+UZ.e..e0......_+m.........i...4...wL.SwgZ..,..M4...og..QS.K......."...0../.G..g9.....x..~(.D.6.Y.1+.S...O..M.c..K.@..Z....Cu:.(...fx.C....T..J.."....j..F3A.T...@../..O....._.^. .]}......r3r....@|$P....G..1:.B....X...].!:..,..p...P..J.P....).'.......u.;......0..%.).F..n8...pQ..&....^Z...z..7`.y!......xG8....1..Y......J....GT.....:/$C1.......8..F&.U]....l..M..w.&........G6..e&.*w...70.xV.de!.];..z....?.R.....zR....wd.@.h.....8..l.~.)..5...KU.jL..`$5.\{....N..yE...%!.... .B.o....o)..RS.u....b(.G|.r}.IbVgn.......NCv:........p.....<.iDg-..l<...B.i.&H.a...f..i.....v05..<q.!:P..x.]qP.........e.(Ar].%....'0.w$...U....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\35__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.947574048020671
                Encrypted:false
                SSDEEP:24:a5s42nP7FeedBpDqsmUn+va5EVIZ+A1J0SJbH3ZPEKaZVZjH0TH9O5Ye+QUiln4V:a5l2nP7Fr1Dbme+C5EyZ+AvvVpPgVZDa
                MD5:095B124909490E13EB624ADC05F07F06
                SHA1:8F28FB23B7426BC66EF2E1682B5229EC43CFD21B
                SHA-256:4865987F5EDB744AD263FCC972211A3F80187A911EA1287D1BA21677D970C15C
                SHA-512:AD1A13B3D43917545DD945C4DF3D98A7CF67B57860729BCAE1A55EE770DE68442402C158942059393A970AAF8CECE40A8CFAA7D1B28FD33555CC466600191B9D
                Malicious:false
                Preview:..Q.!qlR.....,......[....JK...2.5l..s.{.&y.H.vkB..h......p1=^wb.NV..v"..#Z..>^.0`.E.|.J..bC.....@!.l9;vV:....{......p.........{.WK.5m.S..5......J..o.....Mb.d;=[{....ol.,.hF....$&.D.Y....dSa...R.J..{q.1..%P%.....l.ec.4........7......I<..t....:..u!`1.uF...T..0......7.>......x..I..M...:.Z...OD.~...?..o.X2.......@CI...L....>0.J1......a3..n.\......e...B............l.yf.S....<c.Et.E..........P..HTO..!.w$!..f.6...*..O............8....h.7/yKo-.....n..../...*0L..a..z.^.5..T... 8U.B^......(..q...="......[.&7V.]06n..N...k.!...8M....*....{t......Xc.-D....i...(...Zm.G|OBh...7.-....zfY.\..$>.`/..m_..qU#"8....(...b..B....?..c(.......&..d..b..:....$......+.5.2. ...B....&......Pa.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\360__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.945431342374801
                Encrypted:false
                SSDEEP:24:3jzbW5soilsHfJVkH6TAjgM26YQ2Ll5nm9nuu/ar/DakZVZjH0TH9O5Ye+QUilnq:37W6oilgVM6sjgCYvnEnuxm4VZDNEBio
                MD5:99C75AA85B379624EF3CB89265CF6BB0
                SHA1:40153BC3B272BA40D17017B4184B52CD7FC8463C
                SHA-256:EB92EE31B0AF522A4EE1475A10B236C70F3162C375E585F784FB130EDF4C0E33
                SHA-512:5C91A9835A67F8151EA1E1FB5D663DA8E17D922223FADE999174370A53C99664AE851696975C867D447994F6147AFF8A0862E4E8E45C2E65C34AB69F34F7DF83
                Malicious:false
                Preview:..........p>.=.e....q..;.'...U,hF4c\=.1_.TQ...W..j..z..2......z2.a.s.Z.x..]..S/a.p........4...Yg.........Cn..n>.z]"..b.1...L.;.$I..B..7.d...7.^v.;...6..#..M......$E'.t...@c..t.5.H...C. .Y..W..c......._K>.CrECF\@...D......N..=f.NK...\.-..O6...'........?MWLW..T5....7....tl.....).0O.H.......N>h..w.../..3...%W..Dy.R..[u.x...r.>.B..Jh0..B..~.0.....9+a.h.9.....'.L......xF.+.f!.' ./'{.x.8.@.xE.9!.^X.L.be....l..........e...Tot.M,....o..'...xV....}6H...e........F@.}....W.m.S.'rg..w........uIN.OH*.c.4..m....r..@3..;Y.]..n(.y.qq.~...v.\.].mJl..AS .|.-.......E#.(9..7jy:a.............l`U.0..H=..&j.qs\cc.9...7.....;Z..W[^oP..`j..3.,....Ev.Y)...'.{;fSe.]$q..m=....OJ....%"...H.b.....k.Q.w..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\361__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1228
                Entropy (8bit):6.970879058967338
                Encrypted:false
                SSDEEP:24:qmeMeuUzBx0u1io5/c+R8KfndvZVZjH0TH9O5Ye+QUiln4V:qfuwxX1iWcj0PVZDNEBiV4V
                MD5:F1FDDD1754F9BEAA05AD7B9F39B1E176
                SHA1:D0A0FF0624E85D35CEAF8F0E897AF70022AAB6C7
                SHA-256:9E8522D483D92EB5F688DFB932408130E0C38FF7A28899B13A102158E959F87F
                SHA-512:60FD17E5AFCDF252273719F308F720B9E8DDFF417B0A26FB35F9B495AD824BA6CABECE98E802AD61AC17620D25C29CD8EEA6EF6EA708A5B8A170A5F5CE34F5B1
                Malicious:false
                Preview:Z...o..N.0.#4..8.....50...F.0..i..~N...D........e....2(..U...2jT'..#......Y.<t...xpX(..dF4)*2..)yUh.ski...o~........i.o?...o...1......t.-z.1......Z)cw..o..,. r.kU.....M&&t..*..B......(5.:.G.t.....~...lh........P...u93E......^.vf..s..c#..Zb.h"...E#.`KL.....q.F..A@s...).jJ...\L..L..I.....`..q.......T..h 0....N8...B.Rm!?..?.c.5....:9./3d..9iMO.D:H...=6F.[2.........9.y"?..>v.V.Dl>..H.)....:d.W..-4H.x.0.}.v'.B......a......@........[(.._..q..6..ur.+.........X..a...@......n..5...cF^.[:>tL_t...;$..Z..<3.N.....].....Pe.&.{ .....e..u.%...'|w.JE...{%....=..z...V4.^;+$..M..H..=.q.(.z.\./R.Q#..Hr.........BVl...U..T.?."y...1..&.U..a%zd`.y7q.|DC...wu..N.....H..EXL..<...+.x......'.b..F...)460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\362__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.956417253886977
                Encrypted:false
                SSDEEP:24:Vx4IZJ1dBtIlmsCmxtVlwSOf3ARS3ZVZjH0TH9O5Ye+QUiln4V:VPZJ1Xix1wSGARSpVZDNEBiV4V
                MD5:585BAE65B4FBE9423357EC9146DA0397
                SHA1:01712BB1D7A608D7F8261329473C6F84C0271032
                SHA-256:9103BD8796A81F4646F61EFE4929F49730FE2FD8F7C8BF11299E0E165EF6F46A
                SHA-512:A9D2A9EEA6127A96E1620473E06603721E6948FD35B9246E5B759CECFD11DC2BFE68A29C846ACDECCA51504412C7563A85564B5305F1028B5D59D07BDB3D2317
                Malicious:false
                Preview:.S.....Z(f.X.o.....&\F..[..)0.....:.C.....H..H.Y..D...b.........F.X..Pm6*..~r.]..fof.T.F..R.-..FD.bM.;.-..~.Nb7'.5I.1..dql..4^0....j.g.if`.:.0.Y..s..p..<.....^....T0...z...A..K.....D..F.\.]....G.W.c.......b&.!m<..T.6$._m7..9. wrM.'...9..}yb.........5!.5Y......."f......t.=!T.S.....p....\O....Sm.G|*..z1......3./...C.=U.....h.#m.7..J>\..\?.9._...^....w~..q..A......j.`.>..<c.gl&=.>1+..7....A:.....^....XEW(Y..).P..c...[.-....i....;......^..(._...m..P.$P.f....[.X....5.|.B.p..pV..Q~..?!........Z.|.1yy..Cf..7..i..n.uv.${...[)...nm.....%.7:9.v.:...B.....1...D"....z..|...e]\.t.T..lXG..B.....|..Y/..F..I7.|JB"*..-....<u.>...9@B......D.V.^a...b*8..b..#0[A....\B.._.....f.@....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\363__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1229
                Entropy (8bit):6.9753741268620155
                Encrypted:false
                SSDEEP:24:yls/15j9uFFrIRoYOaHVeCMC3tN43muz2M0l/ZVZjH0TH9O5Ye+QUiln4V:ylooX+LneM3qmuz2M07VZDNEBiV4V
                MD5:BA75B1925705BBEB48FA8F8918685CCB
                SHA1:1397C22F65E160E883DB4D3054FD56096DE3A2AC
                SHA-256:9F15D9D94C38505F3777E5E0E4A13E2C2F1ADB2780207A38D94D85C7D3DB3BF1
                SHA-512:D50E2AC7F552CF1F0495DFB7B71E309D883FCAD263B4AEB8881000CCEE46E06DE8CFFBA9FAB65C5D9CB191C9DA574293AD26811E9915FEE6091627FDB170E845
                Malicious:false
                Preview:..`Bf..:...Z...@....S...+.h..@.k"...k.....V..M...^k...?.?p......,.`.h..XQ..E1F..)1...f.w.6!..<....A...p.`p}g...1.a.>..8d...q%D.....c.6...AQ.@.,.|u[....N...N6.{!d.%\.!.....%.e.7..@.....A.....Lb..c\...|.... .\:.7....'......f.c.C.)...S...Z.....O.m..A.~..H.<kTM..(...<.c.F</....b~.`L].?.......s...u...x....S..,7.[6>.=...m...2p<4....f.^Y..t ..U.X.. ..1............"....h.....>*.......y.........`.....u.9t...}.\....Y.S{..gd.....W..Z...}.H..n.d..c.p]]Mx=HHq.j$..5.6..i..._..X.?ViiPq...V.?..K.R...2Jif.A...j..s.$......._....t..9."..Kc..n..#.|{.......B...Dy...._.J....V......W......vz.~dzZF.O......Sz..t.;l%........y....|h.s....'F.6.r..N....R(.%..$a.....iE.B.%....n#.r...3......Y..:j\...>uZ=.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\364__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.506023673100481
                Encrypted:false
                SSDEEP:24:KrWh7gfi9IT8NU1PNmIEDUHEZVZjH0TH9O5Ye+QUiln4V:kWyi9IT8NUaIEpVZDNEBiV4V
                MD5:841A2F196EACAC15938A3EE984902D2C
                SHA1:E44FDEFDEAF43C9EF1312423DC2A26F303F2A84C
                SHA-256:61ECF041F7A2672150A41CC0E1796288A03ECE40AB863E9BA1CDBE7A3CC89C50
                SHA-512:05694834E10E43F696B1B4F0808CFDBBD1E924B2EACF6A947BE790C0FCAF8F0C524BD81362AC5B7D3C3A17168895DA6D0A00C11CAA35D47788763BB4B8AD9280
                Malicious:false
                Preview:O.jr...=.>..7.h..'].f4`4..8K..W.uR...@L......#.e....8......../..5v...q..L^..@.b.C/.t.N~.~.....>.....%&....H)......o..t....M.h.(0.c.......Fa.Tb...J4.}. ...{.j..Wz.9AM...+.....(`F3,.8..y..n.....R,P.e.!{S..bDGv.).M..2e:..9...zl_..!.qClru.K..K,...a.v...4.> Qa.2.&]EI..Z......~.^....u.H....uq.k:....D+.$...Q..%..$..t......%.4........]*.|......L.+.:.;.8.{...se~.K.d!.6}IXTY.zY.....z}...........P.B*..".~v.L.(...............r..\..].'...@..^..D.6.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\365__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.728315216228433
                Encrypted:false
                SSDEEP:24:mIBS9+xaySIu6i1kE4bC49DZVZjH0TH9O5Ye+QUiln4V:my4yFx/OutVZDNEBiV4V
                MD5:E06BC4C44BA5B6B4DDF53805551EC883
                SHA1:7B2C787724171612009E9B508501E46E15A83EC3
                SHA-256:88B90B13273B64BCDE2358B3A1771833CC03AFEA87CF7AC7D59C6EC26DA7A80B
                SHA-512:C8E33D69CCD242B0F6F42E2DCE8E6651DE0844977EE053FCC43B4E5B2F3A5DD7D72B22740EA9C23E4C1F76C9F1334FE5B841823FB2553680A2FB12E1573B6DA5
                Malicious:false
                Preview:!.%z.f....sY.....n..pr.....9p. F.M.R.=../.B}0/..5...,..p.*......[U:7....0..U4...d#.%..s%r..&.nD..kP./...K.Xz...-.......H..rP.$M.....L6,...=..S.....Lqv...u.y.1D)x.......L.......Z$[H...a..s rj..=7.g;.o..4b..b. .Q..oR.....a4.....S.....db...{.R8..|m...r.+..F....L.}..4:.W...=U.4....<."m.uw&....p.?.J.9...D.S}F:........M..R`s.q...|9....xIB.d5K~X.TVL.,.....m./@^.,..r.ld..]^...B.u.&7)...o..3f..Q..$...5..n.D...aif!'IB..N&k..p.....N.cC..|"..Y..tF..f......|.<\}.."([...-.....^I.W...I...,z...5.6..6!.....YS..2&...gz+'.Q..@....[....0_.Nc.Y....WGfP...%.@..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\366__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.642995207449742
                Encrypted:false
                SSDEEP:24:/RyMSSaBdRlvbKqRZYlZZVZjH0TH9O5Ye+QUiln4V:gfSeKq6VZDNEBiV4V
                MD5:451A6AA86C7F1D73161F517616308AE3
                SHA1:51AB72836678DF6AB20CB9004285A5E0AFD3ACE8
                SHA-256:93F7E000380AB543912750D2F8EE33AB587A95EBF004D55D5462D6AA0412A945
                SHA-512:FB78B274F89E6C7BF3A2AFFF95608346E64ED7C93B78E98C0CD2BA74EA8A186F267AA57873AF99E1E301C78E7BC93D027B5462DFD2EBAD99A1BF2141A2BFA70B
                Malicious:false
                Preview:-.M..=R!...Y.^|..R...E....i...6....J...?E...:....*`9..<o5....m.,....T.P!.jEC.H}f......f.s...M.s.Wp....Z'\Ln>I....<o...6-rAS.S.pG..<......o.D...%!.gj.....0.2.{..I+.t.B1.G.b....d..&4\Ji^.........%.B...:...;\.%.3..Bb.\.>..~r..8gaj^......G.s.].y9^.6H...Tb.{....T.g..9.k....s...R..6.Y...6sn..y.....d..PBR.z&..m.fr.x.M..<.........G..9...nJ0&..{..>....8......g....7KI..?..v....'...S.vV..c/..w.p....&..E.D....F..V.......;..o+.Q.f.EF..XG..1&..%WDIx.OZ|.....I......&.U.)....T.w.A..W....5zG..WP.V.+.,....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\367__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.426474963959693
                Encrypted:false
                SSDEEP:24:Ala+tvUqkTJCLsZtUeKZVZjH0TH9O5Ye+QUiln4V:AlacATisvUXVZDNEBiV4V
                MD5:833A128DE0429AD965B7F17E32809DA4
                SHA1:4D0B78EC69B154D148098D3785509E844C1DD1D8
                SHA-256:39617FFA2817D78974F009A1649925F16CDE86EBC862CB3906C78BF0AD03C216
                SHA-512:15DF0BAA8C056BC60F536118D97D58B71C40164D99B67D6FEE4654CF2AC0F1E0FCBAC6681CA8C7EFF284DF4BAB121CC2015D6694F0EB4111BE390D3BB13CE561
                Malicious:false
                Preview:...^H..;.y..H7T.2.5.7c}.<.X.....e...\.nv........G4..mV.|...X.....`EI..W^.J...u......S...xKl./.$......@_. .-Y.).s.1a.,&.) <...^.m....F......p..K.....j..y..?#O%..d3...@..6..%c&).5.kX|...._......E........X.|1:.:.O..<l+.T.,.'aF..?.9....joQG...\.G..;..6Ko...o......m........y5.....#.A.F.%....iO.P...`o. Z1.|.$..-...1\..,gZ..w..5.; _...au. .].*..W.2..rh.d;......7........`a.:.....6.......V.m...h.8:...~..9.,v.r..0.6.\..z....5..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\368__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.971153521125067
                Encrypted:false
                SSDEEP:24:5dmz/KyqrqPghI8SseO4U76KiDKqvQVbZVZjH0TH9O5Ye+QUiln4V:rmz/KyMqPghhS04QrJeA1VZDNEBiV4V
                MD5:E8FE83D9556ED30D509300CAD77E9481
                SHA1:14BE647F0584E8B12343C913379C69FAAB84831C
                SHA-256:300481C6B747CFD1A537F4ECF25B8F0E1AF350D74AF0FD26624DA0E6F0B451CB
                SHA-512:CBB3AB39B8115E247BD34AEFD0868BA1176CC3FC8D7813C2C428A4DBACD0A94C79D0DEBD77218CBED50A7DC6C183FCD28902DA960436940D0D27AAE5F788411F
                Malicious:false
                Preview:...$..T...BW9/"6.....y.*B.=..u....586.S....).....J7.k.n%Z...9..3......0.OP!.....<.'A............9.....".).....n..S.........uF...z..Gw.r..d..D...pwF.2....Ht.l...Z..b..\.........VV..n.......Gy/.o..]&...@I ..l7iK..4..Y....j<:[..`....M.s2QJS..Q3.bKcNo..O... ...5;A.v.f-|m.Q>^.....6..G...........(5....#j.`+;f.j6uc..}9+[..8.B.[w.ug4.. ......b1)X..^. %`El".vc.PG....].@...B.7..36.<ze2..?-...!.......|T8.Y.-.v.....#..Jr..I.q._.v.y.......7-...i...E..5..T.9\......".Z-.....@......8.y!...=nO....g..;...s...x..'. ..>B.D..J).~.2..5....O....x..Z.Y;N.#..E.]..Lr.{_...2?/..6..A.Mj...;m..U.w..........2d..j6I.. ...q.+....@R.............a6./.m../LX..$9C.*.T....Z.*P...=.S...SX....)u.K^.i460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\369__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7318736828751256
                Encrypted:false
                SSDEEP:24:mXWhVAt8jpbTwsRp7R4u2zKhwrnFOxwPLRZVZjH0TH9O5Ye+QUiln4V:thCtqbMGR4OhwmwPbVZDNEBiV4V
                MD5:81785FFB1CF1671E04390AB66FF7C4D7
                SHA1:5FB82284B41FB52B27E76FC20CBD39969267F987
                SHA-256:F8D80A73A3699ADD492ECC5C8A9FDDDD55B26E967FCC928494C04F8D3F84F5A4
                SHA-512:DB77C174A8BD6DA55A620EB429918BA5803B1A0AB41D924012BA6FFAAAF772AE96E2F777385928109BFBD0DD8B4D73CA5C5EDF284F64154063266C791C71B486
                Malicious:false
                Preview:+....f...1...q.d.9B....T...}.........S..|w..5&.<<..8.C.D..........h..........C...\G.v....(...z...w.0dh.....UW....U.CaT.h..rE.*..G.RTE...`.a...%..he.Pp....oM.P.I.....l.U~..fB.d.5.<.e.]V..OQ..J........D..h.2..WDV,...c`..-....!X;M.[#P>...s.v|...CK.S2.".;..4P.... ..S.4.C..).` ;[.b......_.T%.+.....f.a..\..7..^.....n......$.=;(..r..no..A....+..N.(.t.9..%..F`.Yyp.a.^@.....8(./3...W/..[.$a..&V.8.L..W..T.yL.9.L.M.4.).p....V....].K..^..6.D.S.y1jKv8.h}..z...cm.Y.uY>5..H.nLc.)*..@.b...(.m.~\-.[`W.[.1..[...3..9S...>..n.../.6W..+O..`..._...U....i...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\36__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):7.002776582170027
                Encrypted:false
                SSDEEP:24:ZRNA/lhspp+7pFxrn1NlTH1vwzuESw+f4nbEZZVZjH0TH9O5Ye+QUiln4V:ZR2dhspp+7vxn1NlBYyESgKVZDNEBiVq
                MD5:398D4E4ADAE5D8878A5A839A206EA62D
                SHA1:C6A07221F0BB2E530C3B4EBCA1B07D746E84DDC6
                SHA-256:ACAEF89DE90D373DD10D87C31DF5664F17CF40D1A8C4418FD4AADB3867DF2854
                SHA-512:AF60836B2858EA893035BE22F5E0B074FF08696E3BF54962887C75F1664355809DAE916F99FAD568C502FAE1EDEC54924636A2BC2C96A89C91DA0F1C19136F65
                Malicious:false
                Preview:W...0$...g1.h..-..?.F.1...?A..;..=.h......:VQ..C..|.G.....V..y.Q.d..pt......b..m.......G....u...[`../.k.*X.....L.C.nF..|c[0..k'@..Fz.%.o.T..).w.].k....^b<..>P.6l t .....1P......RZ.F..a.U\.....o...a.rC].......`Y..(.p.....r[..H.p...h.`..`A.<....x......{n..]`E..(0.P.&j\..O%...f..7..>c....H.rTjC....x..OR.?..r8.l1..R..a.......r.4F...2....Q..)$.,.....B&.K....$.f....g......S........r.{....*iF.F...k.v......T...#.j@H........#.\.8.^...c....\D ..E-.....$.......1>.2....<.5e.M}`.*x.kZ..mw....a+;.....B...-bR. ....&h...7."..+.....g.;.....m......4..;m..k=..a..'.K.....|.....\..eB...).Kn9t.hR.Z.F....> ).D:..f.Em.W!u%.;}3Os..6.......(.u.y..~.NE....l.:A...........Q...h...lO{...S.."460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\370__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.7054001136821135
                Encrypted:false
                SSDEEP:24:WBDGPXCByjTzsd/ui0p/EZVZjH0TH9O5Ye+QUiln4V:2DGiyjT42TAVZDNEBiV4V
                MD5:02F1098551AB666C0B07CFC977132272
                SHA1:E95A527FC4ADAFC22B4378912D40C2E53067654E
                SHA-256:6066001DD11C476A880384B2D79B94BB45FFC6B213D9C99CC7995A76B154BDBA
                SHA-512:84C9E6AABAEC63D26F9DB09DC0B6D09CD812503FAB49838A90241CB782DC1BEF67F2E20AA3FE7B3FE91940C1948E0ECAAFFE59E7E1115C39970A1DF0D2412BA9
                Malicious:false
                Preview:+........+..VS...tN......%.s..fN..W.ZUz._...Scp...........k+..\....Wt..V:m...YcNZ.[^."..X:.s.x..gH.YG.Y`.......uq...1_..).!.B.[... .6".qb..T....1.d...s|.......v...^......gXX....7.]..i#.....Uf......X..P.......k....A.:.L.kW&.x..Zr...LR;.fS.U]..l3...['..u...W.v...yr....+}.i...q..&...A5...}.....C-k..D.WM.g..F...1l...@H....uo..0....(@.........:..J..8.C....H[.c.....D=...e...I.[..E......}.\........&....J..`c..f.-....*x.y;O..hR9....r....n..yFX.......0c...c67.....>..1_....9.>.... .xyU.>yD.w..}{....p!`...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\371__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):958
                Entropy (8bit):6.437728454387519
                Encrypted:false
                SSDEEP:24:NgqtvraEZ3VPolM09pXgEZVZjH0TH9O5Ye+QUiln4V:99raEn8BX5VZDNEBiV4V
                MD5:217BBF2E05EFCCD6EEEDA48C9578D3F2
                SHA1:8974E401053BFB3489CBE6600ECBE82C1F216360
                SHA-256:44A3A75236F780F00CC4985BD503F8D3C858F8AFDCEED893C0F30672FDE373E3
                SHA-512:EA93290B533CBAE41C03A13F36AE1C56C7CFA6D197A37D0FB318E550A72EC58AFBBBE72DC153012343AA95B35559F46C6FD4A7A978D5244A182203515F201D2E
                Malicious:false
                Preview:.'...}h.5.{......Qcs.O..$.....i.......i%J..lnc.%...V......I..1.7.'.4p._. ......*.....?.m6.&..F._.......M..GS3^.o9..#..1J.k+..`.`..N...7p.._....i.../.P...%FP..:.....il.S.+fgq../...4..?..H3...h73.....p&............s..m......4..p.+.P_NX..y......e.....5.3K.U"ry.T.k...p.r.5..s......#9..*........3#kcq5q.$...K...w4mD.'U'K....Kp$_}..P...Q.Z..G_q.y.$.|<5.D\.....y._..9U).e..MH..].x.q....T..m4,...H#..n..=..[e..T.Bw.@..j.<u.0....cxJ460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\372__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1376
                Entropy (8bit):7.143408684750449
                Encrypted:false
                SSDEEP:24:dFNb6OoHZkMJ0nfhIfmx6KI7WgodsaGpwNrZVZjH0TH9O5Ye+QUiln4V:PNmdHZ/6fGfmx6X7WJdftNFVZDNEBiVq
                MD5:C035D9CB024A06352F9A96BA5DB78654
                SHA1:DB2C5F2E50A6F70C21F52896756DE9A8BAC74A60
                SHA-256:A38A28E7C66A1010BABE78184D2B3E231264C4427ABE8601B3C284666915BE76
                SHA-512:C179A687F0766B930BFD15FDAB400B334D7AFD03A6D3BACDF64F37CB7EEEEA71D70906F023EF1F3E7F98A5221AFAF1C6E77BF74899061F06BE222F31760F12B8
                Malicious:false
                Preview:-...Zk......W..S....o.0..9(..!.}M;..]....B|H.&....4..M........f.jo_v..V.. C...2...E.|.X0`...{..>S.0..!...E...s...7...GC..$..i...O.@q.cG....Z........E.V.._..l.z..:.d`..#|_q.....52.dAuxF5.......o....w.......:.....8...n .Q..Y..2.e~[.V{.....}....z..Z |B.X(`...N~X....I~.Hm.UJ\w.......i.#.+....,.......?....7.x:s...]RS...i..EM;.P...j.. ....Y.J./U..E.sB.9c.....f.. H.....C^.....k..8(z.E..~.1#.....7r.z|..<..i..A.o.....(....1....4".Z......G.s.1<j.s.........(X.../'..........c....@X.7Q....W..b'.~R]lE.]....A._......p..@.m.0b...u....c!mi.m5.iN.F\.5...._.$.V.S....2......+...0..Y%^4......4.f.`...@.........?..mz............Z...-..k...g.1.iU..;.....3.r..dRi...rJ.T&=......8.....P....@....5.."4..R.^...8..p.Y.CZZ.!2....R.dVm.#BkS.W$.l.+.t yL..yLn.+.m.}/KcnT9{W.*D..@V..Zgb.>..-}.*.5~...S'.q.!.......4<U...#.bG.z...........m...LV.._Q.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\373__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1710
                Entropy (8bit):7.395783804588139
                Encrypted:false
                SSDEEP:48:NXXWmsSE5VsoVJ17KX0Vywqv8yoVZDNEBiV4V:N5sSE1VDFywq98eBiV4V
                MD5:8E3C82AAAF8221E5A3F4DC8FC080D25D
                SHA1:AADD948D2860BDCBE2E0B3FD9F09578185E2855B
                SHA-256:A124DB0E69475AFDD366862D4D4EA7364D960EBA578C79272B2A455084345DAC
                SHA-512:0670456627C4D6F908B04440E10247FAF0455FD3A3BA9525BD9B41E247D874435BB785267BF8CC70EBC5C84DB91525930FC01EE58130B5740828DAAD1F1A3979
                Malicious:false
                Preview:.=.1........4.:*.Y..D..i.q._g..I3.;V...o...K*!....@yD......\B....x0...{.%....>a..i?u.....d.......#.|...JN..*"qR...R@.eZ.D4...A....QY...S.//F..C....Kq.8.Tp?..K..`^.".N.......h...7...'.6o.o.....1dy..L\..]v.!}......U<.T.4.Pd.R~w........'E...I......*u.Q].d......!...KPn.J..\B........":....<3i.r ..w..YW;..Ou....(:.4..:[....W..OnN...9..&.>.........b.=....;..jt....#I3.V..e..........h3py.....>.....h.......x%..K;d~'..a.m.Y.c...z.....L.2.(...R...S...(..t.f...N3..N_7...0......<|ZD$.f..3C.U.....!X....W+.-.(S/2@...V.]h+.Q.j8'....#$..[.o....-.h.=.d$.l.j8(.h...[3*..N....R#;.....f.\..wY{v.......~......)r.m.Z.Y..9..U..Pc...L.O.0y9[..t.sJ..k....G6.k$!J..&.. ..P.c!.5.........V..)....,.[7pN=.C.,..$.A...*Y.....d.*;e.)...u.;.E...0..#_x......}.'*.D..}.....1>..ok.....p".x.OE.....>.cvN.|p..?...(.\M.7wg+r.).a....+...hA?..:K#..jI.{.b.......N.7....i`I..Hh.6...6..h..:?5l..'W..*....9......C?v6.`q............v..j.....E.......#.._L.XB.+...k...XE.,I.....`..a.).

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\374__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1157
                Entropy (8bit):6.876925681500935
                Encrypted:false
                SSDEEP:24:M39xtdT7jsVgA7QSuBTmyUZVZjH0TH9O5Ye+QUiln4V:M3LrEt7QSuEbVZDNEBiV4V
                MD5:8EB484FE2AB3C031E14D7C903B98F519
                SHA1:C2F499BC10D5D8589505AE05F03C6C9A95416093
                SHA-256:682CC4E2831BB7964D8CB54AE3F08F744532337FFBBD2EF436C9176FACB37113
                SHA-512:CBACDA1B9933206F2CEB744F3F81F6D63C5BC7FA3494E0EA60DDAAD2E20C7468CD8882A2FF56D62E7FD7771386566FAFD2DB3CAE70AA5CEB260F7542B2DC515F
                Malicious:false
                Preview:].Y>....e..C...Y...f..5n..E..).5..+.|...!|)..43:...B^.GM.qG2. _.F....$.S.P_.....k..F.].).._...}....y.2......2u.h..}w.(.!`...6.A.sm..U..._...O..u....^./.../....++....\..F..`.0..H7H...#.O3...p5V..1.{. .AA.A..u..1..........9...*h...qM".."...[....Ge........pyqE...Q..c..Z...\.g....3../|...gt..b...5!..U.w..I..-..H......{..!.w...Q....9'.Y..3o.".."..v..E.h..xw.c......h.{i)g..W.'.'N...6...{.U[%.....I%r.[...u;,>...v..]&QW......EO.-_.......#.....9...d.v..+bA.(."..T.N.....d.LZ.......[..fA*..#.J..r..?....i.L..].....Z;......"#..m..T&.ju.zu_..\&...{...N......jj.0..5.~6i.=`E..B...x.Y..Q...m]~.E.....o....+@D?.q.t%N...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\375__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.751068381330511
                Encrypted:false
                SSDEEP:24:RwZgwUNf/t41Xy09Itcob9Uv7gG0bZVZjH0TH9O5Ye+QUiln4V:Rc8Nfl4klWcG01VZDNEBiV4V
                MD5:3C8FA3206A07982AAC1FF3FEC76756BE
                SHA1:941C108D80946C3551A6F28049952561FD0221F6
                SHA-256:CD7177F53DE7F938228EC7BB2C9004BE918F5AEA9881E279B40EC0B8998FDE20
                SHA-512:AC58B828B3E9E961913219746104F16A8DE1E5C1A8A342400574DF70CDD30AAE63CB2E0B9784DDF6B9C1B79C1F77343EC99A5B87F0A3D46BAA646C752422DEEA
                Malicious:false
                Preview:-q\..9...)....I..~g#.K7.....i.w...6.1(/.Rt......v4.Ky.@/..z.S....)un.qi..a.>..s."A.V.Wv.g..0..*g............X..Bkkq..?{`......kj.e.|3V.X6.._...1e......x.%...p\....*.V.......4..N=5.{.^.Y.b...i.%%..?q..........y..#RM...........%.Q.5..}S...C.t=..r...Eq..1.b.........?.....VyR\...G*_LvH........}....,..>..>...0es!.D...~y.i....."....#....9.8..>A.f.....S...D.\.J.$l..llfV..r.f.F..R.$.fN.z...e"....5.:y......3..e..`A|7.....^.......y.`{t&.G..m...@.E].}.....0..t...T..cy..wA.._..iN.....B..1.Xa...Np...w..L@.....8.C.wo...lP......i...d#tl.....^...^.,x....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\376__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.696748662309375
                Encrypted:false
                SSDEEP:24:8PrqiVi1HUdNQ7P7+8ZVZjH0TH9O5Ye+QUiln4V:8zqLHUdNQ7P7HVZDNEBiV4V
                MD5:196A2646875A8735545F56C853B9FA78
                SHA1:29932B0C031AD30FCB0051F22F991255777377A5
                SHA-256:EB85AD32B8A46B3EA960E662929635AF2E682F65EA98552845999EE2931D3E5F
                SHA-512:126C20986012639A801FE24B87C41A6898D9A4B5E6B2E08C5E7A4E576FCBBE6D084DB04FD48B20FF9FEBE75DCA7C565104A2B22FE643A11AAFEEB9A5B44F622A
                Malicious:false
                Preview:)...o7.|ED..M~_XC.C.N...jM:.L..S..r....cx....NH...o.v...(...f<.%.........(..a80.....P...PF#+.....iv....d.V.kR.).j.m86..t..q..q.k..Ir.....]F...?.7..Ap]z).<.}..BF..I.Q..4,....b.Dy3K...j...<......w...".U.!....C.=L....&.V.F$..'..@P...{m..D.-w+.........O...?.a.Nk9..F.iK6.|*..2...:w.P(Z*............e."....H]I..DC.d..c?.......|=....(.....K.>.T...,?.......HU@.t.....|.s-. ..q7.Y.'S..)..%.H=.......h.j...C....Ht^.%V..VT..O$t.....l...q......q..0.nk[.%y[z.L.....oC.......U.8UF.GY...1}......n..B.6.J3G%+!^460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\377__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.471616532135244
                Encrypted:false
                SSDEEP:24:BkUSVMAecu0gGQkmZGza++ZVZjH0TH9O5Ye+QUiln4V:BklXehHlk7PWVZDNEBiV4V
                MD5:63A540CF7CE10DB9E4B43166AE663432
                SHA1:B07576BEEABD9C6154E27AB2D2576BCC9DA5110C
                SHA-256:EDACCF66868CFE3BCDD997ED3376FACE1933281547068A28C2F1D78469C71560
                SHA-512:4CB3A985EA92B8484CD3AED88B2F9AD56CD697BA34D685529AF9304E3198F8B0025B63F975B9ABCE5E92715A0BF25C0F5C54F790593FC1FC9069D850D68B8337
                Malicious:false
                Preview:.O.Uh...G..l..rn.A....z.......w.....~*.......L.!q7./P....r{..._....;..$\...x....Za`.b.;j..".-R.QtV.(X...,"+8D..O. ....R...L......m*!.4~>.HSX$..GQ.ba.....p.W.......CQcU.#..a...A3..W.*.q.n.y..9...fL..s....1.=f1...WV...{...s..PE......q9...k.c...b4q...:.../.z/h$.6Z.<J...~.\B....$!U~............Y..s."Z..l.. .F.P.'L2P ....>.FE.<...s@z.p....d5}......1.s...).F.V.G....f...J..n...|. |..JY.l.....i.4..}....0_3..msq..+...3.......H.+2460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\378__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1802
                Entropy (8bit):7.4711713366806425
                Encrypted:false
                SSDEEP:48:IksMijmrkN6a9VWhujSU/k78Wt60VZDNEBiV4V:IbmrkNR9/kHtleBiV4V
                MD5:5D247FB0B38BCA7D76AA72A92E89E3DB
                SHA1:36C28AD05027EF30E931AE426E3CD0D5BD06D9CC
                SHA-256:C8E12E088EAD9236FBA3B1EAAB311523017225639EF968F0BE120DEBE0768634
                SHA-512:65549818FCDBF2A203DBA03E8E1DD0CE953E8AD67B72843ED180F2F931B9D7CD19F86BCA5E765618D955D2A8C09A28A28BBE88FBE45A3F8B959B31EEED01116E
                Malicious:false
                Preview:......E..}...&......!z.o.....ox9..6\...`.............%......Z.F.....4.\..nPP..-..{O..T~L...$.>............SR.e.a..2..=+..w..b'?f.....8/.6.sm..6c..K+I....RBr.a.....,..Q....?.?.s..Jx7C^...#1..-7..#?..B.!.G.si.$.kL.Xg.Z..&..F.%!..n.Qp..#Z...$..PT.....k]..C=x..c...;..8....0.............MX..~..<....M.v.+.~6..Yl..b...G;...T%O.....=n../.7....1.hHO.^.]'.B/.SA.G..2E:.....9l.......3.>K\.X..Sr.T&.%^.P.u....a..K.M.p..P.3...j..P..TUb.rV..6.z...j..G..3..[.M.N.....l{..M.~.&./..5J......X...e...+.c.UY2;.<.I..........<.....c.&>Q......\dn......IZ.Q..Y.......N.g.;.....Q..)h....J.V9..K'g.....<-.....7...:...c...)......8G.y....:s@.Oe...uu;.......r...V0.3.._....M}....2.7....]..)F..... ..d.J<7 .:{.'W.C5....Si.t..MP{^.!,.l..p.d...%."O.]K=...q.F@..DW.)......>...J...t..l...i.b'O...y qE.Z.Y...xO.........O0.&......p...WV..&RM.F...H.<D.T..L.i...`.,.C. ....z......=.WW.5O.u..I...L...j..^.(.T.3..-....._..I....ax...f..!.{..<.)."...G...9...Y&.P...#.'L.R..C.T...

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\379__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):6.93855158542524
                Encrypted:false
                SSDEEP:24:5STd7v0guBIi1Z4jL8aQZaPDBz7HIBOKZVZjH0TH9O5Ye+QUiln4V:tBIemjhQUPDlTKVZDNEBiV4V
                MD5:D99E12DA6E5AA3237FC6B682868DCEE8
                SHA1:2E4894EC6557E9D26232E3F9B1C84A7C42455AF1
                SHA-256:5EBC1F93661D3695C0850F12C61BDC58830B96008D9E615B36BBE5C3008F32C5
                SHA-512:DAAD9B93DFC73863BECE8801A252D56A9D896D5DB2073C981BD7250A3C8B4023B549E8DE00B876F0CF1CD62DAD1FEE5DB4CE775C3F18A03A5111F523B11A55F2
                Malicious:false
                Preview:.....I............u...U=0..............q.t..7..H...oY.|.P......;_.....9'.o.=;..v1a........(...5D..o..u.md..c.....d...n.,..M.x.4.4R...W.WT.....}1.}7\R...us.x.pm.HCLy.........S.....Y..;za.C..l.c..@...e01Dg.g...Y...9.D}Kd4.f:.0.{....b.Nw2R.uQ.00.....d....X..M.L....6L...0....zh...E .G...wE.v;....:.i.!;.`.$...:..%.1......pl.....n.]..'F.@.....<....eRA*..8B.........H._......z......./.....q.......K.5.n.....J.8.\../.]l.|.[.,M.g2.C...6Fc|$....Z........_.9b..B|...[....|....D.c)es..l....u]y.<I.`.+..0.7..A..........zG.F....D..?....3....yaH...%J....7~.GqA...%.....D..@.3?b.yR......+.C..H.........}...5....X.../8y.....lR..g.N.d.h.....ui(...).1_.u.~....7.<.J.E..4..........\d...G\_.....H....3...WZ460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\37__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1357
                Entropy (8bit):7.129520183279831
                Encrypted:false
                SSDEEP:24:N7Kyhg6yYgcpONMO8bJay3ukHX5zmFLKiglZVZjH0TH9O5Ye+QUiln4V:NLg6OmlacHJzmzQVZDNEBiV4V
                MD5:A9369652A3C544C50CAB974192B2E232
                SHA1:5D4A5CBBB791B796553EEBD50210BE23CDC5910D
                SHA-256:0425717B3A44A3F3A2005AEA02F00D04BAE32F4BDBFD91A64492680285B73B4D
                SHA-512:FD67FCF27FA8C305C0696DA899573435AC6A23744C0CBF167DD5DA8953FCE6624A92792FDB987B4BE33260CEBF4BF820E51C97181B94DCDDCE39408E674FDFE7
                Malicious:false
                Preview:.o....E....t..;........=j?u.@ .....K....^.'.cH...... ..h.q.~....;..).W...;......+9.q..gq/......-.)>J+9.C..eW..M.....s..Wj&>......`.....A..f......(.]...i..O.%.&W..L...p..6........=6.h.../.....j.G.D........6.J..EB.R.M.'...E.3........6.4H.ifP4....|..Ao^...~W`...<..VL<]1....".\.o..O.f......6..[vG.:...../..E7.\|i..)...n.<.....2]".F.g?..V./.%.....).(....&...skv...jG......m..F.g..(..,..k.^.hx8{.^L.........B.Q,.(.._-..%O?.1N.%..;.....D.$...@.z..]..SEau.m.5.n..&.......L.`%.Jm...LX8N....Zpp.~"..l..9...-...7..a..qV....#.......o...V..@.....>.,.Z...06,ZF...M[...9}.jWx.Sid.n.!.....Z.yW.D.l|U."..O.|..tK.+c;........+.4M......v.....>...}.$.H.Vt..6%FQ.B.5.........Y.Q.5.../SI7U.g.?...K[.Kc?..N...%.2......'~(..X....t*.G../..`.`6+.KL}...`.~YG.8."N..mF.P!S..M..\w..........o=q.z&./jVK....1..[}4Z%..?...".+.Ng..Wv,w.....T.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d91

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\380__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.731505739935805
                Encrypted:false
                SSDEEP:24:XKZYR9EIbbgHep9ZVZjH0TH9O5Ye+QUiln4V:6Zovb8+pTVZDNEBiV4V
                MD5:07D680359A51BBE065828F6D72C049C9
                SHA1:F03887367A608A1B6BC84ED760BF3C68E2FB8CD9
                SHA-256:2B6884FDA8210FBED7FD8CB08CB5AE3F33A6EEC15766F945BBC41B984F02A0A2
                SHA-512:41EC505D65891AF3ADB6120466875D7B8CB8219C41ED518ED6ECB12E030FCF18839C2719ADF351DF7C8D0F1F32EB7551AB44FC190F3678B669B5162F8DE8A5AD
                Malicious:false
                Preview:...alf..a83....Y.......k.s.G.s1...8?..hpDl...&F..<,..!!,.dk.s..T....},Kc+.iilrj.hb......2.....qc#ig..2.....U..+yh.s...hR. .&.P...B.T.N....)B.....~>.&.]l...iK3......vq+.z.S..@..J....7...+..D.K....~..s2...p.....`.y..o.`Z..Q..c5...u-b..D/.......|.LH..D..%.....e.r.!N`..w.M.m.u.l..d.a.-e..<....1......b.pspm...F.....iF.....`%.vz.u.6.J..9...R.b...#.....#...!.Ftv#%.l...6ru....*s...Q.h7.u.y....n.([...l..d....F/x...K.C."CpJ.n>..F....,=w.Ld`.. ..c....:...U..I..h..0.....Y`..tq{...R....^....S...m.`.g&.....5.N3....=.)p.'` X.6.y^.....&E".r\...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\381__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.686548794383483
                Encrypted:false
                SSDEEP:24:q3bk7LXKtgg7X8ew9c6WZVZjH0TH9O5Ye+QUiln4V:q3bkHuh7X8ewGVZDNEBiV4V
                MD5:0D0D752282C494CC5F77C160123E28D1
                SHA1:D4EE10C3A89658BB0CB7179A24A34AEAF171DC4C
                SHA-256:F2EBBDC765F3354B4A7CC0DE58DA48405DF3224A6C3697F89CE02BF89DDD6B10
                SHA-512:28B27453F4F4C5CDEF4A2E22087B6B4486746B6477B939B17EE44FB31FA962D6E51A4EE89459A00437618A28528EDC8CD0C7E41AF5C493A399481DCF20A95135
                Malicious:false
                Preview:.&...Wi......i.[C,..I\.....L.#..s.X....>Q0.3!.....}..Rx;w+....~R...LL......0.gg.w..dL...jr8.I......c;...$..).........cA...."L*."b2..m...;.@...].?6.......+9..:s9.u.V-<.....Jn.]."....{..u.-y...6ut..DSp.t........g.....>e......j..l.&."J...N.....(._.kd.x|........."..\...).'....:I..WI....k/......&...yn..}L.A.F.GS..`..)...."..i.a.>. r...m..jQ.G..1@..^(.....^....W...>(..7.Z....B..e.....I.}<b.t..".4..E...HaD.......!..3.5.v.....&.1H.....J.....KP.;.agX...........E;.=Y......v.x.U...<..6....8....._....m460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\382__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.4655826116238355
                Encrypted:false
                SSDEEP:24:G6SzY5P6Qwbk+rY81MZVZjH0TH9O5Ye+QUiln4V:XSzY5SQExcvVZDNEBiV4V
                MD5:4557E143BF243A6C0D8A4A63121E3AA7
                SHA1:8091ED448C0F0A26523587F36C6554E750F39F19
                SHA-256:C1EF0FBA8020E6E3A9BD07DB12AD6033C738B4C4EC5A1BA282BD8A8473730F70
                SHA-512:3D7EDF8A11325F13157B2A1DA8C20035E21B9098FD0A75F170332D3E00B67945243007F6B0375C9AB448A556EBC7F6B42596BDC042D93769590BCF78B4BC15FA
                Malicious:false
                Preview:OfZ..] p2....1.._.A.Rm...........u'.v.-..-......o.+.c..I.FsH...G.2N..X.Yx%.....f...S.K...K..,.E`.~q.......C.0.T#.lx..Y....^tt..#....c....!a>.tG.t...a...y.*B*..|2....O.....Z.b..<.$bS...n........mvi......;.6......E......m;dnA...q..6u...R|#[IT..N.....qv.5.cd..m...8..p@G..]..?o5....4.~.C.)...z.l.....J. >....L..G).;...kH.T,.LG[*.s.$......Qv...M.U..c.9..5.;.].z.Ny...|....b...X..F...u...w..m. ...2...;U=......e..8.Z...1460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\383__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2844
                Entropy (8bit):7.7301014537658075
                Encrypted:false
                SSDEEP:48:BmoLmdEV2AUL2tGSzS0XH2RxBSKe2j+wjHVfswyjWCyTdZKjVZDNEBiV4V:BtLmdEVtZGSeWWRP3e0BjOwyMseBiV4V
                MD5:CB3762A2CAECDC69AD03538F70FFF8EB
                SHA1:E08E77AFFEFA4ACDB6F8013A85887DC47B838F8F
                SHA-256:73791B04A0D3DE5C9BF7E5D9A634A75A68A6E80BD1E091E2D9A9B8AC900C0231
                SHA-512:3A7CB0EBCD11A6FD1C9F1B9F446418657EB84BE9EE9FF8007E9DF999D68A951B9B41D5C460A14C37F008437581F7350CB3DFC2D1CBDF889F20F1DCFE0CAE316F
                Malicious:false
                Preview: .<.[..[.....;.PJA...D..F@?.`.C.9s%........e .V...f.....O.."2..........&B..K.Y..8.e.(...V4....8...H.[...JZ+...o....v*....H.@.-..O...._M...:..A.....t.. ...D.....VB$w9..eM.t..j]..$U.9...-..E.I\*..,...R"(*#.....`.D../zV.*@[...0"...6!O..B.@.<..-J..Q..}L..sqa.u.R..F.&.c QVK.....;.R.........c.....;...=.*./q#x.`..;Y[....o..i....3..j...bNDT....D.....a.)>.^......,.\....h}~&...d~~..Q..@t-.l:4N......Fad...ON....+...b.(..}.u?y. ...?..)........%....`!.y3..#]'.....Vq.m2dsg.\..f..(..A..$..=FE..ZT...:a.3..v...VJP!...S5...YE.L..{V........{,F..H...z`.P;.E..VE...{.Yv..;.[.<.......3rGr.....m..#.Kz......1..q2QEH...\.4.f.hD./H.;..}...@.[l..^..>..)'U.\...<.....?...Ww....>q...B=0X.....C....m.p.Z.D}u..k.w=./.V...l.:S....8.P/^.y.5S.d?.....).l....\1+_..#....... m..u..gRbo........eN$Cl..1...N......9.5t.[}N3........."...[WS@.l.G..KIt.QUy)I{..QD....9^L..b.PB.@e..[....4.............n."......s..2.L....b;6M.y.CGZ6...!K.ak.h.j...N.t.0c..w..|..(....|r.P..8..#..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\384__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.913835407072922
                Encrypted:false
                SSDEEP:24:dmjcWGBPS2lcveEKpaUN293G9IZVZjH0TH9O5Ye+QUiln4V:4cWES2lcveE0VuFVZDNEBiV4V
                MD5:652A602385A514D24F3FF67157322185
                SHA1:AF27ABCAC58696C183D121589930D50DF31A8CE1
                SHA-256:DE09996CA0C9A1926C7366E9CC7E28E3A6A6D4A41A4FF19D826792CA72806286
                SHA-512:6D6453129AEBD281B80B8F8976DEDF82C7652E4134C26E2DC42F4A4745E12396F555545CF90575D79C6D90BE82315F9C2321833E070231455499EFCAA37F14F5
                Malicious:false
                Preview:.....[.x.....N...vTWH.D&.Q./..e..@rYJ..^^4NX..Ve..m'}Y...I'p9!g. |`,.H..m7.....@...d...G^.Z.L.f.9.......3.&I.4.Y3..s0R..O.........Y.h.f\.,.#T...E....7........../...i'.l{.....JW.^...P.x...fG.d.......;......[..w..BT...&.......\...u...7....5.$.h....0wb....|P 0.....a......B..y...&xk......K.A%..;S.C'.)."JM.`L......f..@?<.&. Q.d.hd.(..$............?b\,.y.ni..|d.0....l..&.j.#*.di...{..K.O.a*0.51..1M:.3...t...G...y :.OD. *S.=c.A'b...N+.......0F.t)Z.={........e.$.zX^..b..f.H8.....=....G...[[..8{..^b$P.......n.,8..&V..I..7...Q..Iw....r..a.f...w.}...K{vR....32D..8L..fj..`-`.k0.rd......XU....*..LS...].,Y..r.>....+......X.....;.iW..,........x.pR..u,0.c.]..Gr.:.S....4xc.r...5v......Q ..l..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\385__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7515570427853495
                Encrypted:false
                SSDEEP:24:w5KJRlvepwu+BJUAycJ704+rQvMZVZjH0TH9O5Ye+QUiln4V:KK/9Xu+rUn+04+rQ4VZDNEBiV4V
                MD5:DEA40F487D7967B9C40B998416ACEE24
                SHA1:D44BBB232FA0F7F8E55BB33AC8E980D95BE5CEA6
                SHA-256:96B4A42F7F92181FB139AEDE5B22B1DEFC46DA5BC0B4007A78C3D71E1D5BEED8
                SHA-512:1FE2F1E4C5B1FD6FC76EE4301C1054C32837087FC438339FE47632E47BE07CFFC3143795F93300DD1614FDC3D0FFF899406ABB4A032ACCD5FA5E7EF3CF220AFE
                Malicious:false
                Preview:....UA.GQX.%Sq%Q._..+.0..E.]kbA...").%..z.>eCx.s.X~0.cQ+..x..q....nK:.E^. *=!.1P.A..?.%..i.:.0...>..uXJW....v......_?....6.;...#...|......g!..c\.: D..B....x.t...s.4./.u...P.....>...G..%Wp0..4....A.$.NF..`.[...BE)..K.......I...C..E0nwh.....=..!RTx.....!O..p.l.Q.N.....T...%cN..U..b.>.8...../.f.l.)7..q........B........g.[......?I~8..OR......F..M=iz.O.#.zR..6...j,*...x.2o.<...o..Ne)nL1+.....v9...}.n....6d.A#..+...[p....0b4_..C.x.m..Lp[...?.Q..Lo..N..K..&...aL?..__..u.'...k..9%.....-....Y.0...>*:2.b....E..!m.j..6.;Y)......SC..ay.?...q<e......:....J3460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\386__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6282180204846926
                Encrypted:false
                SSDEEP:24:EqaHidqwol+MtN5nWdni2jZVZjH0TH9O5Ye+QUiln4V:AHorMn5nWdnvNVZDNEBiV4V
                MD5:61516EC2E0A8500B20EA3840C3F3D073
                SHA1:CAC1AAC805DFD7E0415045AB18A726015AC9EB30
                SHA-256:FA049920E43AC6EC7B8451F8AEEBCD5C249B5ECFC21D6EC1D9A51182CCA92806
                SHA-512:48D8DA40B973CEF07B0E662A9911AED86081906185008A0F7BFE07D94CFD7D7A08BB04AF31A5457F029BBA3411BBD775B7FA58B3F3337055DF6330C97FF86DE7
                Malicious:false
                Preview:'C5!.ie..m(LZK].D.....S.:..?..h..$.|]...o..3...,..e.=..I........3.\.2.8......!.P..y.A}..Dt..F.......e .hKPL..0m.2ew.}.,.....u.......NN..Ag.....P4o[eZ..D.7..K.$b...D/.Lu....j...eK.5j.'...>e.mvnjT...wX<L.c.z.K&hi.:G...pZ..2.=......,.V...qc1.F.t.P.k.vI..._&F'.U......h.7.#lk...AN.L..#..*Et.....H..1._.e..|i...u....}...C:.b..S{Eza..h..M.bm..E(....O|.....|Wj.Ll=..4..89..j$.X...WEsR.. .X`..8.Hs.....$...a..u..-......*2.*.w&4#t.{x.m.......9K.R.I.`..X|..Qyc/.....D.b...N..!..uo./.{..e..u.9).[...t....m..J=.e.O](.v460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\387__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.502718567316494
                Encrypted:false
                SSDEEP:24:KMslbqxZKt8H93yazJEZVZjH0TH9O5Ye+QUiln4V:KtsxZ9yazJYVZDNEBiV4V
                MD5:CA8C88D70BF269425842339393D31A48
                SHA1:BC03EC36A670D4B5D7EA03241274AE5ACDA7D77F
                SHA-256:2E3F8C0E9BEAFAFF8A41E3279C1C053E4E31E796E0856E5E4ECA0B15DEC95898
                SHA-512:635322DE64B67DCDD641F126DF0DBC9C53AE9759B0D0C5C4DBBEF947832FC98A3A069DAEED55F9526A8A143A1EABD9DDC06C0543EC5E81375880F19276151389
                Malicious:false
                Preview:.m.w.;........F..Y...nY..K..^..j.....M.....x.l..R.9).j...?......."M.s.H.a..."y6*xG..3H.;ri.6......s..yc?(*....~..f...5.vQOI........o..0...?..l.m.$..zV...?.I..%...........~.O.>.6.......W....py0...,......v...G.a.: .w..b.)..{.....:R...Gkw6.gHC....N.'...}..<...Jp.......q..._.j&.Q.B.s.,%...9..*..a..Ac..&..KWB1!. ..F....N...+..St..c.C.S.a.B.A..`.,[.q......9.b&...S.i.".d.:p,:.&...+1.I^..S.....l.).x...BId...T..)b$\....VG.S...z..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\388__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2617
                Entropy (8bit):7.682295259932973
                Encrypted:false
                SSDEEP:48:SMXFM91l2ULTt0xmjUF5VfCzBw4Crc50+WjRFjqSMQkZVZDNEBiV4V:Z+91l2UnokUchScdiF7M9eBiV4V
                MD5:7B1BE307FC82230D2D82F4776F4B4771
                SHA1:E1B3991C3451703F65465652DDFE82C75A78569F
                SHA-256:94889EDB595426549BE06DB77478B018E39712E0423A980763CB6EACE66773A0
                SHA-512:CE5378451AB75B086AC7834ABC82345EF23060527B142ACAE83056B4D3A6A63D847E7F1E882B998D1C68DB08F3ED70008D4BCED38D877E3BF1CCBD7D9A5185BA
                Malicious:false
                Preview:....t.!w.9....f"..6b...r.X..:.u.....?.&|}+...8....a..G........H......6....kE[...Y..oo. tH........C.Qs|.....bC.p.......Pq...W._b).b.....O.+@-w..=.^,.#..j..yD.Kq...k.......!#.PN.#.c.~^..1.6.].....O.B.....E..q].SwQ3...=.t....L....V.Be..$b.y..<...+'..-....Y.k&...\@3.9.c..Ja.i...n..i..d.eN.jv|.....'R}{..............p..}..E.h...].qf.h...tnM.s.....G...q..E[.,.E~.O....y....r..G..!G..K..~...T/...^...]...T.Noj}6./_."..]&.=..4..Ci..5Ei.6mI.}.\.-.qf...#.;.zE8.SSU....+...r4.R2.....f..EX..%.=b..=^G.E...S......&.OY.<u...d..y...z.i.VoJ<.b.......G......mdI..JY......P.[....@.w#....x...PgR.OP......V~Z:...o.f......a-.n...'...Z......:<.....Ds...n..p.C.h.q).....#6.@..z...o..D.....'.i.Q./L#c..E/.[.....?.9.-CR.-]K.w..Z6............Y.TW...%...^..f.y...,S.Z...(.....SH..q6n.P...zm.&Q&..D.3.qIX.}...`..8[B.`...v...BF....7=d...o........H.:<.e.%....C..P..{.N....k....`I..o..X.a....3..p.....y.R.5.e.(Uz.e..N..v..E....i..G..8..X.0.+...T......mP..D....{\`|.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\389__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1802
                Entropy (8bit):7.432959068572675
                Encrypted:false
                SSDEEP:48:tdsOgrgLTZv+demWOdHWkE23VZDNEBiV4V:to6ZvHmdveBiV4V
                MD5:588B86BA692E233D6EEEE0F09CF3C878
                SHA1:5175045E39813152866C39BE4CD07F05A84A57E0
                SHA-256:490C01794B9DA60FBD83F46BEDBB964E59CC69673E4F83884174091927ED3A79
                SHA-512:9089EEC17C671BA18F45685B92E2A69732108FCC649CC491BA254897971D2E335537C074B1F9276B09D7CC752477DE4B0D16789CC871492C391AA56AA29C8626
                Malicious:false
                Preview:x@?V.!k..X.r..[W.k..U'..c./.^O..W"?....Q....4.vn.^._.....yd_......-OY9.N........|..J..D..x\....t.b[..U.<.....:........z.N.a..z......~...Us..F.i...*.....;S.n}.K.n.2...!...p..LFqbZ*[W..%{.fAt..Ki...........[Z.......B...`4...~ p.oD..g....[c..RmO.~9.....x|.1.}..O..`.D....-+>A.0..4dp2..J88.7...."....{ o...f....f..7.j.....M..^..y.....a.....+]..q.E$.u.......L3........@.`..!~.L.p..2...,.=...?..';...S...Q.y.....jm.bw.Z.........E._X.iJ....'%......\..d....b..&...`.!I..*.D#.&DjF....fs.C.ot^........O(.....{.yWm....}...-....cM1...v[&...(..^...I..p.Fx......+...k^..Q..."..?.p.)SMVt=.>.S.Rd..I...O%j..;.+.....1..-"3.C...T...NS...90.+...4....(......5.Rg|DPd..0.7....\....{=.f,~0.`.dK....v:..+.f~.B..FTx.P.......{Bm.=.=..T.L8.a{+z....:.....dN..)L.l.rA\.I.......r..-....K.;...>.......Vkm.}\.7...m/X....."..:....2.y..|e.3.n.....O01'3.....`=.c+..`Q........F........^...!....G.*./........)...zl|...N>...........c.?U-M.)._......7.|q.{.....z....8.(i..2.zo.}...B.kF...7.7~.*.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\38__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.888233785542969
                Encrypted:false
                SSDEEP:24:c1vaI63Dh/4MwqO/9VqQ8ursYEsBI3YZVZjH0TH9O5Ye+QUiln4V:cNaDzhALqO/9Vqhks+9VZDNEBiV4V
                MD5:265B4BBC099BC9336179675322F89052
                SHA1:77B7A149AC5BEE4FECB64E3CE6C5864C20D9ABEB
                SHA-256:5B52DB1C89A7DA3DE228969C3B901DCC405EAEC3C6331D9984DBD644838006CE
                SHA-512:DDC5C7CED179DA38037DD794AF73E6A0CAD5397F5EF44C305AE2A3D25F8C0D46D80586D3C178D836E8AE559F0BC40B7DB42A371E963B12FCC94257AC96A62C92
                Malicious:false
                Preview:-........./N.3c...c.."......U..w.....'.X..2.a.^..._.S.e.V.....ZE_.B//..O.....'..~..c(..x.,...<..R.iq......&3.4....c=......M.U;....:....L..G.~~...r.(..Jk..&._.....l:pu.....4>.y..;._<.\...l...y..|f.3R....:.2.2......W..(..../....A.p.Woh['....M.K.....[.m......._$.w.)..u.....a..Xa%..u).eRU.J.(t..+.t\./....0.NW..I...".-z..{..wNL0./~8....wE9..j......S.O1\..[.3.D..$.&@]C3....+.5..R......hBl.&....0My...........<.gP......8. ;....,;J.}.......@.....{...M.M.u0.O.!h5.]....!..b=...v..yGb....xtk..`d..]7M.zz0._.4..>.A..-D.A.&.N.pI..q....e.x....\.u...<.~.IT.M...M..c..@&....z~..S..x.\...S..!...9(]0.f...?l~..K.p.L...f<jl;..!.M.-.nv..Y..H`w.T.9460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\390__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1015
                Entropy (8bit):6.615113336993792
                Encrypted:false
                SSDEEP:24:VldIkALAiEnyT/ZVZjH0TH9O5Ye+QUiln4V:VLIr7hVZDNEBiV4V
                MD5:3FAC5950F9875B9E11B2B1F025818313
                SHA1:965C4165661EEA24AC6F1E9049BF782689248CAC
                SHA-256:BBEB6520300C8D7132208647337ED2AAD714B7127DA6E14EC4EF95EDFC3BAA3B
                SHA-512:C11962BA02297DFDAEEDBBBB38F129E459F555E4A47237B585BEFF4370AC50CCC67FDF5DAD870F0B709903DF7502663A18ED7EDED8BA45F75EEE1984D9387B2B
                Malicious:false
                Preview:v.l[...pFU%.]Q.q.T.....f....`...)w..^.3.,..).....g....#.k...[B....!I...c..$...L*+8A./.s.o.......+.)p.z..P.C.....#6Z..-:...F.0-.z..dI......j...A.W.`.:08R....n......k.u.8.As.....F.T....o&...H.?/.......s\4#+}... .v.W....:.O/V^...<XB.ZaF.8...V..}J6b.G...{.kRW..0{.;{.*........o..v.T.8yJ..-n..LGZ.3a.B4..r..U.!..Z.......i.>#$.K...VT"...j..=..N...O;q.f.....y|P.k.....T3.=..*...6.PA..j..#M....9f..........U. ...b.E.e.C....\........k.k3A....P..).T..T 9.a.pO3?D.8....X..,..a..(.3}o.mn.x...4460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\391__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1181
                Entropy (8bit):6.873201665271666
                Encrypted:false
                SSDEEP:24:APamcNwbzPnRvy/vOIoRZVZjH0TH9O5Ye+QUiln4V:APCCRvy/YVZDNEBiV4V
                MD5:BBCA63AAD8AFEC7D3F39C176AE20D982
                SHA1:93879E7F0602FB7101B6ACFD3D38FE69AC04888F
                SHA-256:38A9527F092E25347B97F83AA93D7A8D0D8FE7B749971E0A96132862D4966000
                SHA-512:1B56237133847AD70008CAD211015DDA78A86A397DD899E2517A1BA3CDE7D645C798733642EFF47DFF302152F56691131A12471D13EB771C5C8436C8D8971B0E
                Malicious:false
                Preview:r.@..RI..S.^.......Ob.I..)..../P.i.t).7L,<...%.g...Pqlv0....-...K.........^.e..+@TJ|Y2*..N..k..`.;.hS.T@....;.Y.....6@P}..........D......#.....i......5....m ......_}.!..5..k`M$G....*.f.x....x.P4.'.n...B..-...z..'.kf<..#K.}.....kd<.G..?........i.........?..F1...5.hO. .}..>RN.w.EJ...A...h>...I...Cj/..Y..".8..q.E.e.~$[..,.4(....y..T3.Z..-,g0.KV+'.> .P..(4.."..o......oR...eM.`.......9..6D8..[aj..-R#..../..;.gxy..O.i1...IJ...........u{..)...f.b._....4A.e.`.>...#......K....?i3~!.)....+.g...k..?.s.]}U[mJ..7....7.$7z'.........l. ...f..Vp.%[.3.....8.7..m.7Xb.v...ir..g..?....M..!.X.J<....... FY.f.m3...}1.....F.....vO..b..3...U$ ...aV..7.B)...t1460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\392__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):6.768376404071087
                Encrypted:false
                SSDEEP:24:/E8MYMIgNc6R5L2bzsrAjJ2/entZVZjH0TH9O5Ye+QUiln4V:/PMYMIwKiAlbVZDNEBiV4V
                MD5:6C797A31E515EEB1E51FB943937A03D7
                SHA1:C3AE879D1CCFB11DE40A47174C172D4DBF9E3470
                SHA-256:C9CF2A0D67911DEB3A1CB8C11B33B87C9DD16B293E6685427947C7C8B1E5816C
                SHA-512:DD15F4977C952685DA8B54D1519B507573BEABDE4FA0397E6296D221DA51A893071DA1F15F4C6D3F37E9F1EFD89ED813713494ADBEF43C9D4F24C7B229EE3CA7
                Malicious:false
                Preview:...........0.S.kp..Z.e....,I..>./.r.A.n..6.Kw.g..}...q....7...0X.L.C.b.3......Y..0..UwJ...2..+E.Q......_ U...B.V..i.......1]...S.(..R.K#../.wX.^..z....'..5,.!'nN.\.RG`.o......%,3...IT.*..*;.c..l....X.w.T........FR....t.........Ki}..+..X..1l&m...,Ko....H[s:..-....'\...h.ogy.....n.v>}&.D\.c...@..h~..=.4.h...B.yUU;... .M,5..C....I.....=...Xu&5........Z. ].f.(...L..-.R..A.YS..J....;.;.....s.g.a....H..u.O.j.d.......E......s.kd........-U. H.o(....?..4*....a.n.'.i....N/y.i...h.6.Dv...)h..M..[9h.a......F.^..K..X...L.Q......d..S8..l..#.CI....fn.j..-b460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\393__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1041
                Entropy (8bit):6.626533513192206
                Encrypted:false
                SSDEEP:24:Q33qK2ZW7gYewmDuqZVZjH0TH9O5Ye+QUiln4V:Q33v2ZEgRwmD/VZDNEBiV4V
                MD5:07E904B7602261ACE8FF1D4C4EC590E8
                SHA1:7EC71322D07B238EAACDBCA893875C8B690EB22B
                SHA-256:2D1E3F69E35B6F8B19F702DBF5676F55E40ACE1D31CF1F8441C267E1072EF093
                SHA-512:53606147BF912133DDCC6501ED2355E8B9AE4E93BA732B10121DF0BF57B7FE2070D573F92B4994D17928F57D5B3971290B741CE974CE30D7CFCA2AFA3F9E277A
                Malicious:false
                Preview:.".f1.:...[....q1R......=C'&.'..F.z..M..@..&..Ge....(...r:AZ.r........m3<..l...{bT.d.`.L..9.s6......o0c..P.k.wi...*5j..E....,n..w.~...LmHjh..".^..ZY...d'.c5.h(r.@..... ..........n.yF....:.=h*....i.u.4.}z?.cF.......e......l#.9.{..J../.8..AM..N.a.2..\j..qK&6;).c+iE.!W]..[.~.r....]O.Z...O.NWcg..v4...+....`........Jz....6.....m.6..Mg.......E..JTXn..E...xcZ.F...B.aj......Nb.B...9.....A....1.a..I.'...J.bN.F.......>...AiwsWsT......L.%....:....^..... .+.8.cJ.akM*.Y$....Z....G..(...T.4CJ;CV..3T..n.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\394__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):955
                Entropy (8bit):6.445424673800322
                Encrypted:false
                SSDEEP:24:/O76fQ1fDgdkTr8VcnFfd+xXZVZjH0TH9O5Ye+QUiln4V:E5EyTYVMBMVZDNEBiV4V
                MD5:88FB02B6DD629D9CCE288C10E1382146
                SHA1:782594CE631D87AB720934876B9F7AED249E8401
                SHA-256:841FCAD994FBF5DCE29D48305DD7BC6BBE7F1BAF4DD474B5AAAEAF973EC3DD73
                SHA-512:06A29582D78596AD9A1490F0FC46A3CDE6349861FAFE72EEAF0162550DABF3EA381B44229C462EC0DBFA4F5E24AFC5C04AE7A99F68DE24505A05BD3076B0EABA
                Malicious:false
                Preview:T.B[...=..L..Z.. .[...,.a...Q.e.4..G.....K}Y..X].Z.......~.K.O..W...X.2^.XB(..=%.[Z.y.......,.C..V+..w.EZSZb....O...^.0......K..0.....B.iFh+vS6..,.{.G. ....J..{g.S.h.......,...NKR.I...|..Z..Yh.5.t.1..GQpr..V..#...y...R ./.V.\.$.[.,8.i.....'S{.qQ9U.7.K8.j......eaPz..H.M~.I...=vB<.|..8+Z@.h.1..._....k.....1mS1..N>tx.........@......d..B...O..j.y.hp....N...[..2....i>.;...y?.$.....6?z.yIf5.(..-b.^:x....G}.e..C..y......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\395__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1236
                Entropy (8bit):7.0039875070077064
                Encrypted:false
                SSDEEP:24:2a5zraRL43+xlzxpwgmlf8ATGq/XulObtXfJVJBZVZjH0TH9O5Ye+QUiln4V:juRxxlVmltTp+Qb9JvVZDNEBiV4V
                MD5:BA90EDDC75DDA411222AC393BA58F9E3
                SHA1:F0E7039EF6E1D875BB34730B620FF11A54AB851E
                SHA-256:58DCC686A1E1DED505B79CB6B299B965BA33B3393B4E1E4F97D13578F21043AD
                SHA-512:B09BD31ADED0ECBB9DAD38D975B74D325B478306E901F6A94FFECC6D4DAD04AA65C69CE9FB1E9384AE62230AC18EBCCB71E55203F911D173AB158D4314C1E56D
                Malicious:false
                Preview:...6p\RB....P,{(...2.C4....7.h..M.c..P2...N......I."..\:....8#?;.).Y...%.2...W..l.-.B].O.<......u....o..k<i.'...s....y..D....~y..LM.0.._r.Mk..;t..=........'B.y.DE.R>.....#.....y....4>..m!w..;5.........z..qJ.....JJ.z...."...xS..|.....:Z......2@...........R.WT....'p..1*...4a..].8C*...>J-.G..p....W.,...Vx.Jz.j.....V.V.5...D?..5.....7..Ku|..L.H...[.9...Z....`...A...}...1~..b.....s....:.K.*.*#t...u.[.G..c......o..G..@/..9....*.....\..m.TD.QrD.-.L..Yn(P....9.W....z.Z}@@D.=..%t.H.*.N..&?(...j>....8@".ma..fI.2jk.x..L.1o9.sb.rf..._.<...%.]....@l..TK4.7(...d....|...m.c.nY.-q.OM.[.^k>! . ..N..RU......s~...#.p...a.i'.....E..V......Pa.....ym,x.....<.s.'....0.. nEf.yy[H..l..t..|.kc.S{.L...!.d.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2fe

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\396__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.71174874331258
                Encrypted:false
                SSDEEP:24:zE0NZ73XjO8RGZLLfUCxJy5FIbZVZjH0TH9O5Ye+QUiln4V:zE0NZHvRGZ/DJxVZDNEBiV4V
                MD5:71A676C3213D891F56B53890507BDEEC
                SHA1:0968702F6644A635864DA5F2A8A12175FC3A948B
                SHA-256:176752383EAE01CE9DBE414E5D8825AB7F3F78E8AB8E84478F12B873AA3E8C2F
                SHA-512:D8C299D757495083E5C45EEF5F65663BBE43F4DFCD4AA24F02953598F6CFBDEFE247E8222EC058F7726882EC3D69B9405A3E4A94AAA4FFAE85CE9E451E036715
                Malicious:false
                Preview:........j]....|.OG..deFPT.....`...q....dt..y.I...E........4EB.M.4.f.p...&u.%Xxi.+.;..&..Vn.._.=`4..1..t.oH.F.W........0....P...Hu..L.}..y^k.$..5)._`._.......C.b...L,Vng5..)+...N....l....^.Q.u.!x.....'B\.6^...HjJ<sC.z..<.FC....v.]........Y..b.|-.....E.&.."u8+.D...X....&..6h."..S..iL...L>....`....)|..T..&&5.k..J...ZnOH>(.62.8?14.....`{t...3.`.jh{.......}5..E.R..|t.r,..u....p{.A....D1.[=..Z.3.T2 ^x....d.u....5N..n..<.9..[8...i4G39h.D...=@.R....."<dQ.w...l.Z.J.p..kFL.kOMh..>.r..0^...Tp.S...D.7.o.8.6.V@I..9.C...y.h...l..._'.B........p.g%z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\397__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.657666462148313
                Encrypted:false
                SSDEEP:24:hR0w7o3KCLt/+0Htfj4RVkZVZjH0TH9O5Ye+QUiln4V:4w7A/LBi4VZDNEBiV4V
                MD5:DBC9295098AEFD972D83332E1140EA23
                SHA1:9B79EE1EAD567C1B5B4E9EC37E6CA5EDC51381F8
                SHA-256:704F32626E27072CC3A831D4AEF4E2E02F96A0D16DE8674641AC6D64DE97E1E3
                SHA-512:C2C4B3A4E71DD52E13B09A521414E186D23D6E339C31A99345BBFA41739ACE0E554204DEBF387663FFC2B671DC93E43020815AFC8C6BCFE539AF9C25F17365CB
                Malicious:false
                Preview:......D.]q.0.............p...........0.#.g@...!...l..)BPO....0.f.6..gy..4T..+...&.....%..5j..< ........<.?..tt.y.........O...F.g1./.O.7....23...p.GA-XZ. Xb..(.....Y]..........'.(..a+...]l...f\...L0...[...|z..<c...#_K.e..}.IH!.1..b..ts.........S...c.0..}Q....Y...gm.A..2q.T.Z[..G..K$...G].....L.k;.S.{`..e....]LR.d..$..21..j._7.K...n.N..W...HA...4...P.4.........._b.u/.~..Q.=`n>.............c..jcq..*Nc+...'.K...l.g{..,...Skl.....;...$.....K$.m.>..#...$j6.+..J}..,...Tq..U5....I....t=l.S%!.HQ...a.,`460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\398__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):955
                Entropy (8bit):6.457154066247715
                Encrypted:false
                SSDEEP:24:BghdTO+Qk3AqSvk/+04yjPq329ZVZjH0TH9O5Ye+QUiln4V:BghG5vyN37qGTVZDNEBiV4V
                MD5:8F9CE4D76B5D45C86B1BF02275A04B6B
                SHA1:452F163E9DE9EED81C35674F4883745C8A1F04B7
                SHA-256:7C302EB1C1C69013BBF1DEDB7EFEE5C72C9FC2B4C216391FC7276183EC1EFB4C
                SHA-512:6A50EAB42C3D0D99C50727264E802047EB8B21963BCF08CC4310C04671DB06BF8D97B203D8CE23EF5B678B246BD7CBF098BA5CCAB090EE9D0E6658F03E148F1F
                Malicious:false
                Preview:......d4!..H..z.az.5...u.9.xV.)..N.-.T0u]Xt.fN..I....T...0D!..X..............0..j@.F..0..8...............q.q..Mz$gD...@.Y..F.l....U1...=..L..C.....@....*.{.....1.R....q.L...X.nz...x..:v....w'fv.....U..W...j.^....x.bd...nX....sf.V........={...ft..1.Y.A.0.........nv.I.....o.....v...R.?6Q...xO..|B.U....5..?0.`j/..j_3.o.. Hb_......<B..M.....U..F.yj.K.F..i...x..%V{h...=m.Vy?...j..2.s.*}.....'l.y.mw.y....... ..R.nx!..N460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\399__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):6.974328534730734
                Encrypted:false
                SSDEEP:24:V9vr6aZYLYbu5mzQEWIbZVZjH0TH9O5Ye+QUiln4V:V9uaZYLYbuMf11VZDNEBiV4V
                MD5:FC7ECF213C5CC4B808CB9CD20220059A
                SHA1:C1DFFDE647CD1D6B6A299E579D1C138480BA4EB0
                SHA-256:B9B319DDDE6EFE08C74D60481B86B6C73EBEED92A922CAEC222792A5CCA2CAA2
                SHA-512:FB320219C5394B24A8C8E3F303B350748A150375CB387FDB57A7874F19491B9DB47B5FED1DA77EE43FC9DDD91F9DACD4D5EE01E26264C2DDE445CA3A4B14F428
                Malicious:false
                Preview:.TE.................KEd!.g..HT...$...6..a...Q......)}.X...#..0..........H.n......E.D...U....&..})..Kvk.).W..6|..tJ.q.|V..t........P...2..W=.7...Z'...?[..GS....u.A.W.T.l....>t.;Z..I..OX{F.y...h......W...N..K).X.....653.......!._.n......../.0...|r...mcue.s...Lvy.QmV.2J.s....Y...5.n.c`...z.."..9 5...%.G@.}.R:...vp.g........{+*.^ouZT-.Z...........8V..9ye......X.p.~.#.......OFg.K.....>..k_m..m.va...69.i..96-.V.......yM@d...'.$.....hS`.v....\]..F.'.....6.g.....O.P...../..Du%Wp.......on....C.sz.0!...@....V..^P(.....*.M.R.3.X.M..%.gZ.r..xP.N0........uZ...D.1#d%.2^.u`........."....c*.n.@.&..R.[3.........P.`q....\.l.Y.\.....4nA...S....R]M.)....\......9=.4!.t.q%.L1.o^...*..sI.Q.U...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\39__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.977156581660772
                Encrypted:false
                SSDEEP:24:UToye/qkCrKz4vcTf5TddUkxhtcllZalFIKxoVuLZVZjH0TH9O5Ye+QUiln4V:UFe/kCpDV7DrcllIYmmeVZDNEBiV4V
                MD5:47F2CEB03DB18FF62FABD9D6E375CE68
                SHA1:ED7C921FDD7518723218E73C756C367A3FA64ED6
                SHA-256:47F228516902CAA046059E7539740712E1DD1A3F8CDC1DF1DD8B17424DB16055
                SHA-512:B8BAC803DA3023EFC308E52234EF90E5A77C0C26E4D1A841C840A9D91A3FE2FEDC3AEFCFBBB5438E381E14E9165DDE9EEA72039D7519B2A3266066C2E80EE5A0
                Malicious:false
                Preview:........y.\.E.k?^z..G.T|RG.c.Bn\....+.T7`.d.U...Y*..":...:\S...&.?..jZ...!...w~..4.LH.>.c*x..V.V8k...7.Cz.|V..H..J...-.W.t.b&M..A.O.D.=.q.D.Sm..W.f5...*n.#BB=E..(..y:.....j_iR.|.......`...Zk%.y.P.7.i...[....'..'7k...1.m.<.I9.?L.Z..h.J.\..=.?.Wv<.-..I[...._.....U...E:.=.J.D.\.7......~.*DDM,y.....h....u..........#...X.....L....^.0....l..MP...CI......$.....#:g.O...17.I....R........./.".Q.\...C. ._jb..!..@...BT6..R...,.9.....[..6..{;.(2.W..F=./..iU...k.(p.d{.N).^6.8..7W..CW|.NG... ...p..,8......eK.$.v.<#S.N~1A....;.A1M.t....X...BA...vk.;;=h6...Z......6..M..U3.\/..f.l.Y.@......iI~.ySn.a.l...j.y]VGO.Z`O.TCa-,'...1..3u.}....-.mD...Nc.....q.Q..!.;..7.........gj...%.6..)...U..8...<....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\3__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.645846290136815
                Encrypted:false
                SSDEEP:24:+oFy58/eB+2I0LvJUDWPVL8ZVZjH0TH9O5Ye+QUiln4V:VFy5KX2IiWDW+VZDNEBiV4V
                MD5:770E7D22349E9618637F1397C6F1D202
                SHA1:61C4DF8FF7E23FCDEBE3E84E3EA5E6252A313AD9
                SHA-256:57EA1DF9438594E615BF04CA7136B0F47D427DC9961AA9D45537CB4AD482672A
                SHA-512:73359CE28BF53D6BDCC6DD615D0DBA2444B518DAACA22232FBD8F8830BDC1DA0A1191AB717D7DCF623A221FF3B57DF2D967AE60C545AEA3FAE6C25B6E96A3F0A
                Malicious:false
                Preview:.}.......$.....*.X8..h..._..P.N.t.Z..hT.*...X......_.PJ./4.(..RO.L.V....rM..S...t.(.~$~.^Q=9.h...|..Q-...P..Of..4I..hR.z..Y.V.....J.-...G.Q..^ky....:u..4........?5A..\+u..S..Z.h..i.wi...-...._.S.O....`..$..VB.....m.....R..F..A.`.....7.VNQ..B>..h...8..k-k}.+...._..p...._....1....j.Q&.M....\F.$...'..Eau...aJ...T6J...l.......-[...J2.P7"Tu....I..Y.........i..D...\.O.f.9'..3.F..`;6...986.M4:X.,..K2..=...j.}q..3F."e...=/..53...|8|.;. .Tj.1dV<.6...h/.@cS~.z#.PIUf...m#...T..%k..|...fY....@.sI3...I..].....S..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\400__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.906825771159186
                Encrypted:false
                SSDEEP:24:Rk+CI0kSlQ59ycwsZcuxdLDgKX4NZVZjH0TH9O5Ye+QUiln4V:Rkxj091LiuMKX4jVZDNEBiV4V
                MD5:6F348F34CB59849FB725806C27F5090A
                SHA1:60E8FEEEEFD1706C56A66DA070F35EEDF6BD8071
                SHA-256:0119F9637D5B0A5F3F8B0D391B109E8E80A2331EC671F47FC79E01AA1E855745
                SHA-512:9BA70DD55A77F35227823A6BD6236D2EE8B37DA5FD81AB6F7BA1CE00C0B7C7E5CD9E5C8D64E1BE01347E53C7AC6D4F695647C1CD03CAA5F98566D71DAE17B483
                Malicious:false
                Preview:1Xk........<.A.0....rG`.%..x.m...#......G.X..K..@....z.}..#..w..2.%r...../.:OInf...........?. H.v..V.=..GGs..d..X..|.t.....K.&{.//..57..?......%....U.T.z..@$F..%.....\.....Z?..p..3....a.........".t...p@.r..+.K}....#..D..%...6...LM..S;..ib*.#.....l..b.J.........n0...G}.J..^.H.B.~..xb...F.~.Z0...t....G...o.5.l.g(..Lw......>....T......AD./......5Mt....x..(...r.F.(.k0......X......Ru9.....E..oi|....Uq..8......'......;...;..?'.....s..nX..f+...71W..p9.......+...u.?Qh...rT.U...n.Bd....<.M..8..^.ppP.UL$P.......C.H...E....H..Yq..b.......8i......6VBRO....U..)=.....{.....}......P..R.C...3..........h.E.n.:5..m~_R...mR..]460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\401__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1191
                Entropy (8bit):6.883290544760493
                Encrypted:false
                SSDEEP:24:DxHPpnlVcBZcCf3PpM1XSB+UN1dcRaY2scr0kZVZjH0TH9O5Ye+QUiln4V:DxHPpSZcCXpM1h8cT2FVZDNEBiV4V
                MD5:6616CBCA299F9E6F8C1FDBDFF63A4A0E
                SHA1:04781D773FC3B3D6DA6B8AA95DADD7106ADD192E
                SHA-256:F787860E30E459E9F68D8BB042E35CEAC10EBB4BA67BBBC5398E6F0BC626780A
                SHA-512:72EE8B050C1E9530C576E0C1A894D4E5BDDCA41558A021709D55ACB37C95E649B6D85A00BD6E18A45ECE36EF44B8E2FFE1968236F27C547CA654BA47353DB5AD
                Malicious:false
                Preview:.^...2!...R.9"l4NF.}5........U_.HN..W..eU.oK.Ki.).D..l....7.P...*.3.m#....0..2.......J......h?...'...Z..O........~..8..C.v*+Dn...._?1..a'|b....+..^...c....i.p....l...=..[...@......!.~>./.K.z0.X....e/.....v.].........i...p..^y.~....2.....b.[O....r'J..g?...lE.w..h.WG7P.....l...o....1.......{..u.W/.%.u.$.....g...}...Y`...6.(...Y.*z.my..o......&e.^..j.....^7....../..j...4.T"q......`...Q.*L.#.Z/..[...&.}o.y;73..|..#x..B..8KU8H.bMe..sh.94....i...1..^...[..t.j.X/.bwNnj....2..;3..B_+.wC[Ze.......7..$........i..].em......sh,a;k...w:..A.Y.1o.U..l.p....g...C'.t..#.;;/m..v~......UF....o9^.rcO..Y....H...%[V.,.e"@.H..D.J)_.8.Z^t.@F.'...-...F.B.Z.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\402__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1022
                Entropy (8bit):6.637326544596365
                Encrypted:false
                SSDEEP:24:6jUiPvkS2F7NLzt2M1KsXCGCO+EZVZjH0TH9O5Ye+QUiln4V:iVkSONtrdSZYVZDNEBiV4V
                MD5:9EDA7ED17AD65C8ED7EC948B6A50D597
                SHA1:35FCADC1A71A1C927764F47D790BCDD52AAB6EE0
                SHA-256:14E4B8322A863E98149DC0A64CF847D0812E874CFF8DB43ECFF06571B7A14F8C
                SHA-512:254106498419967E41C7CE40C1891DF666FBC4EAB47936A54ACC5207A91932075B776B7BD8F4ECB970BDEA320A8A031ADDECB48F4E093E6D90C2820BE0C55E7C
                Malicious:false
                Preview:....~..."F..}26.t.qz..Z3.."h^.E.)..7`.Pkn.j....9......Ys.s..g...om.1Z.j.3....at.k.u. .`.{.k.bB\7.`.FY......C.. S.'.h7..)..m.y...o..(.F.U.D..Avp.4C"...q.*...yd...........AkO..&6.W~S..V&;.X.[.I#........}....+o......H.....P$._A.r....3.[.p.\.#.^......J.V+.n...|4.......F....1.....>...|.1........m.,ml.X...)@5) .gt.!a.).e.i..y..}.O.......d.VQb.H...:c~..D.....K[K..l..IY.hO.<&eG.0C...{..M.(......4Ny.s..$....A.......S..i>*.Y....@....T@...'#.e...Z....y@..."....f..x.Pi.*.....4.D".g...O<.CH...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\403__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1256
                Entropy (8bit):6.987942469535667
                Encrypted:false
                SSDEEP:24:vK9093sIx2glD1HzIwERquWZVZjH0TH9O5Ye+QUiln4V:SQcIwgHzIHeVZDNEBiV4V
                MD5:F5F07804F97739B54DEFE8FE6B8503DD
                SHA1:D48C56A7970AA35117B5A6FF796B0AF086F5BC8D
                SHA-256:B4FB393A25019208D394257B194A5ADA04978B97D640F6EADB2411806179CF35
                SHA-512:B64E4D1F2090144B6036BFF618BF7FAE4E0FC65D99C77353D82BFDBD4A48C706AF43124C0A26E325D4E984F16011C2CF21AF791758262FD64B45AB1209D4E6EF
                Malicious:false
                Preview:.!.=E3...._......e.......uFL#...?...I..k.... p3O=.!....}<*s.DK.[.....u6..sxL..f5.0.8.o..V..Yf...YE......Cs...."...{Z/i......sK...Ju...N...1...LU1..J...Y.#=.~.q^o..73.E...}.\...F.F.R.Z.H!.t.I$e1.D.q.......`Y4|...Q&F%9.......7@^...'...........l..3>{....s?.h.#..;Z.z..p..\lN3.n2...|.N6.......B............K.".....^DQ....C.T..W....&.....g..........<.c....h..Z2..O`I.........F....oT...(........y.... .f....F>?.L..b/..)r7...@U.......>d0f@_...nj..JPy......H..i....|'.D.v..e..;..,uQ.]xk....R...*.3.;.F.&....l9..e.D6..:.%..sA8....2U.c...B..m.H.5..q.v.i....96r&>.=,.D...u...yB...N.JOY.u.2..Br......./tRr.Z....r........./...j.....Y..e[$..c....4.._e.I.}...~o..|..2.R.}.@..7...D...h......U.k....w.h...J...._..( N.j.f....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\404__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1250
                Entropy (8bit):7.002049457318674
                Encrypted:false
                SSDEEP:24:sgPuBBkxlKF5ag/0if4fncxurQpnX5RiEZVZjH0TH9O5Ye+QUiln4V:BPyWxBAP476VZDNEBiV4V
                MD5:B5A7170641C6CD20E7507CAC2FCF551A
                SHA1:BA0E745B5F37C0C80BBE4976A66A940ED479BCF9
                SHA-256:188E2D8C060B9016B4B1293BD803D9602F0B610CF6E1F56EEBEBCA78FDE3248A
                SHA-512:DFA407D592FB9D08B1E6B23A24E8ACCCB7DDD8632C0B7DF6F6A89129EE9771EB55DD6266E1DB9CB90C78943D4F3B70A2C1B8901E3D2F62EA6CFAD0EF9BABDD68
                Malicious:false
                Preview:...........^.t..P.>G.#.v.I89....+Aa.DujM.....W...8.d..Qg...[....}L..90x..TNS.c..T..'.;..N{.F.p.R..K...|3.=t..P~+br.<.&.../u...S.....<.D....F.......fU..D...........J..Bj.o.......&.^..$..wZ..7.e.`..w.......T..u.\...W.[#[m.H.Q.._..F`d.+...=(..s.].?..QCn.A....[.HR..M0......wO...J)..X.Nl.1.}%."'.-..8.4u_Z[.k3.....8.rz.$..Y....]....,E..\|A.0.!.m......$.{.]c..!.".S.b!.C.;U.............."...nlz....x.".<.X.......j.<.'.6.J!hEg.I.. .G.-...^..nl..[..<.>h....\..L....Cy.:)|.g..G...=U{...=}x..o.......E.>.$....W>.G......~.....5..bz0.2.-......f.WW^}e..A.qH.<..y......(a..lVSf...5....-r%9..jt..-...F._R.. U.KB.f..1....#..E.].S..U.........E[...R..56m..T...2..Pt.....Xh...Q..O.a...X.b.p......s.(1$4.....N...../k^.4.)]...I=..6B460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b16

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\405__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1307
                Entropy (8bit):7.026043795012152
                Encrypted:false
                SSDEEP:24:SA6LCgbA/iLB8ESmeE6H9yqkzq49OFAFJX4ZITZVZjH0TH9O5Ye+QUiln4V:sOYA/KAmCdyFqeLX48VZDNEBiV4V
                MD5:697F8A0127455A514DF7B068B84773A1
                SHA1:078BD228D1B981260B5A8C392FBAE1F256EC9831
                SHA-256:14DD4E1F4DA3405FE18F83274CC1F0A5452A36C3F5EDEDA1CFAAFA72986858B1
                SHA-512:E4E3EE01587F80DFE9EA52FA40EB44D203F08F3B9CF8CDB84D2031E7FA1111B192C6E5D8EF55E3CF04A3E155C64629E9971C87FDCBADDC920C5E716150B3B32D
                Malicious:false
                Preview:fs.@(*J./..'..7a..0....~.PQ....Xc.L...2G?..V.,M.Ly...p....w......^:.N..Ul}.C.E.l:....G...f..2]f.........T...c_.B.8.c..4.#.i9.3...(r.......4.....}.a#9..3..i...D.&D(.5K26T...(.j^.30.-.............R..f..x.:.+...ET.i.>mF~....6..3p...s.R...]Ci.j...1.j..Z.....).D.w...K...q]q.Lp.sO...j...U%r.Ul..0T..`0.....m>.@g'Z.'..{....cE..z...."o....).V.....$E.!..p.],0=.}...9=.......s.%*.].......'f.E.tlF.X......u.k..z1..e..S..q.F~...=.k...4^.:.R..#g61.t...$*.f8....@.).cb.|...Do.Z..=..k...=.@.E....c.x...g..=:Vr.k.J.>...T.....t.yY.].DM.N....A...!r/. 9.>....-m.=5t..RZt...w`.|..s~.M.....V......9.h.GSre......R..b\......(.\....C....IE..!.......#.. .\-..6..L9C.....Eq.&...m..RH.i.........X...o6B....Y.....i...hc.{z...W7.]........o.^...@....[2%..jO....c.r.u.....t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\406__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1252
                Entropy (8bit):7.013275285497581
                Encrypted:false
                SSDEEP:24:04OO7By7hZdYRdbwmACwEClVul2VmFEZVZjH0TH9O5Ye+QUiln4V:BOmw7pwdrAdxVZDNEBiV4V
                MD5:01BF4D88067DCD4AC2A0A3DD2D497EC6
                SHA1:0B8E2BC0A51EEA8BC02AFE8E385C2DFFF77ABACD
                SHA-256:04A94F3A1C8DAB2C3EAF5859D2DF1EFD36F2A6EC976E3416871C673A190A5DED
                SHA-512:84F088A36046A0E2FB1CE606A0EC851CCB23C333F70E75E4CCF3AEF12E53F7F9DA6149D9409899EE1E8C724F0B16E80C5247B8C1008CBBDE1E0344A89A94643F
                Malicious:false
                Preview:........!...<>..^..".%..O .Q.`.&..Y.q..........\..>xKehH....q.v.dyya..w.K..2..>Q.....)]j..>~.~.4...R.......$...V..{t\^.......".;B8...I.a....Pl.O.........[!.K1QVV.!.........%I.Kj*r3./..B..P:.>.Z?=.V..FN>.w>..o.V.j....ni...@..nU..^.D..#w._.......z.4a..N.P....g....{w.Y%.....\2...f=h...h.../.k..)...[..3R..]....~..m$.,Z....P...u...L....j....*.<".l.>...[S......V.6.)..;.)-.U..9`.kia9..._.....R.......A...0..SZ?..H.(...Q,.c..}..gU...Ag7..2{.!.|.O.....:.:.]C.m.v...../.k$.. ...o....-L$zn..&..h^.9d.........H....b.^.S..f[.K.:...>.w1/O....`.P.r.@l...rID...^..-O..v.'$.......-...!...$$....].....S....n%..8i;y.&.bSo0.0.u.i.....?{o%..B....J..h.1.j.#.....81...6..=..."...e.....MT).|.=<@...~..p.(...x.u....|q.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\407__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.733123873651739
                Encrypted:false
                SSDEEP:24:+pk20WTDAr+cFr9jhjigD3v5mdfRzbZVZjH0TH9O5Ye+QUiln4V:+eWjcFr9dj7wd5z1VZDNEBiV4V
                MD5:E89A64FBA19337D11C218123D1FF0613
                SHA1:C34AC9C9972251FE97A864B784DF2FDC8E7CAD9F
                SHA-256:DA4E9F8B9799F4DA8E5C5165542200C76D5707AEC8DBDD538BC3981655525BE5
                SHA-512:DE550F784491C3962964381AA10D373A9FFF7AF90326B1E9A9D17831E3D3E52075923C4E68C71D4817671F0D31AE44C9E236E05E2111F063A699B11735659531
                Malicious:false
                Preview:,.`.......}.rg..A.e.4kE..{).GY`...../.AG....Dg....g..<_3..6.~~.y.]...~.V~G.C.9.......Xu{.p~q.x,..B&f*"..y.S......I._VM..rt..:....o&.w=...8.....e7B>..e..aB.=.[....0.d7.F0.....E.2..}.9~N..-..Y.h.).....o.D.y.A..,..y.I. C.3.`..C.yw;oQw..B7..}..C..z....H...pP...|..{...~....+..['..>EPI}/.>P......Z.I.1....|.#.(.6..........E.k.N...h./.PH.V.ng.7nG.@w..`!6......w.[b........)..2....COQ.G..c.|.m,./I..p.l.........a.O.j.7g.OV......c{nDm.Wa.gV.,O....^.:O......{...u...@..s.P...wG.W..wg[...5..4i...]...2QJMB. .MN....$...T..I.l.Y...h.`...V..C........?...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\408__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.619771902562502
                Encrypted:false
                SSDEEP:24:01Pwn9BiF6lc97UegvZVZjH0TH9O5Ye+QUiln4V:ocBq687vuVZDNEBiV4V
                MD5:187BB1A91DDE21BCA1BD6B473F0B8292
                SHA1:A02CB31A3290015C9A580B9CFBFD482CC32FEC0A
                SHA-256:6F3AA0508C205865680C1D8E09AAFFE99A0796F029C1644C535C8910898FD181
                SHA-512:97BAC17AC6F00A353ED6048069E55D250F2EAB5E804AF703B88DF47B5C93C3896048273AC067095B9C353DFC8262600EFEC3EB701C4269976CA591306B27644A
                Malicious:false
                Preview:.!......"'.~tk.]..<.b.....Y.f..Q.46........d...p..iu.....Q.$y...MJ.TW.A*...+.5...J.}...+.3*...<\..T../..=...2.Q...v.[.#...7...|;.......5.F..'.e.V3y-.6..s....)$._w..x.CV.R.e..G6.,.....7{..|.`.;w....Q/.Q.W.....j{..8n..{.5..}.b.G....2f...O.../..8t.F.~..`...n.=<l.N.l"..0Z}..C.T\H....&...n,.....|.5..4.u................N;.`.Z..I.G>fF...'...R...=..(.e...R.aO...N.I.K....u[nX};=..#N..2..z.Q5..T|..X....4...7{`E .H..y....G...}...d...f6.....XA?......&N...p#....V..4....#..>....:.c6.p..(..o,.4s......e...E..V460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\409__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):954
                Entropy (8bit):6.451809372572063
                Encrypted:false
                SSDEEP:24:tlZk8ArncE351HzWJ0G8uyZVZjH0TH9O5Ye+QUiln4V:vZkHpoJUuCVZDNEBiV4V
                MD5:9B7685892909FB614E65149D3539E0A7
                SHA1:02C21A00392451CCBAAC1CCABE18A366C747A6CA
                SHA-256:10CE8E75DDD4EDA92C30057F149AB89E14FEAF466ABB486966C96BCDA5FECC82
                SHA-512:C719E3E11A0C95532DE95E2C58F53C4BAF59B33B5A77E619F58B0EEBAB41087CFF7F86200812CC3352B2BD85817D42D8FED7592EB3D9321984443BD00D057880
                Malicious:false
                Preview: SI"..... ....4..f..)}..T$.M.3k...D]...%.....?F"..>6.I...y......B...0E.eF...vn$.!;......bN.|g..xzX2...H",.[.y.*..@.P!4....[m...RV[."r..|R.....eg....0....%.'F..!.;.......Y.l..M}......W..}.W.5.Dd%...@..`.).K.O.........l(...n.pY)..z..4#...@.....k.e..<........D.V...2..P.c[.E7...LK...._...e7.I.{.B_U..c|..O]+....u.6......6.]{.......=.P.M......9..{q...l...#.L.....k.F..E.MQ.0..o#.c....r....n..).>b..\..p.1.F.R[.@Hq..<'.V%.]G.6Y.n...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\40__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311
                Entropy (8bit):7.0630553183008296
                Encrypted:false
                SSDEEP:24:ShL0ZhSqQrmZrjkFMKUvqcIVRZVZjH0TH9O5Ye+QUiln4V:Sh4ZhSscFh2C/VZDNEBiV4V
                MD5:FBC2232F014F8CD9377216E79B6E25C5
                SHA1:AF78230FD15EE3C5F872F56C468A97CE778B1AF3
                SHA-256:7913B77E608613FCB95B5F1710E992F6CAF62D238E11A1BD463B09E89910D205
                SHA-512:1E48F381890EB6835E2061AF584691EC93194F79D5C026923E38E6BA33923935A5F5D8F47DACCB408536B0110563F786294B9FA4EA4F23A90EF115B1208BB799
                Malicious:false
                Preview:.[...(P..`1-((.d%)l[.1.....{..:.(.X.:9.Zq..~.?.>.F.(..d.<.....k..|_..3...~...e[.^.u..UQ.jZ.v.`..,......a..<Y....n0..u.|.7..G..u.O...d.~....!..V..b(&...{.$...X_...&...y.I..."",zz...nU/..29..,.b,$p.^,g~!."...E<A.... .....`.I.p..~o...C,...f.r=...R.._....m...e............_....>..<...Ww..^G.@.....t....Vhr$.Drn.L.C..}J.m..9kA!.S......3z^.B.....e..7.E"..NQv.g..u.v.....L...uu..|...<..R ...QSB.O.4..21.`!.V...T...Y.)...u.5">..y....]....^.nlK..l....}>.5.v......K.].y..4`@J.)....A....v......v.Y."Z`i.6..Zv.~........,..*.......L...9..,kEoK}.y..X..?b..iI,y3f.."mm..`s..Ta....@.rc..V.......V.[..b..S..%.}...j..k...T2......O.............@b..........}E.x"V..a..q)4.b.R.}.F..[K_y..4l.uWx$.?B.g.]...........l5.yO.K.....Fn.y)...H.I2N..<.....}.D..Z]...N.(l.U......c....Q.....e460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0c

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\410__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1762
                Entropy (8bit):7.422903567420857
                Encrypted:false
                SSDEEP:48:BlDqufPbgdRgM4O/4woKInrYVZDNEBiV4V:BwCTugMX/FInQeBiV4V
                MD5:8FF8E170EEECB782C193E2975C9086C7
                SHA1:1322DF0E4C2EC2733638E62408F932FC47ED908C
                SHA-256:65545F0CBB878CAB3B943DAD5EA2BD8D68F411C98B2138688003B95303B4DDFD
                SHA-512:7F64CC90291FBFCA040E1347E018EBECE46FBFF0A6B0F44C027E32A0C2715BA67CE0B7BFFB4688C3A58E64F0C91E7390D23FD57367C874F7B2880517EB365C37
                Malicious:false
                Preview:.l.]..cO...6x..}U....."..)la*.....,#_...^<.\.%....P..F..+..\ .'E^..pz..(.o...W....^.$m}!._.Dv.#.,......[X~.5.0m......i3...w..J.rd./..|*"..>.....m....:.......(1.p.j...9L.df&..+..&u....).j...........e.Q.5..<*..4#......m;..._It.....V..;.....6...._.$9.x....5....[..4...{XhK......ea.r.+.+.f...|..>46.KKZ.,...0)...K...P........X...D.m..A.......s..v.n..Q..O...f.Lv..........C$^..\R....A.....^....L.DT.........HK......j...l.K..c..Q......M.......E.n...v...o.m......'l....>A......T._.Kr.0>`z.q......{0.S.u.._./.x.@..6..Z.b....2d........g..+......\..:5B..MH...;....)$.|........]b...n.u[.sX..2..^m2.....X.:I..Wv.m..aH...U....R.Nq.I.....N..v..9=....Yw...H.%.Z.Q5.$.....&..../..#..e.....We.._.R=...N......lIUY^..p..i.4b)..e..../x..Z...J.f..5..o.y..{z.,.No.Z.90........I.TR..iyd.wm.......Q....4x....?.....^.'.F....m..y"..V..........fg..Q..G.1...T.....'..?...y.P......9.*B..-..c..b).z...{B8w....f..(...=$.tk 5{J.d...f.{'..f.....Bs!...'_.F.YK.~..O3..[B...Uj....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\411__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1175
                Entropy (8bit):6.868433885367847
                Encrypted:false
                SSDEEP:24:ApDQjpCoOKq6yM5indVkGiVU5nsuZVZjH0TH9O5Ye+QUiln4V:IDQtCDLCMVySnVVZDNEBiV4V
                MD5:482010130D071A4433FD5B67C25A81AA
                SHA1:84D050890B88A67AEB1266C71DB9E8C6FEE3037D
                SHA-256:6ACE6BA0A972CC552BF275C8F140119B379C24280C452F051E1B43FE8772B90C
                SHA-512:C47263F6F51A27EB899ED37F9176D811FA34673A87DBFC0ED7C26DBC98174318F9A6C1DF4D6CE8E0CFDADD10142B0CC05C1CD2F30EFB52539171223B8C7606D5
                Malicious:false
                Preview:(..H...je...Xx..4=..O....W:.(...v)B:...*.l.~%_..b.>..L..Y.Se...|....e..O[...B.g.)....Q.l.a.a#s.e.`i<2...C.......a..N..T[I..!8...o.g..*Q...;!;..)..b......OF....fCD.MH1...|..K.....i.E4......%"..!iM../..|d.?...b@.7.*;!.f...R...0c|.ZD^_.0.}.....u..JC29.<.{p.f..Uk.Rp...p.. .Awh4..F.....r....I.c1......#...IA{H#M-j.0...xft.<Q.....2t.*....X.../}}.....16....O.UxfC.X`..t.c...+N.k..u..WJ....-w..xz.f(y8E.g..y...X.o.*........H.....h.n............[G......?@...H.1w."..d_9...U......uY...I...<...RW........II(.Z..E......8.0.......3.V...vBwhh,......n.-...t.|..&L..@..D..x.%..1..C.b.J...o8..H..@.$...v....L..w...V....{3..G|.n.`^V....et_..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\412__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.941429093460161
                Encrypted:false
                SSDEEP:24:ZSUF980sYpQkeJb142Oz3ZjYDGbHDWTtP2ZVZjH0TH9O5Ye+QUiln4V:gi9HsYpE1TSkibHDWp+VZDNEBiV4V
                MD5:C3F5D45AF6B0D04B9791CF3887421538
                SHA1:FE4641BCDF05A4A1435D5481FD1011885B7DA237
                SHA-256:8C9456B79DB37742489178B028F6EEB6E56F7D96B29E72ABBC6E14F83A86B862
                SHA-512:C87C3EC0D8AF15B01740BBCFA4CAE8BEB943BE6EAC2B5ED8143D0660752CEA4FD9EC0C94897FDEE1C0B6972C8DB6294307B937D75AD335AAB5D8B52110F84AC7
                Malicious:false
                Preview:9&b.F,..}....G.z.....[".G....y3z8..c.....a.h...I...c..L;[.MF._s..o.}.......S.....k2...)..lo_....I...NwzW..z..j.>.../....P. <...3......K....6=nNR.9.x...EA...,.Y..-..uyP'=}...Vl...-...+...O`.~..z...i.....VK.'....s..3_...E%...`G........N.!.F..N..A...q.5....@..J.}...m.G.V..K.i.`....J.D.O.t.)l...%F.FbT.K...Z.$..U...V..qO?.K....N.Ju~.!.&Y..GtS5!U...(.J...c..q.3N.N..(..OCCx~5...?U.F....S.\..x/a......z\...E...o.V@..._*...y=.{.G..~.E.E!....xkA..?./.Y/.Q.h...!.{......h..l$P..p.?^..............0.(c%..,..g)...n.u...#...~......).m.S...p0..r#. .l.oh..4.V.s....%.....].....W....~..{...t......,.p~N.Z...p...3.......^....X..N\.......k.*.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\413__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1261
                Entropy (8bit):6.9531418549327215
                Encrypted:false
                SSDEEP:24:WRUkMlHwH+HwAD/cQFA5GdXioEB6NB5b1XxyGmLlp9M1LZVZjH0TH9O5Ye+QUilq:WRzMaY5QQ6YYYPb+Gmj9M1lVZDNEBiVq
                MD5:5C1E6095F4C005601B651F255344E6ED
                SHA1:1611DEDAD12964278627CFF56EA1C1A3391B6CAF
                SHA-256:B192E9F8A4FC5013399C46D33BACCB5B44F126C938205A7CE38AD5FF73F28796
                SHA-512:77BB7297FB6764D09D43CC813891315CFE34C4AE51D9260FE85528289C2C00DFF9B0FEDA522880CE08B7EE0E1E5E88E01048408E5F465F96020EBEA8FDD7D3C6
                Malicious:false
                Preview:)E.r..lD..;..z6...|.....98M.M88<..KPF.L.dS8.~H2."....v..9c... ...g.w.I.;.[..&n.4....G".!..<..B;.n.._..[....:m.....mQQ<05..)h1.ZD.H.8..?)..5.2An.;>u.6.|.......V..:r..pf...b|...x;..zA.N..~E.........KY....k.I..b....f6"3.4.....Xe...jz6...h.OI|...!...5....3....dh.6.U;.a...OS<.<.....@.f.MP..}.'.L.4./..gZ=...............r....f......"%_.SK.8..b.Ua..?c.....P</..."..nc)=s...pj..I.G..I..p._|....*.....:@[..8..d'BLj.*..h@..Y..f.R..Fm...._1.2.[..x......::0..;.Dk#/.6.h+.S>of.E.._.^.V..J.....h..{X/...f..d.2= .LD.\$AN...J..C.n...G}.@.?>pU..8.hGm.....B....&..4|+....\.T.!....6...as.J.Z:..r...-A/..-....3..c..Fu..|.{:.Kv>.m..U......UhS.x..iA...L...;..+..G.G.(~.c....4.BoC@a.f.'.T.x.]d.......j.$..+.b.d(L0.~}..r..I..b.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f6

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\414__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):6.71666654595795
                Encrypted:false
                SSDEEP:24:gmM2oocndpoVFax4VNnydKBz4ZVZjH0TH9O5Ye+QUiln4V:ZPXcndpeax4VZydKBz0VZDNEBiV4V
                MD5:14B7C5BC8DE205BC7AF8B5A89B09D0FB
                SHA1:D0DC18BED51E477299FEC75257D227A989DFBB75
                SHA-256:96D3DAF2F46BE334EE3435F009392E266AA47F0ED60CBDFA23E36BAE3423843C
                SHA-512:574345EC6DC1B35550BEF4667E9119FB483C6CD21114E36EA7A00EE726E530147D17508250F1FFF870F9B567DE24AD2576D7CDD5E2269C78D5B5C13885B4E345
                Malicious:false
                Preview:.O..Z..@.[<rM...70..U.v.1.2..^?/.=LqX1-..].-Zr...]b0....#~..b?.id.+{~T...M.....T....Vt@.&.lw....{......^.V...@.0..Y..>..s>qS.9."9;.&.^.... PT...Q....!K..h-2..V.Y..b..V.,.)k.S..2...]..S.!......&.+....D:.O..8 <..%.F..<a.d.5."...6.....aD..x...H....'.s.....T.tSY./..l...T.......oEd....!..)....M..f....@.@.E.@EB..w..E...."...zd.........{.d.i.JR......qk......a;.~;..".$.v94.4>*.)-%.j.5.fT^y.FO.=...zHH....1....J..}..=.9.a|..U]..i..@.p..''.7..[...Z.9..\....N..k.x...+.@e>....-K$.8H....d.{)9N..._..r..aEG?t.N...d....M.P........4..y.....Ya(d.[.. O.~.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\415__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1041
                Entropy (8bit):6.661589278273647
                Encrypted:false
                SSDEEP:24:ihy14eXmgF/1LFWDwZHRQS/8bZVZjH0TH9O5Ye+QUiln4V:K2GUJFIwZ/81VZDNEBiV4V
                MD5:27589669C6DC4357E5120C17D53FB551
                SHA1:1EB54A9299C79E461C807A012DD85EDFA873B2F9
                SHA-256:3C8F6EB7CEFDC26A73BD4484B254922DF939D0FD4AE6ED983DB25B839DC3ADAA
                SHA-512:316A283159CA99EEE5FC75975320ECBFD813E880B4DB19EEE874B19410D80E963FBE343BEFE72CEF8B1CF6117CAE22D502F5CCAD96D7B08A7F33CB5F29014E8D
                Malicious:false
                Preview: ...uS..}.S.K......%.a....."...fx...vrn...L`...,....Y..8.(.ow..4.h>!....P........]....e]T.UMO.............(P....r....T.N..P}.&... O...y....P.....U...A.. r.4.@..=.46.a.....................a...`yY.....f."...|....Q.M.%...pk.......Vlg.......Xo"rfy.y..T./...1O.h.t].....z}f._.e.....O..O...T9.Z..F...>.!.vl.....p/....a.....xE..=T.....u...NQ..]].5CB...6..;..}..K.j.k.<R....g.`UD..d.b..5.Mq..eI.H..D.h*..1..g.C...m.X...^&.a)....l\.@.*.........t..]1M.8.%..K(d..T8Gh..b...&......dz..,n..|B|Z.M..G^..~3K*9`H,b.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\416__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.518352992477979
                Encrypted:false
                SSDEEP:24:OZmGgksOZMkYXZVZjH0TH9O5Ye+QUiln4V:OUGgk3SkKVZDNEBiV4V
                MD5:2ACAF31EC9411904706EF4E7B9128C07
                SHA1:CD91D8A1ECFD90BCC04475032D512E0A89BD1EEA
                SHA-256:540304208FF8650ACEDFD6A3C6F8AA633A1EDD40AE281C93E4D7C4A986F8AFF5
                SHA-512:0AAB277EBDC5F17CC275490468CD9ED8BC6EAB270BAAB5F8B8918F0237BD70F7AFE28160B6DF2430531599DB030BD89C74F3F2536907759B05E96F9C29A7ED57
                Malicious:false
                Preview:....v....i.e.}#.4..@.........Sm.J.v"..<f.l...............6;.d.1J..@...@..[.g........~&.....B.m8.:y...I.0.x_gj.....P....k.lH.~S.......)8n..h..+.~..]..{...@.f.S.~.c..c...3..+^.N..8..+......$....c.......~o<."..\4..-...).<........(.T":oO.\fn.i...Y....G....~..?........).u.....>..f.Z.I.C>...d..T..MX.H.f/tr.u.A.d6..C...j....9v.. .....q..<...T3...tD...F.-.o@..z.,;*K.G.w.:.m.g.hSHkT..q..r..u.......{.L|...W.4....s.b{.i.T".....<.CvY.Az..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\417__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2142
                Entropy (8bit):7.573635608194744
                Encrypted:false
                SSDEEP:48:dkqWTeT0cNvZTN+24scF23tb4IPfnrKWr7cNVZDNEBiV4V:dtSeDhwsHf7cReBiV4V
                MD5:E61D2E529A3EDA3095E7F509701D89B5
                SHA1:D380B74BE6D84FBB933E177F70AD1ED34AAE2BA4
                SHA-256:96ACC43D7362F7882DEE46A57096B5AA3A51FBBFF7ADEABE451901174FED8595
                SHA-512:02BE67B95D5A0598A46C1F88E55889FB097E5FEF68D577E8407B265DBE9D1A60C3D567C66D1B1B9F35C75A793D711DC82F4CEEFA74982B703A395C829892B48B
                Malicious:false
                Preview:Z..U..J{........e..O...v[).).s.c.dgfA.D...<..+.....L........eh..&.q&...;.`..L`.5..?.....a6....../..}8v.n..ir.B.l..#...Q..h....o.c.o....>....ff.,.f....5U......^.K..irr...u.^G.9."..\..e..]s...K.......B.....kX).. .z...~..wL.=....yf.(U8.Q.v........chs..7.Jpz....j...v11W.1....B.e<....F.LE.&c\oT......>~......6.S8...W....uw.7.;....c...7i..F..#?..[/.=.*./..W..LB.d]p..*.....MG..f1..Bu..Wp.#w...).W..f.p..,V..n....i.7#....U...w.VV.l....r...fL.v.....{V.V.:.=.F.=~.(..{.0j....L.K.s.Z.Rh..cj..Dc..=R.?.BF..zaj....h[......l..p.f..D9.3L...$~{7.*..MG.,.]@.S.+.,y.iQ3wR..+...w..N..[....;..(q.m...:lw.\K.....JTC.._~<...J.....u......A..'.H....$+...(f.....$S.......p.@..O....T;......w...v.=,..>..<.=....U\..?..B...%.*C.F.N*k..zc...6...e.^....M.....s.|.Q...r2...<...%......{..+.S..Z%....{5i.Z.../...M ......z...f......T.p.X...X7....q.D.........2...Q.W...v.XYD.......l....4.Ng..........sp..6..w).u....<v.-nn$NB...}(..2."...^x...pl......U......3.s.....:.,..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\418__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1316
                Entropy (8bit):7.06209786440084
                Encrypted:false
                SSDEEP:24:puAo7MzT+9UUdsrYtLlx15xUH2fnZVZjH0TH9O5Ye+QUiln4V:zT++SWYZlBVZDNEBiV4V
                MD5:C50D80A3E9761EBF29CBA50AAFCE89E1
                SHA1:F573982D82C8E1CC216E667BBAEF4949195D288C
                SHA-256:8E644253135FE5A0086B9324C8AD15A8CDC44DAD66BE2359D0183B3323319A0B
                SHA-512:1B2F6B714F953FB5DBDF631B6D8F4B27FEA6CCF40D63CA2B4C49F1A1877A4210ED34D471F6F834375E7CE4EBB79FF98706622DB1EA674457C23847E6E4366772
                Malicious:false
                Preview:{.}.. ...?.].....A......(..;.P,Y.e.C.0f.3.xB.;.x.e<Ju...6.#V.c|.D1B.1..Q.@...7..-...2.%+........A.. n...L..N.>.......!@......[.4....Yd.aG.`OYwk....X.)*........JpK]c;L...8$po0+Q.....&I..+*........?O..E..2.i.X.^hS:.O.....(..u_C...m..P....dJ.T..."{z!9.F+3...h?...K.9}..C.UD#e..R{.*.).{`H.F.z.>../.;.....,.x../P.ts.H8...".hH..=o..Kx.F.hn`..zr5.c..Y4bL.F...%..L2'......Uu.....`.n.=(.S...$.D..!..RU..D.....T.HT.e{.`...k.06i..M.2[..>.B....j..C.m.)[.z..`,Z^..!.8-) &...A..S)..|......1...y....J....).kab..-.I.i5.\7...a...//..x...i^..%/.f......L.m-.MQ...+..g.gH.&l.xa.?.x..P...:S-.P.......[~HL../|....?E.nS.......8.l.W.!v...g|2.p.b.1s.,.....p..br......AHPrsD'v..-.G..x6....kW..o.....m.t....N{...,KH....wD;".f>...~..=...o.>v.&J'Y,.B....m6j/....ew.C../..$..Q.c.....Q.q.+.M ..G..PN...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4b

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\419__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1787
                Entropy (8bit):7.427398540651463
                Encrypted:false
                SSDEEP:24:TgkXGN8uQoOT7rOKZTbGJRZN5ZjRgINN9ySoifY9NBROIn7ZVZjH0TH9O5Ye+QUD:TlFnCKFiZNDyzn1nVVZDNEBiV4V
                MD5:693FDA651B70621269F66573F5278D67
                SHA1:981FEFB4D919F5518984844E1083FC6111DFEE51
                SHA-256:4E3B369798D80D66746C86EA6679A9DD56795D9E7A67CFD7751DEAD37F9D92BA
                SHA-512:3031154B1245BBFF0178D1D2DC8501C683CDCF310C8426BBA3612A90B81122831C22D0B79F956FAB34B4A615CCB302423D029E3E645B1E7AF3AF9C154D8BA0D4
                Malicious:false
                Preview:....<T.UJ...r_.~...~._7}..u....GG.(Q....A.N.........H.>...d.N...z...TYX..h.O..P. .+7...W...~....e/h.cr..%....85.!.r|...'..qS.R...'.....uG...<.=...X.5hI7Y..3m..........\.^....F..a.)...1*.~....7....$`J....+.c...k...u_..T%.gZ1.....Z...WytR+..7......qK,h.%.W.W.n...{V....p.1x{.?.gT.T..I....q.:....7m......a..L...m..P..%!==SQ].Mh.g.e1]..9."..+t...h......OJ.......P.n}Zb.r.S'.`.}@...c+.G4.%.@^..%A.k..55.C..w.NNd..wYh.#W.p/I.?.r.&..q.........TZ..y,....~3.......{>..Z..e..+!...ks5..(~.SFH..[.....T.3.66...=X.?.-.[..K...P.I.n(..{1.x.6.....=.....`....r2R..-.u2..9z.-..-.(Q%.0..J<.g...;...!%...Ec.9.F.`......>."....t..X.l..3z.....<..S.UH...s..ph..=.........6.Dwqt(...:3...LG..*.y....$...Bg.1..1...v......N....D....O|...^.8n.a.....$j.`s...BI.....!...d&..m%....l..s.##Z.Lh.J......?K.u..m[F.y...k....i.c....,..(.$<......P./.WK......v..~.m.. .v..-.....C..Xs.^..O.....G.O..'g......9.k.o8.j...0.C."M.~,..r..|d.[(.....n..ggK..3:..@.c.6....&).P...u.7M..f..6.A..+.!8q.2.w...`.w.o~I.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\41__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3407
                Entropy (8bit):7.781416336402898
                Encrypted:false
                SSDEEP:96:0lAk01mNzoiNQ7rU+Af+H77m0MBpgeBiV4V:CMwQvAWH+vo+V
                MD5:A512E1F486D6CA827427E66905DD7337
                SHA1:A0911941D771CDD3FB26E226937E50FF1D78C01C
                SHA-256:56B825277C5963D3C78BADC43DE06A1618F6C0CD0F672B982D79D59208DF8C95
                SHA-512:8D670C438634E69AAAF0774E34D65F17A641FD85C9D471A96B2C04A5DB20058C2866ECCF1783C5BB32345B16F5287A8053811748F7A0177BD142D2040E53729C
                Malicious:false
                Preview:..9....|X.6...#.,"z_ ...p...%......-.......5.TU..A0(..q.....K9.2=:.aQ2...we.T5Y.m.O...n..".....H......".0..PZL...hH5W|W....!-.9..5O...O.us3.r....../km...Z.F.o..u....<.}H.8....U|...b...f..... .....Gt.V9....p&..os...@'J..Oqid..q...:.....K.V.]...h.......U..S...:.s.F...E..g5.[.0....R...*.jr.....:..E..P!-SE.h}.....c..`.c..n..>.O....L)@h...,....bM.u..]..Q..Om.`..d..C'..k....C ...C....+...?-...RL-x....+>....*.5..?.p.r?..+.Z...'.j..5..Z.....Y..W.+u.....-..].].t.9........ .hS.%..T.{...l^..^...E...:.q.....Q<..x|....4...#8gU-a.i@.9I.#..Ev#R..v....y..e...6..J~.j.......L.^....r.%@...".Y..{.l.v.*........5..:..b.8.i.K.8...#.1..Z.U..o....\-.U...i........)...=qj...&.M.3)I.+.&..Gd.q.L..U........8..,..,s....pO2E.9.a..1....7~B..."?.^..q[...:-...7..-ZIM#.vc..T.A...\.."...S...uA.#J..It......4j.F.CM.c.U...4...nS.....+D.Y..~/a.l.ZK..l..2.......f.r=..[$h.q~y...H.4S....G.."....{..}._0.....\.%..P..K.<.......l....]..!b.n..\Ir..o-P.}.)..-...]wW.b.y..Kr...KCj..?.I..bt

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\420__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2844
                Entropy (8bit):7.707525167450552
                Encrypted:false
                SSDEEP:48:aKCbKaDewFUeUFmPgj3sl+LhnlsYGcWY49jgsDjPJRDVZDNEBiV4V:aKCbNFsF98lOXGcS3jRleBiV4V
                MD5:94416FF3E39486CFD8EA4F4F9AEFAA53
                SHA1:D033B7C11728CDA2DFF7125C783F44FF6535072D
                SHA-256:3C752F54672F3A70C65C0C12533AD3BA1B9E28256628F8C37B97945C9D242722
                SHA-512:1DF60B898821FFB84704F97426B5A0B49D13C43D49ADBFB4B5958CF529CFDAE05CFC4AC79304F91E7681C913BAD3F00FE90F357BADC9B7B7C72D8D86EBC92814
                Malicious:false
                Preview:a-5|..{..]./^...u.p)....-z.........c5UX]/..h....=cv..".....^..g.@.(^u[..uv.k<.<.9.......... ...n.m..b.B..^4r...<.9fU.......od~..+..........o<4.'.....S...K....1..3=1.S.. ...+k.3.} .8..:.}Z.4[...^w......#@..tH.......m........L~...y..VD..M...I.n.K.....+N....6..."..W..zmkE..r..u'4m.$.j#.uw_x.....[`>T...n`6..q.. ...I.;."....&.hY.N.~...l.[..X]..fa.X...L'LPA....Q..N5....]..S...R.L.....q....zr^~..lx..{.E.f..ci..4.3..|......1.3...5.O.f.@.`1A4u .`.AT.Y....,.}.s.f...w...vy..;....I-S.lL..t.1.~-........h...5..73..(.A.i...i....8.*.!..a.....z,t%...._.....I)r......W.....1R1?.N...R......\..D... b...Z.PO.y.&.......v..C.P...'.....y.._@...,%K.>5iW."..?.8!.Rmd.L0..e.hh.......1...B*#_C.....4LQ...`p+...ngRH.N..+3%3..xv.h.&.."...8..h.4..k..u.F.N.J.v...a.Yr....B......1\....o..x%nqS.........6mnL0U......`.f...9.....3...S.p.k..<%.s..do.Ee>..i........70.4...sL...(.Y.....:.......\0...x.......8..rTe..r_.4..K......./.......C.|m<.k..h....+......{"7..z....."..Yum

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\421__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2308
                Entropy (8bit):7.62665060594272
                Encrypted:false
                SSDEEP:48:cC3Rah0WgYtDCGVKLoXmXjpWHwJ82qHv91G65jLLbDjiyVZDNEBiV4V:3MB/cjUXmXDG2+vyW/bDjiqeBiV4V
                MD5:171C2320E0322FB38381F5E801CE5395
                SHA1:5E7BA35BA31A57A8D85532D1B40083FA4356DD39
                SHA-256:DB2439729EC68345677F6F32889AD5E7E19164D90E389F9E0ECB1717D304ED8E
                SHA-512:0FF21280FD96D4C77431DFC730C73EC1A0EBCF84DB196ED2EFE290D7B18A8903C7B97A50FF669D42C9131708415623E9C5B2BD7731B587CA3AC48CDEEE194605
                Malicious:false
                Preview:Fy.....6....#...e..'#-..:6....!..5...s..I...7......N...0.....~.{ ..q.D.........H/.Y/.......A1..K-....?....L-C..".P...d..6.ol..=b..W...{.{...;..iT..Aj~.........n!.E.?G.1.2.w..=`.AU....,....._o.c............Mm%[.0KN.T...8,.K...>.....O.==C@.xt$y.rB.c...6..9"<YB#....Fr-J...C..V.r..%..H`d..}..K.).?.^.I..Jm...9.....~..S<.F...kJ.l..2 ..p0,...5.<}b.....r..K....m....++.....;^....x.z......g.n..)e..A..I..F.N.N....2J.IU.s~~.Rk+..|..;S."OCW...N..$.....&.*...6...Nx........e...[wY...J*c...B.UY.z^.v] !. ZC..5..R...9FB.....vo!..e..s.mh..k.......E..rz..w...H..[...&..p....7HLR.L|.1<..Z...0.....mB.,......U(..m.w.0x..[.n.B.A.=.....K..f}.<..p+...".CI`M..@..h.%.v.ENz(l.[..p..t.p$.V.D.y.7nG.m.(.@.D..OTC.]...O.hC...\.X..Vmq..j..I..b{.=.&.*...C.;.....eTH..bJ7M..x........>+ [eE5..............^.E.../..s... .... uLh.M.6V.5E.....z..z.......".j..+QgV..|.s...i.&.)..=..Y...g....M...9..!7.........*.#.=[.(?2O...(./......X..Q.)D*.B..""r..EA7...._y..g.2.........!.x.X..%W0&."O$.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\422__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1159
                Entropy (8bit):6.879587684526498
                Encrypted:false
                SSDEEP:24:1/Z5b3AqO/RBMtTjeDrLmpBdr+UCDNZVZjH0TH9O5Ye+QUiln4V:1BVDn/eD2pjrzCnVZDNEBiV4V
                MD5:7BB87BB6ED013EB7C2964F75570ABAF4
                SHA1:A21842C76AC36DE0214471045D647A4F84494B94
                SHA-256:6D02FBEB1FC60AFFB022EF404F813D1402FE061DD4D0BBDAE5026E9D0FC84918
                SHA-512:05DD13EB19AB017392ED1954B0CD2AF5DCB89765F8C4FD1964D8D4366382D128E90AF6920DC764CA3F1E9E922B19DF6B460DA709894A67DE62EFCF6A29A0CB74
                Malicious:false
                Preview:..H.....yg.d$B..]IL.M...[......J.o..F...b.Y..H.t..%..I/j..@.p....ue..d....j.|M=C.`.G.V...%@r..-T...)./....A.P.<`...@..$<..S._T..2......:.^.v.....7t.Q.Q..1."4=.|2"<....j.|.y-3 m....(].Fu.....2.JS..pV.....P.D.Y.V...'.'.C.....jI.DH..].M.8...v...nP..kM........I.L8...S.bd.`7T.tN..........q.=:..O..'.......zW_...}.J.....D+.}.:u(...h..._MXd.J...<....i...`..r`......;H.S..O....v'I.V@`...y...>$..#rJJ^m.#e......S........1..CC.....u..x.,...Jw@.K..Dxvx(O8.C..e..............."..=@...0$......y.FA....60....}0...f>g_...4.V$}eU.P.5x^...)`.>..........2A}.{.....c,.!..uW./6..k.....T#Wo..........jv.~.)!..cE.>._...@.F.. G...z...D.Q.9.|....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\423__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):7.006703974320744
                Encrypted:false
                SSDEEP:24:fOZTvBnpqH8wxvyjmYXnPUbgronRZVZjH0TH9O5Ye+QUiln4V:fOZTvBn7wpyjNnWgri/VZDNEBiV4V
                MD5:F43EB02222C1A8B0A5F7984591231525
                SHA1:BA08B782B658712D5E1ACD24AA0154145C653010
                SHA-256:F27219DDC10AEC8CE24307DC9C827167B245AE122A8C6A691BCC6DEA04B8088A
                SHA-512:C8B5F006A18E37C117093C676174C13DC5D4B2A6250E9F716DB05E9CBE99938ADB02485A900EA832AE859F64B694389ABE309776D077DF29A80AB54ADFFDC453
                Malicious:false
                Preview:....|..>.._.z...S.IEW......U.....f7..x.Z..J.uz....Cs..........5......|....9.G..~....X+AB{hB+........`.. %.fH.Y.V.y.r_...~&.w@..'~.....hj.(4..D.AY..........G.pA..@:...K@.Q.....j....L..\Ub.M...S.X*..tI..3....N2Q.c3....3/.^ADy. ...6,..t.O...D..FQi..P........3(ql..E....7.q..1g..&O.<{k.r}.*...@9..-P.4}......y.h..H%...74.....r.,k.7#-..}...v..!.V...........7.`......b.Z'1...'t......Yy..y...{dCr.R...n.....g..:.....3..QF....b}<;...c..^...[x.!.i....j.>..&).... .....g4Q.XG..a.m.....>7...1Ny..(@....F$.....].%1[:.i..o... $Ws..V..).|....]g...r.\..PVHH...:&.+..C.tJ...R....t..(.m.X......S|.zG7......+)s.s.=$..a).(.....5 .a.sekL%..Y..4....Ffr|....."..r..C...[..!...9.s./].....x..QG.:.t..'.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\424__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):6.958515286929291
                Encrypted:false
                SSDEEP:24:WE5SyRNHIInToPKtVT2+ER1GVcfMIfCGkOZVZjH0TH9O5Ye+QUiln4V:WEkyRrnToPv+E7GVcfJ/JVZDNEBiV4V
                MD5:7500D1C2915C865B67453BED01E5B4FD
                SHA1:23FB9F852DA7A06B497BCC81F52685459A2BD92D
                SHA-256:F117D135A2EA885239AF5A369C06EBE4C301F8BDF38F8F604BA9D8151BDF2871
                SHA-512:5B66DCBFF362D3B426A80E4A9637E180536E9D2E0B35CFFD5C09A1CB4CC73D2DDFCBDBA1A6107F6805C0F2BF5F72BE90E24110A4E9749B27C193B8B4E2BCA7CF
                Malicious:false
                Preview:.P.W;ed.A.48.&..5Y..K5..+.EO2..X.j.J0*L+...K>z.yh./H.h}..t...'aA/..8..W...A...A.O.6r.OI..H(..+V...W.!_.7..^...y.#x.{R/0..M...x.~"h.g..3....GEg..b.n.r/.X....`H..|.81..Tf.!E.........q..0..f.;yf.n..l..7.:yXrL.F....k...V`.....`..I..kWb...0.$x:..L.lU.}".5..3#.S..}q...~..?...;.!~..E`..7.|.a.zt/....z...1...0.T.R..~.&....mtT......i.W=}.M..g.{.n.YTYm.y......S.J.]J...\O}=.l..N..av./..o..~..L.~........1....k...V;....R....m".^..W......t:.9sM^.5.n.D.[._`1...ss..BNNK..s..w....2..R..LR*..}'v.F.Qb*...,....m.G...8d...$..h..+...i..,......^RXdW..a...:....W&..y[S.BNN.)...6Lm"..N..D%a@.....E-.....k..# .To..T.q.2..E...B.~.ubfsD/j90.&.,.J,.li..._.2..9......r...H...>.)p.^5...U.V.o87...&....k...,460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\425__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.889509794264592
                Encrypted:false
                SSDEEP:24:lDjxhvnkbEOxXmAIW5PcpxfUVCYZVZjH0TH9O5Ye+QUiln4V:lffkbtmAIW5P6fUgUVZDNEBiV4V
                MD5:50BE3EFF15E2B0A0717BF53287BEF008
                SHA1:75BA80FE4CFBD86D3345723E481835BF2C795830
                SHA-256:C4CE8DC5BF1664BF9C4F2C5E7D747A2150A4BD477E5373791855E4628DC032B6
                SHA-512:0BC70B1A0F87F40BF859A4BEBAB97184BBFB45CBE8F5789121525F13072FA21F871AFAB8934320D13325AD9734C84552742E49767EC267C8466D6E98C778945A
                Malicious:false
                Preview:...d..w.N....O.q..i...0h..M.FB........S(.1.m"....h*ais.x..bg.Hu.9.ys.A.....1LX}.+./.q..P...D.qzA.....?. .o..H..V..:5{..5...w....h...0.g.9.6w.6..N...q...M..q....f..E|m1..T.>..K=..l+...,.;...E..Es....;.p.N...L..u...k..B"H;..^+.x..h.$}..W..b]E....(.4...:.JU~.T.Y.;F..H.>.v.&...N..St.....V'Y.%P.J,-..Dz('}..m.W..]c.L....1_..z.h...l..u.ns...Z(.....K...r.. ._..W.......W.wh.d..KI.....b{....{.........M...[.....$.|>}R9.LyB.e.....R.c....G%/..9.f.b.lKS-Y....t. ....n.....Y-..@..G.!..7=y...H...;._PG..}..N...XR..-....R}%......_..'...hWJ...q..'..3@..K..)@MH........Zy.YJ....K.;.'..{.47.>.....!..B.x...^..u.^]^b.cV.-.3.F..qb.J..-.m.+{k..%.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\426__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1229
                Entropy (8bit):6.991618239686385
                Encrypted:false
                SSDEEP:24:7j1FQg73or+WxWuRKWt5SLGLBFoPuS8xoSrlEZVZjH0TH9O5Ye+QUiln4V:TzzoFxrRKCoLQBKqvlYVZDNEBiV4V
                MD5:7E007EE4A715B6DDA4377C891B3AE419
                SHA1:D6AA47636C2E613B4D18FA03559CE76F54F7B164
                SHA-256:37CF1ED53B5C1522F69FE7094EB2F74D3263CBA251FF2267BBCCB07642555306
                SHA-512:ED7C806D65841400E6034761B79B2A8713694F1029B5C0D860D1A29759C7F77B20D1D8119368E438DEB5867449D4158FF868EBDEC8EB491FFC017A3666EA70BB
                Malicious:false
                Preview:R]..ah0.8.SI..=.[r.....*:.....mc>..sc.1).Z.{..R..!<y.3..x.......#.kB..1....)Jm...{-.....(.|..L...m....=..U...<A....n:Z.OF......A~.G.<.z...7....n..@..E.t.t......v..T.f...n5#...\d..$4k..P[U..9.M...C... ..m......9e.....a.....*.^..Q>...p.{#;/..^.Kb..}?n..#Fj.{6.gl.....Z.Y-.:.Z.{..#;e..,us.{..K[!...=..s1.....%.7.!y..)...n.G....kiO.......q>.[....R8l........T.jC.|..............%..u&.6..c[.,~.n.#.l._..........Pt8....;..wq..r...1z.[.../-C...Y...>....8....=.....$...z.X...!.9.d_.....7.E.B..@..;..{....._y.+.3.@..-.D:J.u.}..........h.;..45N.!....R..p[{.&f .1..,...i.....O0.BG..l..l!N....AYO..-=.b6fXM..M(Y.7Za....}..z..(. ..`...k.%..0..'..F....e.w.@v.&MB....|..l..........J.\Vm.rA..A....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\427__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):6.704868940635003
                Encrypted:false
                SSDEEP:24:K31/6QGyYpg8xKRV8OMPOjRf8yQpicn+gZVZjH0TH9O5Ye+QUiln4V:KktnxKRV8OJjRf8yQrVZDNEBiV4V
                MD5:90A1B232EE5A79FC28CB64F5DABFABD8
                SHA1:5C9879E3602B88C47DC6DCF892FFF571A297A7B6
                SHA-256:9E5E2A3DD1771BD0A920077C3D87CC9CEFCBE8D64743D30CC16935D022B041E0
                SHA-512:DB060E14B342EF3784A5B71C55B2E6CC8AAD93C941FEBEBE31BB57D54D4E78AE268D4191A439CEFC3F3066D47D60B9BAB089269B11D90E9B6EEFA10EE3CD0CDD
                Malicious:false
                Preview:P@...~.3..a.8..(W......}...,....T..|.....6.....!<.u.N......q.<.}.fRN\...M.....uF#HE.k'bk......E..7`.7m2.9yOb.eG.....?.=..~..<..N..+.q8.~L9T....>.8X..a..K.....E.8|..K.....S...d....@..b....5]/8'....3)Gt.........aW..1<:.%.T.`Q....?z(.H6+.....,.Z.4.)..T.....G7...|V...6O...8.....^.0..wdQ....g...i..).L.KL..pIT(...,..=M..n.m....*."....... ..9..2......OE.~...*.w....O..>.;....3$4x.x.5.C(i.........z.3e.P..-.-).....(..d..9."...q...WZ..a..=U.. #......;..b$Gf..Z. .....vp. .8...Y..>.....t.g....^.....l9......._6..U...u.k..c.;hi.0...=,..s...'XM460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\428__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1041
                Entropy (8bit):6.651617562705115
                Encrypted:false
                SSDEEP:24:+g5xkFmifiZRKa5OLQKdaZVZjH0TH9O5Ye+QUiln4V:1esjOiVZDNEBiV4V
                MD5:C42300F0DE3F3B8C27B1DCF9F8B1132F
                SHA1:2DB94FD5176E11ADCF469F93AACF16178A3704D6
                SHA-256:FB049358AE9515296FC723BED49AA777279A4AAEAC22FB7664C091DB25DEBB77
                SHA-512:64E93AFE85725110755D904BC3893D5DE3ABEA1305FE14E31CADB34A4FD8A6D2F0684C39163F38709AF88CD16E499C765AFF941CCD121CBC1119A51F6C8C7B02
                Malicious:false
                Preview:...>U..j.....W.?..n.<;..*....j.&g.BX..4...wQG....k.P...0a..q.Q.0.=:....7.a{..i....w.a...M.G....J].s\6..............vY.ym....x.....-M....a..)=.~[..V8,.x.=.[..kkK..U..x....?.....O.....G..j.g....[........q;|<g.....M6}_....1.gA..2\P....E..ffu.q..t......s.c...N..[.o.......DT.x!.......L.$...`..L.oI..]&d:.H5?pb.l....;.$PN.8..._...."..B.F.s....C.UD{.. .6...J.....r;....V.....g.7q........w..H..q....j..].K..5sQ...{..n......s...Qy%.-.......dd..B*'q.;2x.i>Ju..5...|.x..{%...F..4.vD..yX:....X3...Iy.u0L L..l..MQ..b.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\429__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.4588488218939215
                Encrypted:false
                SSDEEP:24:VOYIIV9aQyEVm6jA91qRno7ZVZjH0TH9O5Ye+QUiln4V:VOYJ9LljA9LVZDNEBiV4V
                MD5:0E33EF242A6CC371D2D46B60BCC28812
                SHA1:1BE33AD6F0F173753AE60B0279B0279AB9871DBB
                SHA-256:B6C2E4FCB70117AF43A3101FF73E61AE11C959659AC770C4F1E6F12C35A7FE4A
                SHA-512:4086E7BEE768469DFEFFF9DE746F3648CFAAF6B401E30F5E215A6B4526B22B6A84661F00F84A03051F1F5293CE80BF5D8D0985B3A7274B1D68C2BF3F3866D9C0
                Malicious:false
                Preview:R.w......?.R@...z........S..5.4y..o-g8.5.....b.Fs....z....V.(.~2.&&..0.O..t......%..-.'..................!.g...uDRk...U.i.Q...a........O....p.c...y...F..!{_Z./..d..w..I._.D.7#..5..v......[...y.....K.........b>8,f.........@.X.0.....A..F."....@.7f.4_y]V..r2....W']oj.<..q...,_.....e...V.<....My....%.vDjt..Gj..B.4V.\..g..7(..a<.+...U..J...&..O...IP.9(Q[.k..:>...B..>F.M...,.&c.y.Uso..h7.6...RL.....\XEeof_..1..|....Y....2A.[w.=460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\42__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1295
                Entropy (8bit):7.0524448055365685
                Encrypted:false
                SSDEEP:24:dCwKKbGmAZIh6TdjEFMeaYszYEeb/ZVZjH0TH9O5Ye+QUiln4V:dzKKbGmAZQodaJGz8VZDNEBiV4V
                MD5:2C29CB112309F66F93D00CF9AA7C6057
                SHA1:065B615E98B86983FEF6754A49A710DB86A67787
                SHA-256:64CD679248CEE953E076B5B1AEB36792D338C8828317C183D4D5092F1DDD5D22
                SHA-512:38F41EC5455719A4007FA7405C93ECE4A4A8E2D3EBB8AD55445B51D9649B009911EB6E1EE1112017C8BAAB088192F09073151532ADCC587FD85BF063ECC66BFA
                Malicious:false
                Preview:............u..'....\....d..f.`+s;$.....O...K|.."J...=.3..c:.H4...{.....g>G..U...;$..Fo.^....;;/..S.'G..(..c.. ..E,.R.t........ksh...._i..d.p..m.0.W*......;6../..$..T7Q..1.&-..l;..fk.U8h8.. X.}>*....NO..>.$2Z..C.&]....87.......XL.c.G&.[^.....T..H....R....@.m...o...E.Z=......A.Oc2.-H^.._...R .n*.`....19...a'#..1H.C.t...j.....u...rI.....u.....m..|.%W.R...[.UkT......#`..;{9...n...1w.<U.m)H....PQS].;......SP.f.vS......}f#k...K.....m.8y.....+.On9..U.f|&r....U....tU<.FUHEE.2.-.?^.KEC.."J.`.!....{..[k..t%.F^$.d4.F..{.p.....5...zM.1....S3.......}..7._o3.n%A.zFp.YC4...+ .O...)..... 8Q\...=@b=..U.{B...m.....B.....Lu..uV.N....L$.Y........,.A@g=q.gC..w...::>....i..d...@..!.5...>..Z.C>..8........n....8....uJ;...(...ZZ<......J...t.3.i.T...t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbddd

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\430__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1370
                Entropy (8bit):7.118552395768326
                Encrypted:false
                SSDEEP:24:OQ8G3346c3fhzIZNuvtE5UlhrnPx599SZVZjH0TH9O5Ye+QUiln4V:BIzILuvO4rPx5riVZDNEBiV4V
                MD5:34CEDEEDD590F2BEE4AABA980BEA19FD
                SHA1:CC7747AEC47C7507A65EF4B2988B788CD17EB6A1
                SHA-256:1A821E847DA699AEB7E53852459D6385A11D8E051EFB422F67B92C58243BE524
                SHA-512:9736570E716232BE36EA6317DA8A3B8377CD2DD9E7943FE8F47D2092743E09E00305E6A7747BB11C96AA2485FE61C637A7C4BF9AB345B1F7479BB5AF014BAA5D
                Malicious:false
                Preview:8P..>....j=...h3..{(....q...@F6.........C......o.`......H..te.f.e...........g..~.!M....5E..;.n[.k.d... .3[KU..%.h.>>^.J....qm......aZ...[.V-k.6..Hd...$...OY..)kn....b?,.E..^.......'#..7\.......c.D.k../_..(.^.m...'.G.f...4.,h<>y.~....1....[0../G.Z.p...q.L.Ax..'...G.x9.N..b.>_.r}m./L0.V%q.T..w.........C).Fz.....m.!W..].k..k.....X...............`/y.76"LC#xAc....6$`.K..e...|......Jz.0..;...T.[.g.%.u.t==.]D...7......x7..!...Y.}.9.<...L.TZ./...pq.....Q-O..H;.jVe..J<..xp..P.kBL.......i.sBzZjq.H.,M......(....g88.:.....$p.?..r.&.`.:-.xa.....].RAa..Ar...{. .S.2.n..f..w.w.].tq...#.o.c.....nf....#...7%.._^./..M...&....2...5.!............5R.41A..v.gKXU..,w....+........3F./y...H.....W.p|l..d.(&...r61.|+8.....i..d.U$.&..,.......:.%.e1/.._^..+.....K0.....t..O..18E4P..}q.....,....kC.~.!I..Rt.7..9..q.;j....J:.].7.w.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\431__HotSpot.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.073432762649795
                Encrypted:false
                SSDEEP:24:AWdJMfd26saTmDDG44EZVZjH0TH9O5Ye+QUiln4V:JUFiDDP4YVZDNEBiV4V
                MD5:3EAD525B131E557318095F1CCE712326
                SHA1:EDBEE60BA4F386BA850058F82C095F55AF771BDD
                SHA-256:C077A6216F54C53621DB62370090DE5C3C04D745B7479E51049F4B18CA22A858
                SHA-512:1218A010BDFCD46BBB34141A18C168A23902C52CC21A435B969A9485757EED20D103F58209604CF49471DD037B9B293970A77D82EDE4BE34F30A8A8AA9F3C725
                Malicious:false
                Preview:S4.JXd.#.5``b..b...@....>...j..t.d.8..o.Zz....)C....%..8...B8...|.vG.S?.\...\....U..rw._uF6...|..G..5.(...O.._G..R..<`Gro..:S..N..V./..y.S..m=#dP.A.....E..@,.J...............V9...%...D.d}c..P.].y.wt.U.......>r...CW.1...u...w.....*q...&...h.}......O.....^.~./...:3/.[.....^.|.)3)..........*.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\432__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.971513086906548
                Encrypted:false
                SSDEEP:24:WTeWeNmT6Sqm/DdK54ZKYNcNH+it5YcIZVZjH0TH9O5Ye+QUiln4V:XWeYT6a/pK0K4c5+iccEVZDNEBiV4V
                MD5:BEC6A7C555B10CA36B08FD496897E8AD
                SHA1:3E25A137158698B9B2F52BFB7376746F8FA83900
                SHA-256:ECE6311404B3169DA8A70BF25E908D454D80FE4BAC0A7D584F54EE994A1D1540
                SHA-512:C0B129056E67BB4F32E59293DA06D6246BE46F8D74A3B9CDCBA1BAA1836CBF44DF929E355D23C27484D7E96B946179888FC1C023BB42907D43D4CFA0664638F9
                Malicious:false
                Preview:3...k.q.K...(T...T....|.,.eG.sK2.}.g..O..[...v.Z..U.U.o..`.p.)...V?..0..C...lB.&Bm!..B...bXa.F1,...0.....`fZM...y.i*..}.......]..O.ID.....9....4..#.@.s..Y..v};.b......y>.g...|P.@**1.2>..nK*.8..d.d.W.ZP..3.9....................P..4.B....Z...NtH'..Xy./.=....>...@*..b.K.......0+....<st.C&N.\....+......K.......O*{6...#e.|....Fz.~#b.r;.Z....0.:...;.h..[.g......$.On.5...#-n..u]WH3.4v.0d..%:....hB4..k..f..Z!.c1\.#.q.L#..)x..7..V...Qc..1t.l.I&.?ZL_.X...OBjf..S.#K..Y:.+..y9.UqX.3.G......4....k....H..R..]."...Z.{.....\.l.....-U2./..<.93..G.....r.T.....L/.D..A.5.....C}6...r..:.d..C._.]..6.h.:..%./.|.5.+...H..@g..M....0"..o...f...k...$N.......\0....k........e........<.^..o..q..P.`..S..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\433__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1175
                Entropy (8bit):6.897813859637127
                Encrypted:false
                SSDEEP:24:whved40H18pVPrlKKZhHNEAQh0QHZVZjH0TH9O5Ye+QUiln4V:wEdNKpplKK3HNQXVZDNEBiV4V
                MD5:83CC95C7D519B89DDD809BFCC93129D7
                SHA1:D227244C242D8DF03F2D511F5F9EDB5855321293
                SHA-256:DD436EB85078D369DDCDB2522DF200A16677B40E105017191185D9EB4C66383D
                SHA-512:E2F9F368BED28F0C8B912CF719B8F411B51471B0F5F5ABCCED418E4762A252838BF2DBC3EC23E6200C9E9B14588CDCD0E861F3437E3D3A5631BB59E6801C4A40
                Malicious:false
                Preview:......t.x.>.t...]*.XN@.;...V.6.`f.P..bV-+.TRnb.....bw.b.::../.s...q.] ........D.F...k4..R8..m..M3...J.....@.....|...'.cR}Dzs#.x|.ufBTm.b.q[%A.7.."^.J>..>..<.A........~....r.p..].!.3.97i%4.y.F...G,.s^.7...n;.0]#<~6l....r(.!Z......|..%......5...)..D....M....N..u.AGESG.[....ghg..>../|i...U@S.@..F]B.'v{..0...#@.K.;0..l...1D..R...+ON.8d...;w.a...Wy.k4..J.Pt.)a~.1.%..F.LD7.t+A.}iu......U..~)..H.&hMYs.i...+.......>...D.TO_.A..^.?S...}.....p*BEr...Q.b.}.`u27....$.1....!-ZJ.u.iT.J|.?.*.k....>..@.Y@.n......Y.6....^.U..=(. [z......(.rZg..f&.$.E..Y....J?......HT....$...)....?.~B...............E.v.x.%F.\..P.Q........XQ.J.W. `.pz.3^U.a...b.".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\434__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7624332673542735
                Encrypted:false
                SSDEEP:24:otHQ59laAzn8v6soOPn5tf8zgP6+n1cZVZjH0TH9O5Ye+QUiln4V:KEj8BoOht3621gVZDNEBiV4V
                MD5:FDEEF9042773A931282FB49AD7A786D7
                SHA1:1F18941939551CE47D2FB2F7F59FF8021C00D387
                SHA-256:DEF616B59B5994C66B7AB1DC9B0833651BB660711064E177342576965B373998
                SHA-512:B5F09DE6C69FC75C7F6CE992730791DF0457055997934B382A884BFB81B1BB40AAB809E8E4A63EC6272041422B2B99CF56D0F4FDAAE1C12FBFBCE45B9851DE25
                Malicious:false
                Preview:..Q$3.&.[..F.=,.c|..J...@.K,$..P\(G4......./).:.....................xL..4.c V..^..;...........E.H2...j.!Q..~.X.{....#|...g.u.w.1....S$..n..-......C..=..$.DUy~....6....9Bn....Go......`=...*......i.D.j5'h...k.H..~...4;.l.n[Y....t...e...~%G.......B....;#:z......`/...z.yC&..>.D.../~6._e....5........+..v .1....f...>6x..-.(U...M......m4.....;g.l.w..BZ\.q....vrh~5..:2..dd.. h.......;.C$....:......MK|..O....n.ga.~.d...f.Z9.. .. -8..sy.'6)'...#.")....pW%@G.k.]....g..f.y..1k%cM.%...(..........` .....0...X...X.>+?y......\u6.cQi_...&..../..k._.Cd.|-/...L,..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\435__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.674412195484113
                Encrypted:false
                SSDEEP:24:UUMkh1gE2i9X2mc60TtTZVZjH0TH9O5Ye+QUiln4V:UUgE2iPc60Tt9VZDNEBiV4V
                MD5:1CDDC30985ED3623AAA2DFAD8D351ACB
                SHA1:831BEAF2269167FEB3BF61756694CFDF8FF40E0A
                SHA-256:4C1B830292ABBF26F4A9C72E91718A2DBAC90A4139E7EE3DA29B68CDBC2613E0
                SHA-512:6FEC4D4A8B4338B5CD1C42F7072234E3BF9C3C92F1237B0F2A63E4080B52948FAE645E6264E93B616BA2382724D3088A0383502A58B998143DCBABD637FC2F73
                Malicious:false
                Preview:.n..VA....]^.j.G..d.........%..aY..i.\.\......).e..N....]z6.7..A2..|_[&.p/..i ..J.....$....*..7.3.un.G.Y..3....J(..e.._.6..p|...Z......b..].e.M...71..`C....{.{...W..!..C...d.\.7i...nF..7........#.}.V..}.AO..(...r.O".#.].$.k>....=.S#.:.|TM,..h4;..D.'..P.}.Z.u.R.-.3.<,r...;T.0...5DZ=JI..,.....Y.2....)....9.'J........u.S%f.*.d.o..>.r.s9.eJ+.y."./....#~....]..K}...9d.h....(...y,?...1.r.. .).uj.>....n`.B..T...yH...u.;.?..s.S.R%f`^..niI.S.v.m...j.g....iU..UB..#Tf@Zn..B.3...;..I....W~..3.....[....Hi.W..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\436__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):958
                Entropy (8bit):6.476056514086596
                Encrypted:false
                SSDEEP:24:/OQJi9jr2PeviE+5ZVZjH0TH9O5Ye+QUiln4V:R09jZid3VZDNEBiV4V
                MD5:51A88CE3EA18283B13D6BF75B34EC707
                SHA1:3CD2D04FE72963DA55EE79C7C5EC2785EB99FCAD
                SHA-256:956293840BEF659697E049A9771CB00E597A915F7E07EC1BD0CFAD1F3BB94FA3
                SHA-512:7D04198B265685D839966048786514BE6597B7C3A5E14D93686250FACD3009723C00AF8BB8F13E17BA5E73ADD80907964DFC2BAF4369371614897BEAFDB68429
                Malicious:false
                Preview:z..F...t.@...H.G.6._...HX.B,%w1......#.tX.d..Cg.M.y0...q...9.&/...f.v.P].k.K...:i.3^..|.e5...zbf...K.n..........."s...)..N....^8.}.y.DYO...._........9..TD. .T..y..BU.YD).w^S..0...@b...7@...~.nT..M^..57kU.u..f..M...gFw...@..R(.d..2..SW.e..q.f....L.G..j...+{./......,z.....k.{U./..:?KJm..!...S...H/.bZo.......qP..s..)..~.99.."K...a.S.......U1..\4/. ..+...~.5.%....1T=*.....9...._.C..-:$...X......#....:...)?<.H....&...[Bk.8..A.....ZIX..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\437__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1786
                Entropy (8bit):7.430232774131321
                Encrypted:false
                SSDEEP:48:7sXk8djZ8aCYYol02LNK/ObaJ1VZDNEBiV4V:4Xnd1dCm02A/HPeBiV4V
                MD5:99BF6D43F363FBEA4D8ECB7C3E925A2B
                SHA1:9462A788171BED89A444C91B1A246DF1D92273F5
                SHA-256:D12E0DAA9B83ECC7E67960CE462B2E9F8E62A9D86F414E1959EBCDC9F2BFAC41
                SHA-512:449DD719D2720B46AFD096EBECBD5542213CFC64C91A087BD3FB42A956BEE98565F9562E1F37CE60F79F9106CEAA8F54950B61D7D1439E13FE22865175473A57
                Malicious:false
                Preview:g~.A......,.r....;..^.~.S.u+7w......f....z.w...r}....N?..O..7..fA....r.^.......!se}..Z)..i..W.o2./.3.......qz.....Ec~.....$Y.y.......^`.u...w.~Q;.mA.a../.....?L...'3..x.3.b 5.~..N.?..... t.tRp.k..7....A.H...K.]...-k...#0.d,?RTq......Ux...q"......G..9..v..?z.\..C..C.r.].{...5J.I.?..oj.@..F8.'...54M...`.p.Pr.....9.....K.-;WY".e.."./~(.......K`..z;.....]/....z.-..)j.$.[LD8#..2>.@.<1..j{.A#.]...).]..~C3.......T%..]Q._lg.@..f.0?s...Q-P...T.pl.....c.?p...6.q.t.l.3..L..G...^.W..a.(.d.16u.Xoc...........&..,].f.....+.C.r..w.......Q.m........-\yM.V..Z9f..U.k..<..97.6..?l...].T.`.5\..........x.:F...9.IA....4Nh......'.k.....X=.{.Q..VT...u-yi.pjH.B.>..p.......(.5^.[.(.~}.k.X.5u>.m=3.F...+.}kV-5n.......$..^H..:..;;.>..<...W..>.7C.?..>xh....ZY..W..{.XQ=H...n....%....3I.wwu.@./4..e} .yP).'.}...8.....x.g..|.a)....w..@..*..\.`'...i.H%....;..g...A3j.....T+....=.s.Q~.!.j.l..f..B.Z.}.m....m....b.S#..BAB..7..5.....%.. qO.f....d.6.....m...,.....x....f..I.I.x..E.3...2..[.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\438__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1033
                Entropy (8bit):6.661633447619071
                Encrypted:false
                SSDEEP:24:n6fzCsS3U7ykCi6DKbbgxRvDxLi14XZVZjH0TH9O5Ye+QUiln4V:2zVS3UfaDgwvDVVZDNEBiV4V
                MD5:0CC195DB5519BB1CCE6B021D900BA833
                SHA1:58BBF96070F4ADCF9A0B22E509AA50132D4FF406
                SHA-256:1B47CFDD87BBA15A22BE55597E790BAA05655283B5B34CDA337354CF433FB661
                SHA-512:49EFC291AA1C2BEE11A8012CF5AF9EC7E5F60B7F4A29B4C86565A51FEDE9F435B79857ABF7C9B51E6205BD9998F9FE04F3BF4D604DFDAEF8EF1C06C1FC19AB2E
                Malicious:false
                Preview:F.!l.......7K.i.%...q>.XSsl...5.?B...b.NNb=g3.....=_vZX...B{..|G..3.Y.S.n;.......Q.3.~#.`O7@..1.......2.:B0.?.........A.Z.......5dg.Q...s.........Ju..hYI..C>....F........(.....V...z..+=mf[....!.,.!;c.x..]..Bb...&!?.q.i...8..\.w.'z......:.H....W./.4bP.,.....J...,y.. ..bn5.q*.Z..nY.XO......^......*.wy.}.+..(T..d.,.Y.u`.v.V.jL.Z..o.W..H..8......p.4.......4..../~W..j.;-..t..8...?'hB..%.D...8....&:|...v.......(..^}.....t.p,..}OJ.#qS`..u.l...."l....T.!...S.l.jX..;..m....Q...y4s<Cl=..b....4(.2\.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75ee

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\439__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1096
                Entropy (8bit):6.789272117537376
                Encrypted:false
                SSDEEP:24:wOD1TY27Td6MUhz9MZflqnTo+WebZVZjH0TH9O5Ye+QUiln4V:vD1TY4kpkDoVZDNEBiV4V
                MD5:E1821E02152BF2FCF7F62F9268CA6700
                SHA1:107D8A5134E53D845EA10A085012DE8CAB738228
                SHA-256:389FA8196E5D772D859B00C0750C9945BE114DED00955335A21B6E7AE7C322F8
                SHA-512:AAF690F52F2F2689778C941BD68F4DCAAFB2B4C279BB464D6E80555CF1A022A21DC211B40BEAA4BC4EC5EF0A430163821A4D6AB254CFE7DC1C052E97DB3478AF
                Malicious:false
                Preview:/.........&.W5.....x5_n....-.`.x.acQt{`pWC..3.pw.Tm.2.RR..2[u.........q..k.a[.H.$...6?..".|1pI..zw.......I.K..Ii...3.].".2Zl.."j..x.E@...0&.Fq.JE...R.....Cc.;...e.]..%....H.<...k..Cl.sNB..X...q.MJ.......?.[...1...{.n.......Z......@s&.J.r..H.^S....r).R...|..S....f.....>...6..?.T&bM..}.r..!.........*..#.?+6v...>.k...a.6j.....4.h...H.,.....gy5Z.....}'.~w.6.6l!.x...|....*J..9a.G..ok......!...FOAu.^.N.npt`..I..;.\.!.......Iv....*F.6........).x..9Ha.V...EF...._.d^r&....e..R[./W..M*..Y..\:v.Y.*t03....C?$.l......!I...=.`]nA.U.=..L.ttlHP.,.....!&.k...#...a..E....h..:.\.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\43__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2315
                Entropy (8bit):7.601340345434567
                Encrypted:false
                SSDEEP:48:KPef++I7lXN3j4D/zhTXL9gGBpTLHAclyCSCAKhVZDNEBiV4V:KDx7lXNzozNLlgnCSB4eBiV4V
                MD5:087BA21C3A9AD5F06FE49E80CBA18E19
                SHA1:AEAAD60FE1FDAF97A091FE59908F30B3BB2492E1
                SHA-256:7C54CDC4FDB97FD6976646C13AEBEA466C88C8981369025D3158B40B504565BD
                SHA-512:0E3974D627B7F204DB1BB08AA3F1C5091D94D8C092FD71BD04F703CBDB84579BD4CFF3F6248A870057CB48422EA933C1CC836753661EB86F51727BB7C00B4818
                Malicious:false
                Preview:f(f..R!..nJ..C Fc*..+...32RH.u..X.0...M.A2n^<...P..O-..x..-\~..P..&.@..Qp..#......mj.b?..Rm(R............-t>DnPT6<..@NM...i.......9..+.....8.`.8..TV}.H3*B.N...w...........lMG.j.8N....#\....._..>mb.S.&...z>T.'J.P..W..wDL'9....=...$9.+W...fr....AOZW.m<..f.0.R.............P....v....-.....7;...g....x.P...m..s.<...._GlJ..E."><O...=..Snw3n~.....M...E't.mn..mq...|...S...R.5."./p.'....'..% zE6+...U....bnv7......D....it.24.N\-&vk.....o.G...($=......:.=....Y...)....(.9e.f.1(....kB.Z<....|...GT.S..t...\..9,..t7].oX....p...B.B...z'.."..3...c.R}).*In<x.o..WHs...;..P......[.T..X..'7y...(TxX...l.EE..$.;4......~z.M..+A...8.U.k.5xH...=........&kU........\.!.+...|B..].*.B.T..>.EJ.Z..i.h.BD..0...b(IE^Vj..^M..<..n.0.....d..A<.sK..*...#....b...../....|.e...fX....!.....Ax.l.[c..AI......\.U~.^.t......Cb.1..|....."....~..~ ...w....~..*+....zI..c....p.....r.hUL...;.(<&.y=r_.....g...E7r.d7%.....!.+..!&.L.?....i....h[..D..K./#w..~*.[%X.+.(,...T1fV%.....8!(....

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\440__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1045
                Entropy (8bit):6.663947960841901
                Encrypted:false
                SSDEEP:24:e3kIVDAVwI5uyLfYG3YrZVZjH0TH9O5Ye+QUiln4V:K7ZIdLfYGIFVZDNEBiV4V
                MD5:476507593F2B222F64BEA38A04ACC994
                SHA1:D0BAA9524088F07B570436A3796BBFDD67DA0E2F
                SHA-256:40E096339B8C9A476939AD2CBB01D1FDFFAD6F3C781ED652FCEA7E7084E37DCD
                SHA-512:413FB36396D9D3C254864E3611F2E20FFB50042CAB00DACA76F561AFC0B2A1550FB96CFB444C011DA2A3DC8FBB3F5E8C954EC71F4FDFBDD97009CA2B37D02DA6
                Malicious:false
                Preview:q*...ae......E...z&...L.....S......_GFY..Dnc..;....../q.7....s..B'.O.).E.......e..S...O.....:.y.r.LQ=g.i....]mAI.n.u..g.).5........F..x>.$..Vb\_=z.Za..+[I.c.'.T2h%.j......P..H95.8`.l.2.0...7.".....vK.._..>.qH.A.@.U.gl...u.>.JW..:..... .....g5B....h..v.!.(...^.#)+^... ,Y).y.$.'..k...K.7m.....Y..]d.,>.._.._..AiY.n15j.L.).3.....G..?$=.2....a.G. ..y.C..n..C.U......M.2.^.5Mi=3.SM\.c...+.4..i..k8....S@Vn$.....RI.?&......^..Lm#...=k..*...H..c.7#.4W....E$.:.V...'.s..y.......AH../U.#fP!..P.t.j.n`.T0....,d.*.C1....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aab

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\441__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.494884170819165
                Encrypted:false
                SSDEEP:24:39ERMo290p4aaepU/xvtzkZVZjH0TH9O5Ye+QUiln4V:3QMoGYlpWV4VZDNEBiV4V
                MD5:4BF1B099875EAE3863F2CD6EFB5BA501
                SHA1:6EAE23AD766B4018D33D19A8EFE68D0B9FAE8E96
                SHA-256:B1DB49E5B3DCBD2609788E9FE84BC3946B81BE4661CDF3C2261E3197DF4BC2DF
                SHA-512:D4B67F053A66A7478DE74BD5EA63BC2462A6226795E5E1C4539BF073828A2B311B44AD5999E338A51989D8D42C45AD1F9AB16AD1E20BA15AB837F1C97FAB6368
                Malicious:false
                Preview:..t..l..+..O..0.k..iX........p]..*-#7... ?.B.....+..Q....z...`2....OS....a:...4..N.9..>....K&.5:.$.......q.w9.v.2....u...4..`_+....$.+..rK......iT..W{.u......$S.v.6[.f...d.~....A..k.b...Z.....x..x..p..A|k...Y&.o>%]s...[...jc.Y...........D...v+.*q..h.4....O...GV....6.|A...J..ON<{....F.w5W.O....bD>.6h.K.)......a~l.:n..[...u@..o..GxV..*...,1y..r...q:,U.va`.3..K..A.....H.F..!^.\ .I.lm...Y....w....W..k3oi..R..B..b.....+.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\442__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2053
                Entropy (8bit):7.5228221412971825
                Encrypted:false
                SSDEEP:48:FlGNXirH9KPsmxrDbETIvLYL9TRV9SuAeHS0woVZDNEBiV4V:jWXirH9YsmxrDMALYLrzej0feBiV4V
                MD5:D853C76C95590A86C96878D2FD84C5D5
                SHA1:4EA4661311C1A4F39E6B5F4E5326F6D724C5EF33
                SHA-256:7A275A635D7FB16B62D842EA3D4A317D6294EC1768DAC97EC66625F87EC4D028
                SHA-512:381EC229CA547045CE4ECA3AF4789D6C6EAABD6FB179E3BEA181E0B5163711F8A29B5BBE9D7FF39DDB61F70F4379A8CE0536BE73E54F903121C0CC5C6522AAE7
                Malicious:false
                Preview:....D...U.J.!...j.g...E.[./.}...,..y(.Ok.5$.p1.l... ....\@.#cg......S.X...:Ym..~..k.......qr.......sa?...k..=*.......xP.w......#............`q...R@1.j...|..............1.i..h&9'".dw.....`_H...%..$.}9D...J@5>..|5....D..G&P...~.J.K.....H%.fy.[e....(m..+...AW.._....o....Q....rR#...b{...?....".}...G.,d.....o|...`].....N]...=..G..I..-...|..)...A0B.........@O..w-4E^ q.%.*.Lw..?'G....bD......I51..~mII.0.p64.\.7].,Z.-.R..^M...x.K.y..!.n.\ajsP...c..B+.*...T.....S1..N....|.....,Fa..h.(@.A?....:..W......f.d/P.kl.7.f.G{.m|k.hh......?.:6:V.e.b..>U...0..7...c.l.]....5s....s..U@.. ..mo...d..X@...~...[...0..g!..y.[H2..+..]k...&.>.../4jsF..G.#..<>..*k.K..j..u....b..n....;n...U%@_..."B..gh.XHO..)...o{.x....... ..5z5.n..........".............6V.....'h....&.R6.+.o-.x...{k.._G....}......<P.D}L.7..rr.F..Q.....:.....0.e,o..g.6..X...,..03......AQ.......9..w..T[..,+..a/...r...R.........p.orR...S.......Y..E......b../..g......D@Pjt..yz.5....{....s.;K!#QF0..NP

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\443__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1358
                Entropy (8bit):7.13365994200933
                Encrypted:false
                SSDEEP:24:XffY8sV9pKTU/uVmXccEsIKa0We/2ZVZjH0TH9O5Ye+QUiln4V:XI1fPCi/+VZDNEBiV4V
                MD5:DE3FFA86FF66DCA34CDA9A8DFF4478B7
                SHA1:E0CD671FD96AD23A539093557126286301FCAB8C
                SHA-256:6EFD4F9082DA694AC226EB88ED82BECD91DF4D24B6042F66384E11582C8B9709
                SHA-512:2DEC5B8EC5FB9B481DFF2F8F252B26AF2B72C52E6AA930B8D8A470EC050D02FE3DFD137C385F765D5E3D4F1431DD4AF8D63C47A4B88018311168388658D784B8
                Malicious:false
                Preview:.R.ke......gP......r..\X.gc.tE/a[*...LCF...>o.v......P,;.N.+..Ajq..h...D...`m..c...C(...B.....A../..5|Mp.YB..... ..5.r.h..}'....|...1..S..(\..^[.l........r.$wl.G..ec..}.[$$. 1#L...~F..v.%.E.....|.R.(...Q..pR.o"h....... ........;.1.m.w3....D...9~.C+Thz.z...NG.f~. .Coh..+...../...y..K.....<I.....,.....Y.:..O~.s.7.#.*.>.1.%Wq...=.'...m.....DP....H.-mi.Do.`).q97c^..~...v..*..f.......F.N@K.az...A.P.B.....P%..sZ.3.C...&..)B...s.?..3((..jh.......&...}`&.rt.fwQ...@.!..lE.4......`...~.W..c...^.9..-.....V..K._.!.y.;./%.&................6...b..m...=.aO..7...].s.J.9.s.nE.Z..H/w]...H.f..9.4.B.p..t:....0wo.......Q.[_.3t.}.G .....a....9...m..P.....3...h..uM.o1....5.(...8.>4..y..........._...X..'3...:&..<|....}R',.n....|...[./.0.X%.S....~...:[..X.g...%A.7....l.../.x=.#.......7.E.h....;....%.$.~. ....z-.%..GX.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\444__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.97930134258466
                Encrypted:false
                SSDEEP:24:9TDon33Nt+Y6KOnhOgETtlrjxCBHZVZjH0TH9O5Ye+QUiln4V:lDon3dz6VsgEnrjxa5VZDNEBiV4V
                MD5:AE3BC0557AC65DB0DB9097BE7BDD5DC4
                SHA1:D99F08F0E9EA653F85FA8D4A5A377D177BC5F4FF
                SHA-256:8ED5F246919C7C382B31B32F15E30812CEA1674AF487192B1E3DDFDD572FED2F
                SHA-512:982BA5320CACF3DFA35BDC0A234C541E79BE8ECA580D4D323E98A12CDBBB484AAF4B98EE6A4E349A6D23DDFD0C51E39C232557F73C9A26C49B4BE95B00568CB4
                Malicious:false
                Preview:........L.... .]........";...d.c.Z..@....7.....^......(.Y..P@V.p.....tg.p......O!........a.....m....G..Z4.m.z....zL|1....W..;...=.=....P../.......}.,...L...O_Rey....>.vZ....S)..u...H.....lFJ.....'.H..O......YQ..}..mw..... .}d".X}.3.,.2..o...*.......Z1.x.Z...t.Rd[...1.....:..........Kk.....:%i...;.....c.s...W.kQ..$#..tI]....'..U.$g....mtU.z.....]j.]K....5.,..y..L|....._>cI..$..........p....c|..1.S.$.`...... ._7FF..._"o..@Z(.+Kc.....yA..5...f.UC.D,}."5-6..4.Tf..rV+..5..0?...<.._.~iq.t..2.."....Z..9.wo}.k..........|EJ"Z...1.\(.v..H;?\..(:v..#._......!.M......|T..leh..H...L.K..R.!.f.&Hk.....q...o....).7.........Y..v.;..L......E/)...7.t|..j.....x_..z.:...u....?p.;.w.J.S..2.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\445__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7688833305048375
                Encrypted:false
                SSDEEP:24:U9waYjaYPpmLZNjQTo7ZVZjH0TH9O5Ye+QUiln4V:U9wagtpbcVVZDNEBiV4V
                MD5:F84901AF5329563C4E9FAEE70151A2C9
                SHA1:A04FA49E913563D53FF87E58965A02614F6D6089
                SHA-256:8B8A1FF1562F45B3E200376784572D28E8F12A5F3EC22A4A99A91FE75444DEA8
                SHA-512:9A9CCE7247E85E1830965E6A4CE60006A99BE4BF4E1C9876F5B688B5945996829DA8EA148C8FB43CF1C3396A2C19754B5B1B01706696389CB43758F7AC26EC51
                Malicious:false
                Preview:..XN.m_.&w.,i.K.._!6.....K[..f..m.K.'\.2|.C,...4....F..gp:.2;.-..._......I...LTO...z.p.f.Y.Ts.C.HSN.'.yA P...I`.....U..Mq1.oo..........U...Q..[...n("..j...RZ...{!...=...-hu.y5p.g..uJ?...9!...*@A.Q..DQG.$5..;.n....n.u...E.4@....#...My...\...;......*.R..Iy.fI5&.i.....m;.u.k....aip.y.{g_.}..&.....d.e....s.?<D[.`R...}...V.......(....pVm|.<W.T1.QaS.V.../.i..;n...6w...M.DN[.R.e5..\/[..)...*...".....W\.7..\......../......\^.....3%..J.F.*rg!....h0*.6.Y.%.....;..-%....Ao.....6..J.S...1;N..U4g0....R@d....uEa...d.4s..r.v.....s......Vt.N..7.k.}...lP.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\446__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.63782859763797
                Encrypted:false
                SSDEEP:24:SnaFs+2Iu8MZ5UTJE03SGi65QrLkZVZjH0TH9O5Ye+QUiln4V:Snks58MQJ9SNQFVZDNEBiV4V
                MD5:D1907D857662634B645578D6638FC93C
                SHA1:E0ED46CEB1358DC63953A2F89D1F319136632979
                SHA-256:3F93C1BA6D48EFBF36CBCD6B37A5451C9A553AFA35239F03884CE75128A77DD3
                SHA-512:B59462B3F041E0393F789CBB713D6B58C931F8A0F691ADDC18FB37C7DFC6D976741C5F9F266ECA98A8258CD48FD272B747E94C13E8CC7565F5C7EFE251AC41F9
                Malicious:false
                Preview:.[z..S.u.?.7..7.......-....NO)[...=.Tf....V%..l@.3.D.n...q.o.....`.R..~z.;.k...4..UZn..g.z.09...5.y.....m.....0.}...(....^..i..pg;.>....\.#2..tFD.|....v.3..Q.-O&M.&......2$@..,.h....}..L|..}..vT...`..yeg.<.N.@...i.3..;.....(.b.2.l...0...E.8.....u0y.f0.T.g.IS|zU.qDe..|....*...P.*-sU...=./.s.}.Q.......<.d.I~..|oU......o$...Y|.$..Pz.s......4!O..P.)...kk...-R...#...2..^I).t..Y.%zH...T]H.....f.S..}...jt.....X..vm......8...'.gu..>.J...o.,.|a.bN:.}S*....+.)..^...s...V.p.1h..........v....t./.B.9.\.Gg.R....v..v\460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\447__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.4529047396064785
                Encrypted:false
                SSDEEP:24:sjohWFc2eaI0kljIcPSV6RYmmZVZjH0TH9O5Ye+QUiln4V:sjK2enLjIcPSV6RPuVZDNEBiV4V
                MD5:02A3105A0683A2248B2C3A776B52F65C
                SHA1:88BDAB90BDB95E5B21F6751BF00DCFEAA4D3E096
                SHA-256:450DBF8D70912B40C251D8CF88CC000782EB478790D2D6F6F8CAAFFFF9CA7F05
                SHA-512:E9F9B52F86155942427E7F98A44FE0B3F2D75D7A57CC763371568D35AA2B6C04C87575C74723063E1B6BB77F3948329A5E316DB20996142BDD4DE8B7C9C9842F
                Malicious:false
                Preview:x....Y.d>...Of...T.........QL.(..oE#b.<..i..@#..3...*d`.Ix..S.R..3N.V.....uY..1.{A/..s..PBu.c...N....y..TH<....i..{=.I.........vj5....L..j..O.7.N..D<....Qv..|E.Z.....3.aE.e.4t.%)..ra`..9..J_.&v0.Q..&..=.....;.2....A`um....h..%dq.^$..M&...y..(.Q...p.kq2.....x.._=8.y.h./. ...o....Mt.5...k)...P.=.U...!d..oz_..P..Lo..n..m.y.....^..<N..a.Bt....*..........3..T..@.sm.....dE. .P. .'/....).....u.8^....O.....&..Dw.....5..3..-...".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\448__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2724
                Entropy (8bit):7.68610411453995
                Encrypted:false
                SSDEEP:48:91cNRKS0Ko2k2mdwXTrkV8jciHz7T3hnQ5MlwVt302jgDaDkGj7VvVZDNEBiV4V:91cNE27OqXYivTiSav3SDckGlneBiV4V
                MD5:83B0D65963CEE899CABE0E17A78793AA
                SHA1:3208DFB5626F152604BD85C67E6DE9456B424E8A
                SHA-256:9BDE5E5D56A2454A53D7A09CF51F1456165BBCBE0801F704402B4FFAEA71B696
                SHA-512:6C2321AB3778697E6CA62B4FD5F9967CB09BCA586876E3B49A812AB96C1FB52B25C43FCEE98F7E8B78708C8D1A827F8519D117AF9F6A53917EB2812946D46FCC
                Malicious:false
                Preview:a"....V}w-....YS...m.0...s....vC.:..=.t.z3#'......L.L]..t[..f...U2E.....T.V.3.`.....K..v..M(3".n{../...P..V......A.s"h.;.n9jA=..8k......BS..{#..`9...:QHsz...oB.......oB$.':R...........<VM.....1x.D..$}S-.<w..*{.._..=.c..<1...V..U....`...Okh.K_.\..^....i..s.V....B~......fk]6.p.{.)...1.i..g.^.o....5...L#.0.r...V..VW.c..KK....\v..].....S.....mC..W..G{.....E..U((.}.'vzph..PA..)..+zX....P...N.T..ZU..L.#&.-.....OR...{.E..Q..._..+...)Fv....N2....Yl..)|\i...c./M..?*...b....-AyUq{.)&.....zG..Je....}C*'.;.T.I..Kq%..c$.3.g....C.Ba.pV6.?.S..W\...j..kN90.P.P..;U)s...P2.2.$.ty$.8...x]..$......x. p......NV....%2+......e-.....@....T....t*.3..kYw..H...:^.Ub.>..x....p.'(.MT....D..C.%..W;s-0m..3r.....5j..a......>XIs..N.|......\..Z&..+.?o...I.tH....B].8@..9...../.........q<$K.&..NH..Bw.%..!(eP.M.~.#E ...S.....(y.i..`....'..f.=I....._,..:s]wj......./m2...|.;9.f..X....*5.c.`........3....CZ.A..J...K....bK..*x..%$......K.0.f.N.....O..]....l.....&g9.=..d..U...{..4.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\449__HotSpot.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.023216840114311
                Encrypted:false
                SSDEEP:24:pQ4+Sj3JU4uyp5CnjPEZVZjH0TH9O5Ye+QUiln4V:pn+SzknjPYVZDNEBiV4V
                MD5:DA83D98AF404D827BBB1BBFDB2EE6869
                SHA1:7DA57D2937D7638F70FA0AF2F63D0D07EB9C767C
                SHA-256:7BA44104FBB0731EF8E50D4C4EC35309984661EF3D84DDDCFCC38F04237E65DA
                SHA-512:953379538177833ADB55512A3FDA94595940CD07574AB10D32787C4E78B326FECDA81A72FEC915C243BE63D86A11026BC8D44DE851C0165D0F4013B44758F070
                Malicious:false
                Preview:..V]...e.. e...[-. .."uX.|G...d..T[.Lu..|.?..w.........P..`<.3Wn..yY.o..7.,$~..Y.P.7=)Ck...c5.....W.../...n.#O~.>bf.O7....N...g.XSJ..d.....y..oUf..a...A.....7.2.[..;Y._.G+.L.D%.Id'...u...y)..,.:.?x.&.@...x...c..D$........i..4..D..U.....G7.Se...e7...89.b.........&.......y...... ...W..I.....q..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\44__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089
                Entropy (8bit):6.690542293941946
                Encrypted:false
                SSDEEP:24:xrjLDu0KYa+jlR+UJiA56loZVZjH0TH9O5Ye+QUiln4V:xHHKZU8AslkVZDNEBiV4V
                MD5:66290B50888FD4792C0123B6564EC659
                SHA1:6EAB94D6FE8233349592782CB17E14CB636860C6
                SHA-256:104767410C437AEF6D80D4B3415569EFBBE29E93DD35DEE4D9D64B0FDB7A7C14
                SHA-512:9F9F8E816B47C2DFADD73BD67315A5B367B2667131141C38457C8178BA251061F9C38D72BF93AAD73F273C12A526A6064C05930860DBC47B1A4FA205F6E7FD27
                Malicious:false
                Preview:...(g..7..s...C.j..Z0p}...z..~..-.........d.......tVS4.u.K8.]..G.fA.h..!r.F.<d+'mH..?.H.?8$v..C6;u..xJ..z....a.t/3.N.P.UE....v.1Dx.b?..Mb^.V../.=.6........V.b!..%..._..s".%~.\.{.g#\...pW...SX..v4.u.2...4....Q.vk..2$.w..Bk...w.^..0.&.......&zs.JF...:aQepKZ._vr.....E...4?G..............q.-...D.s.?w0..w>.F&.s.....g...d@.).fT`Zb........._Y.Y>fr.........A`i4...}ZY.U...).......7..........#6<.7..V%..m',F...K`Q..EG..+.~............C).c'1e._...<....6......F.....7..'..'R."\.Z.o..w9........\.v...3....D[F..Hc..1....Wh.}.g4bY..X....^...d...Sq..E). P....[460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d5

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\450__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.963542565769617
                Encrypted:false
                SSDEEP:24:pZxormJQeRTvQrgx+P72RzIPuGNTZVZjH0TH9O5Ye+QUiln4V:pZxVRTvmoeIzy7VZDNEBiV4V
                MD5:FB754BB8159B82B660C9903543EDBA79
                SHA1:B4C857DC99BA6AB9EAA6921E25B0D4A7D1FEF08F
                SHA-256:34CC5FA676434154C611FFD3C59D51ECFFAFCFC60379E1C818E853E99FE6B2E3
                SHA-512:87FFB38E1141EF9F9B91DA79EB80175F28BC5543E60DE9A7A723E729C96D96222F3D7EF1ADCBBD1EE0911180B6797A0F01192425762DC58939114BCE47A566E7
                Malicious:false
                Preview:`[..D. ......(..?E..#..H=..".....S..k...+..`....EK.>...>b.....z.?.tv:.8.89.8M...Y.....-........T.+V..e&...[...,v...hS.@A..S..CI(R._..D..@G..w.9e...\m/_.j.V...9.].40.3..,v.o......-t.j...#...H.E..nEb...=qq{|..x.K..BI$.9..MD.w"z.#..&If_ l.C.f../.6#8...x...4<..b........v).L}.UL...y.......{.....G....k.?.S.&*E.P.....q..YW..2.Y.S%..yAl.C.\.,.(..2..#.76_.8...",.#...|.v.....N........8Fo.n:.a../#.w.O.A..cc&v.?..;.R..L:.........g..Wt.5...z.,..a.+f.Z.0..B..............;...@">...P:.v..~.....S..*...S.xv...S..h...........I.g..........q..$K./......G...93{..?...VZ..'..:...~d.k...#.Kn..,s . .%.0V...OL.$.w..5.......`.\...}'.....UY.....L...*T.|...M....n..q.NM.g.l.l.`.?.}K...1....P.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\451__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1775
                Entropy (8bit):7.435983601419654
                Encrypted:false
                SSDEEP:48:fGxxzzb0V2LtblJJpeHn+7qVZDNEBiV4V:fG33b0ElJni+7CeBiV4V
                MD5:9B9AB424C1B7E0384DF38EB2711CE40A
                SHA1:D34D40DC30C1FDC7FC9455794C6771095814B616
                SHA-256:381A218E7E13C6FE5F13D8617204865B5C1B06D54F5CB6DD75E9979570687822
                SHA-512:8D79026064AF32B0FFA4677BE0DAB89981274ED7A72D66DE0481DCE1D1E852AD500FBD5E993EC2B3E64E18E158F01099D3B882453B5BE35FF206E83FFCDC515D
                Malicious:false
                Preview:7..'>U..}..p.?.?p5$....eh....x8q......5..g..#.W...X....f..}X...SUe^.l...SS...wg.c.D..FE..}.%4jq.f....{((.6a.n..&`M.....w......../.;l.lh...........'......=spN!....7.......O].|.......(..d%JG_.'.:.IP.{....'.v.x<;..#.h.z.9....#Q9..a.\..\Z...?..~J C.&n]......s.h.ZK9.%z[Q...........iP...$u-W.-..Y.......Uv..Rf..MKw.]`..0...).ho..l.3..+j.1.&.......i`.i...%..$v.Q.#.r5.j.Y=.9..<.........D.o..\.N.S.P{..srO2..I......o.p.8.....j#pq.............C...&......@.j.a.O..%.oa.....j..M.)Wt..m..y...N....f.P.R.VA\.b..eg...R..m..*....vM...N;....dZ..6..%y.-..u.SM.oW.m6/.......,lN...*...l&...\a.....1|Z[.jz...^lW}.Y.q...z.>.q....MM./.2..m.K.F.......E.)B...HJ.V._...5.m..T[.uV....i..`."e.....Ec.bf..UOPA3...k;vo.@........'.l..?..)n.6..H.L..y..Qf....UjT.KK.....{../<...qdu./.=.:.?.Lp=g^q.......3.....#....G......y...,Pi.....j..)y3T....!.....w'Yl.....Z..g.r....lr.~.7.....G.4.K.....Q.....>...$hx...q.i{..@....i.....;......A.:,...<.Z..2...OH.x&..F4..7.1).......-.q..v...#..

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\452__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1158
                Entropy (8bit):6.860462196767179
                Encrypted:false
                SSDEEP:24:V+5s7w03+fc1EGa6g/dZVZjH0TH9O5Ye+QUiln4V:V733+E1EsgbVZDNEBiV4V
                MD5:2A1D8A65922F1A2B0EC14A60E1199F83
                SHA1:71FA10E00D1442863A13C994B6EB93F35DDDE5BA
                SHA-256:82AC300DE4BA627DE1AB2CEB6D22C1D20995841DF2FDC28AAEA3076D3DBFF036
                SHA-512:9A4912AB1ED107C521E525CA6443169DA3246E0C9F4D1DDD9FF8A88883C6A61C372F6D199EB256024A0E11DFBD634DE9C4D6B0E67379C6C4FE244FD8C4C5C0BC
                Malicious:false
                Preview:..|#&.7..%.....c..K.....2...Zt.P._....[.C...L.)<..p^.]F..].`.V)...1.<..z.......n...S...`...4.\..6.....Q),..z......P,...w.p.O....,E~=.Qn.I...gt..'...b.#.W..... ...pT..I`...R.*....R...=...]KZ...%....3....,.....d<[.J...&......I...|..Z...B...n.!...3i.b@....'.P....D$9..].8a..;3E.E:.7..i.+.w. q.. .....$.'.=>..rf0..}.E.!...r...MX..|.Y0.`...0T\..>.;9P...C.F.G..x4C&..R.g...'.9..t "[.......*..*.i...&Rm...V..3.........(..\...B.3.......M#;..K./.L..h.,?>.(.q...F......y_..g~..\$.....si:z.....W.J%p.=..%.6.(>.u.8....Qa+.X4Fk3J.KD...f.\z.{...I.j# a..}sx..r....!.%.Vhi.m.g..7....6^.pM.W..x2B..a......).....7Z..>.)..........j460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\453__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1156
                Entropy (8bit):6.827886338823764
                Encrypted:false
                SSDEEP:24:06KdC+0RvxmpahSfcgxZJIf/ZVZjH0TH9O5Ye+QUiln4V:m28eSfT9I5VZDNEBiV4V
                MD5:68E1FC562CB6DFA3D1B97E109BA7BC08
                SHA1:199109ECF474B45FFEE04AACFE8DE4723D2729E6
                SHA-256:85D008AD43CCFC315D7156D67335915DD9DFBCFBB54F7170E2FFFCEDA99F2147
                SHA-512:D8695F9056D298092699993DEE573D79E5BBB0FA84B16B94CED972B95BD51AB5C12B070FF75BD04795B9A5F39824715FFB8B219AB2E7F0825D7253B99ED59E75
                Malicious:false
                Preview:..l..k...V.6Z4.a$^....HM.?V."...5$.PYF......la.=......@...z#...%s...3\.Rm....;N\.......y.C.....\.CeiA.....].~......m...;E.f`.....X.V!U.<<.v...T...]z.D...*r...p.J.Y.......+.Q.{....X(...._.......].....r,.v.1U..p.u..C.....A..[.jLc.i..b...B`......Z.....0&RW..q.-...v..[..6.Pe.....=ZA...*.".f..P....3..]..1YC`6.8.Q.6)..Q$l/:?W./?..5.S6gS.vW..TSW(...&....W.@....Q..PE......9]Z.F...1..3gD..j0*..P.....3.,?.*h.a.9t.d..ef.c.a->.eY....?.Y.........0."v...j.%..+..{......n.4.g....g._.....V.2...8..y$c..R7^5..$...2B.I%#.F.......@..M..Y.g...O.2}.../..S...p... ..cZS....\!t~...a`...g.=......P.+.Gw..M!!..b.t.{=<.y....hg....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0ca

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\454__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.908089923654055
                Encrypted:false
                SSDEEP:24:qT/gD9B7YDzwZ9eLkjYvPaQJS1iM+1ZVZjH0TH9O5Ye+QUiln4V:qTgD9BcDeCk0PHxM+7VZDNEBiV4V
                MD5:E572BD431A50C617F873304643EC97A9
                SHA1:36383F212A9214A8CE6DD09BD64CE39F7C57A1B6
                SHA-256:A8CF7D9C964F78A965B5F1E88CBA75F6A8644439102D00B40626259967026E7F
                SHA-512:276FD59A3E5F42607A59F334B1040950EF721F7D6CF01028E0829CA0D6AE19A70EF98943A9977453F3441001850D76A0212C053285C18C40AB126530B375E9A2
                Malicious:false
                Preview:..U.\o.)^.!;..~..Z......=.3..$n*...$Vt.....3.(.1...t.].1D.j..U.g)<..`..9.t...<.......p`.%P..@MI5.#...M.l...P+C.......K...y....k.....qt.1..3.m.R.....R.e.......u...K."....k(.EX..K......2....pl.h/....{...1.N.'1ED.f..~...QK....5.F.|.[.pB....P4.o..v.\P+.O.2)?.C.......-..]]2.....$Ip?......T<.L..a..%.).Q... .'.f....R..c'N....... .U.}.H.......0-..,..Yf.W..oR..w....(%.gxm.}..cH{....8k.D.ig..w...4...u.`~.5....B0....u.i.[..(....`..`.....V. ......|..?..I.g.....?....S9.JN.K..w...o..9.@ G..y@.U....-f.....K.AL....z.5...!.......1..S.A.&....C.\.%.8...R4i.C.^}[.eE.GL.~]j.m~.UtH[..[>.U......"..V4v...bK..".."U?;...Y.2.6....qx8..*..H460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\455__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):998
                Entropy (8bit):6.50784951861997
                Encrypted:false
                SSDEEP:24:Ay1McvCatbNqL6VlY+qHGZVZjH0TH9O5Ye+QUiln4V:AyGwb/SyVZDNEBiV4V
                MD5:1C66C417D0C82FB0F1C851E39FE4F972
                SHA1:189097AAD03F30DEAC93D9F5C05BE03ED6F1006C
                SHA-256:7A0E5A56A7A1EA3E949E8C8536FA3C45F8EF5E1219619657626EFDE605D0D064
                SHA-512:DB4855460BC087CE796EDEAD648B25B86F842617ADDC0E56C2425259C9F98A91EA619DBD72620E9DE3CF813EBAB67663261024AC5F629A5921159BC2CBA65EC0
                Malicious:false
                Preview:n...n...<..%...._.....k.....e.*{.8".9.....6..hD.^z.|V.-.!.lgI.p..u.vFi{...Mht.Q......{........*1 }.{.%..#.p..*..)....z.c........\t.[.1.K.d..RDmP.]M.e.Nt..:.T.._.."?......Q..k.c?....|..5.u0......JC%.u...O.\9-,x.F..C...8c.lIR...[4.....8_./.c.].,n>n.y.1F'....t.3.b}.Ea.mL.fD-c...u.k4.S~F....x..c...9..ee...J..b..............`uP.e...].C..vI...4d.-..&{...T....wT.4D.........O9i.q....8.R.VN.@= .zk-.2.;....[*.. .....5V..b......d.N...!...I.eNi.|6..E^.>.......8.....{4.....Z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\456__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.8041012018848415
                Encrypted:false
                SSDEEP:24:03E/cFsc+tN2yAZZaxgKziZVZjH0TH9O5Ye+QUiln4V:MEEFd+tN2yEXqyVZDNEBiV4V
                MD5:76773DC68713976CD0D81C179741522A
                SHA1:B31E516A282115EA127AEB555B158784125C21D3
                SHA-256:700757C6BF5649BCAC23F18851194CB63A5813DB7396ED7830A8EE78B986C491
                SHA-512:3661FF3C3A6DA4D9A5D63EBE257401EBC41AF6BB0A025F3DF891E67A9242718F1F250DB86D63B7F4C6E481244408702B070C55EAEA19324B96E935875FF6A59B
                Malicious:false
                Preview:'.{..*...w...Q`....2.*....U..I..nRn........;tS....6.....V.~.H.........2..[..$.g-..r.x{.......2-..I....G..(......6S4}c.....C..].b.)..pW.h.......x@re.X...o.%...w|".jH."z..i..o....F....>.e.w....JqA.^.....^8..v...v.....Lx....~w|A./ .....P7..qr.....7.0..sM~..(...@a.}..P..;0..$....".9.....p.....d.l.xyj.".......G..l......!......RL....<.%|..f.H#.w.......&....@.. 9g....Lb...k...R.V'S.f.#..$.eB..O..z.!@P.^.w.5[...gg.F8T..i8M..(O..4.#...~*..v$....2...b..n.H..A....T...Z.#i-t:..L......7.F..D.....J.........-.q......%!.7..\I...T{P&*..a...y......T. .~7m.U.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\457__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.68578647612368
                Encrypted:false
                SSDEEP:24:C8d9EM5NF/pl+zIqjzKj8wZVZjH0TH9O5Ye+QUiln4V:z37/5pAcqSj8cVZDNEBiV4V
                MD5:AEE02573F19AC63EBB7832D20D2F9351
                SHA1:EAE446BFEBE2F4817E22D405E15FAE57493C32C5
                SHA-256:B5D0CCC383D75C625274A4A4E1019A46E28323B9B08A79A40F9BDAC60E2C4DDB
                SHA-512:E183B7238AF970D1EE42F340D23473B8EDCCCF1DDB3EBEC614F285471BCD50B04DDB4C19D0184EB4A0E2E74874C3371249A40037D12AFA88FC0F8ED1839901B9
                Malicious:false
                Preview:.K..p....o.F.+0o.Z$(GR..H.l..]w;..e....qy.....\.!.)..x..~@..t5za..R.3...b4.....Jqd.......l4H....B.i...j..z}..Ou..[np.*w.B..WO.iY....{...Y..0......)q.(Q..U}P..'&.f.c4..NMfQ.c.H.[..r.a.y.).P......CU..I.~.2.}...c.]X... B..k|..CZ......9.Q..t......9}.7..z..WB.,.JoR..../.<.......{&-.)......)..O=...w..jh..L>m.,.`..,..m.......(.....W..C.~.x.,..*Vv.&4....9....Y.j...7..dA..H..:H.:`>bi..\........^.|}.u..n...............8..;uy...zm...X.l6[9.h..}4}}H.......1.)..._.}2.?.....o.+..&...2......m.4....L..p.|.z...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\458__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.440989880546689
                Encrypted:false
                SSDEEP:24:G06SXwWX7iDPqZVZjH0TH9O5Ye+QUiln4V:GxSXraPqVZDNEBiV4V
                MD5:EC2D841645619C2EC1078C1FC1C5029A
                SHA1:EE87F1E4D7BCF4B830F9F0B0138617A45656E3B3
                SHA-256:E5853138C5F430184FD94D169B1E1F2B45634DECB549928E2E09DFD7F38268AD
                SHA-512:6DC670896911D520656B074F2E0CF17B3D1B45EEC89352030397C2B1760B4601D2ECFEFAD61E2DEC501DB1AEBB969BA4711F56C668F81198FC87E3DAFE787E09
                Malicious:false
                Preview: .d.@z..F...l.2EU.^..o.N}....F.'b...D....9.l.6.J|.u...SYOm.....f.|.v-q...73T?|.e..S.|....3p........N...Tf.G9.0...l..)...L..3.@]X..T.G`=....5n...E~..M[...M.. ...Wa....>L..Sh.oF...k.".5.y..^D.g.y.X...p<^...w..D.$u.V.4........g8.*...E.....e`.....9..=l..;7.j...#.gd.93..jz.:R.<d!wx....r..5.uA.L.....s...........e..e]..K.....sE...B[....)...t7.+-"Kh/ST.?......pi$G.K....hu..c.1S.....29T...Q.....x..P..;P._ho7H...4..Z...+..}gu460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\459__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1772
                Entropy (8bit):7.402495731274295
                Encrypted:false
                SSDEEP:48:mU/ckR3+z70GT92Y7lWNkk/RglZ5ccgGacIVZDNEBiV4V:maR3+z9Tr7r2Jcy1eBiV4V
                MD5:5FAB87D7599C0BA826AA6DEB1BDD90C9
                SHA1:39EA4D5A6CC69CE2CAD7F3C775FE64CF5D91CE98
                SHA-256:6633BA1F7D8CC2FFD07F8FA854049E54805E0BC6EC7B8848D3FA4CD377D83705
                SHA-512:986B919ED1BBA0871C86FF2013C56665590594BFB78CCCE8EE1B10C27696DB926AF4C54FED02FF8A39946F5851E8F80F78C986C2B9CCCF0C1E96866B309BFB24
                Malicious:false
                Preview:.-.N;..O{.n.........~.b.....S.5.. .=...+.. .TF.\...^4u>.!.K..P..7t.../..7..gm.F].V.x.b.F#.W4....i.40.d.......\dZ.1S.(..*.q.V'T.P..0C$?.j.z2.-....M,.:^D......$H..#K.:..z.b~.l..s..;.,)...6.-UoH...z........9.j^[6..L'2.s.W...i.+..z[.$....uE=..]Q..<...Hd.W-:........;(........7Q.OU.....<......>.V.+.9..G...}.}..Gl......W....P.*r~.D..&|Y...x.p...s&....*k4...&.....qJ.%.....>..j...S~t/g..$q..4S........>........apS..j.fsvVx..<\.y...#.A.p... .f.])a.?.%E.z.:mCO...s<.Rp..k0@.N..K...c..a.wKI._9?.>...l?......Ofm^........?.Q6...l.....9..qQ.RG.e..7.g..=.....=...+.U..V.i........>..f...7k.Wv.6Hq..-.VU<Bo..CL.......$...A.......+.+.%.3...q....r...u.^rJKU.i.........yo.y..E.;..f>=v.l{.&"..m..&.<..}..i.T...{..Q.e..u..-c...VP......_.g.N.......h.+.:...{.C....";....7...p........h..UB..z9.0.t..p,....E.WaX.....M......?.......T.a..7...1....8..o.4A..h.G...!..L.N..8.O..J%..R^..QS...R*4.nh..<.B.y..&H.A....~..'.f..c..C.P...9'n.B.T...*|`.Y....Uw1z.d..~....l]......$!G.w.R(3.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\45__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.620110256721349
                Encrypted:false
                SSDEEP:24:5ueRqxKto+dpZ+0sQOZVZjH0TH9O5Ye+QUiln4V:UutLPZbmVZDNEBiV4V
                MD5:9E45FE51281399872B0DE7953AB0B980
                SHA1:545ABA1F12BB158637E2FFE5A60832B6DD9240C5
                SHA-256:8601CB337C9DFE3FF03C0E17E7CB677E7AE28CCDD833AD4AE6E1AF134E352CA9
                SHA-512:58AE50FEC2FFB8B61FE6AB81EBA1B0152A3BC27426214B30E10B057D22E46978E43F95FC107F06DB6549A2F6490B6CB987AD5346016FCC9450BF43F8074459C8
                Malicious:false
                Preview:..W.&utC...?..3N.=.A.:..F.bX...iq.@Nm.\.\Z...c..[d..{..Hu<..>;`\.^.....p.7L.u.|nF...nG......?.lc.ZQ..y...0D..I1.G.e.|.f.D|lb/.....%.......!f.3>.U.nnm....8Z.l.B....F%..W@..Q..ss.t..c.f*.~H..,...6%....J4..H5....a..G..D[.$Gj.D...0.t<.X....}...pq..........b.2..5..2l.....o...3..Q.s..w..s...S.1.{....>.......4..N..%.(^3J.d.>#....y8.......L~....zV..k>X....^.(Fu.U.....=..i.A_.e..!...4.,...0........%^.H.M. ...B.u.1i..,.K...X...9@.....[.H...\...,c<hv..XWec........Uh$8:..8#.s....!.&..O.:.z....Se....p.27.,..M.J|@s7.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\460__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):998
                Entropy (8bit):6.547310852835487
                Encrypted:false
                SSDEEP:24:9arpTALggBA9tiybljBu9KoZVZjH0TH9O5Ye+QUiln4V:8rpTA0gsQybl8QkVZDNEBiV4V
                MD5:9748DF3196A2A46C967F400E9E439E0B
                SHA1:8F05A734908D7A684D7EFB8734BD735772F90A23
                SHA-256:F727BB53BA5B69C0C87F52934B1EBFCB5A299304ADB78052BD7BDD4878D53A39
                SHA-512:254C7DAE0A33DC963EE80C9F68885CB005D0DB91B72781D492D470C78ED0154A72C3BC6D57BF2CEBA73C2E5DAF63902F3587E4211A58F5E3A1EE917DC929B715
                Malicious:false
                Preview:&4l..$..a..-Y..0j.(_......|..`.Y"...>.R.c..%N....7...yV..w..D2.....'...za~....B..+."...B%.w^OZ.6.Re..o1.B7f.um,.yT...7.y[..6.g.....Kw.F.O...).0..N..pl=..L..d.e......;. |*.2..N|.Zd....$..X.j.....0.j..:.a........|f...&..c...s.*S.-$.6j...\.w........c..7..H..H_s.->.X0..<.....xk &Fi.r..\.u".;.P....,.^.".>K....f....3g...'....Q.d\!........_ ',mb...k.3...^4...\O.......{..C.Jg...<...t..........C...T....xL..2.w..O.K.q'.G.P..d.D(.w../}...v....y....an8..-.0.c...Z...B.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\461__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1752
                Entropy (8bit):7.4144450275063924
                Encrypted:false
                SSDEEP:48:63iIevoIhSqcuWJeHc9Nn0LVZDNEBiV4V:rIF8RcuHHc9NoeBiV4V
                MD5:0D3D5FBD43E87FFC8AEB550F5F275989
                SHA1:5783BBC64F6C8DDE9CFED2D64D5370634134C708
                SHA-256:67C2703E2A015C35E1A23A1CDFC4E2493E0E9ADEC85660C562A6BA000C9DA757
                SHA-512:98B0F00CB35F309F2DC85B8F83067D797E84BD1B9A76371B0FE75C93551C7A702171783F1BB53CB2C38ABC396279E6F6DAD4BC562EB5BF74C225FDDA568FF242
                Malicious:false
                Preview:....E.A.t.......l.IT........I."(.....O....t?p...tI.......dc...N..*.V.w...2i..h?.w...{.......$\.2....S....w...T..o6.z.2.iw.0..+._..5..7...)..*.-..F.G...dd..I........7..E.].p-...d..fu.^..*.9..u...]O.s....t.h....2oP.s*.P.;A..2O...U....3w.@=...z...hM,..#.*8..?..q.b)..-.1...!s....L...QpY.r.o.#...S...=..;1./D9.*K....q.:C.F.F.fvh.......B.Y.....9..>RJJ@{.....I.....t...]..\.Q....`..~...~?Wv.b..+...1.v.n.......=.J...j.......1Q....^o..ZmuP.D.....+!J#3B.......E.#..>N.\..F..5.6'R....._Hs.....N.,..gv]&..8....&.{.^....'QTz..#.....=....B...%.5D........5Mx..?`w...#...)..~,.}..+......-.=.;..~f.Mhs*.....w(]..O.p1b.,..~q!.d#PeVN.ZT....,...f..\`..[:.4.....>1...C.!..v.)@(....}....*.]'.lw.....6&z|..c0...L:......zf.j........K{..9.........C.&....M9..B.P..V....?Io..s..*.r.......i...*.s}8....sh(4...j<.q.sR]..7.(E..b.o..L..j..<..G....K......"..Vb.^.;...A.....G.WD_..t......VqRF..3!.....H.E..!:B.<.H..L...M..u.....H1L.l.K......g0=:.!.*.+...6.....E....i0..a..#.~.O...m1.

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\462__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.998016308584742
                Encrypted:false
                SSDEEP:24:Y81v2hJ5MhEjDAV7iadCpvfUHiZVZjH0TH9O5Ye+QUiln4V:Y8V2j6x7ia6vEyVZDNEBiV4V
                MD5:45F0C1DD2EAECC2109AFE8910366B0B7
                SHA1:5C8F1B8E3870C06A0B2B52B66948C9D2DD031229
                SHA-256:A4772BC082634A0CCE7E1C0F4D9DA13EA7DCF89528A919C1E7A5DF77BDA8D560
                SHA-512:C3796139B023108DB2290DC0693AD776D388A98C7C9364CC1E8A1ECCCE45E50D8E7674D1D502F229A7F642D992E6208AA2E0F688A4CB961B1D3ABA954549FAA1
                Malicious:false
                Preview:...|.pC.7..?I.....0...HG.j.A.:........(......v.%.....5..9.j..,.....~.Y...R..a...7A......~.x..s..[..*.5.K....!l.....m..f.miB..xwmA..m4..:V..@.r......{m.......crq.......'1....K....3?...C......-I...........;..Y....q.cN......o}.h...q&.O*..U.6....*..r'T-.C.E+...}T.d..F1.1@p....-d)...u.M#G5......)..*.9.......,..]P.........S.{...F..h.w..|S.<....,H.k..|..q.N.B.HA..VF.H....Lh..>!.......&<...$K..".l...E~.$... .,.....*..)o......l.4e..4...f.....].:....B.........kr.S....h .T../..9..........5.W.BLP...?.i:.<..G.s..$}..o.O..94..b=.F.h>.).......Xlo~.?..v.....R..5_....v.../Iw.:.Ha..#.>v...[PJ. f.U.".4D..A^~[wy.p..$..ce.^...p.]b.....u.\...k.$8........C.W2s.Y..1..X.*F..^Nf._..t.[.....[.(..rp460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\463__Connections.provxml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.952653718238598
                Encrypted:false
                SSDEEP:24:AH5jaOZ3ywW8Qxu0Qf/sgMjZVZjH0TH9O5Ye+QUiln4V:AH0OtywdQe/srNVZDNEBiV4V
                MD5:2D5E7D17C4668BB89E848FCDA5B001E4
                SHA1:019B72DD2F1C79D2526677BDA3F2A6977A0BA6AD
                SHA-256:00F28C0E4CB37A51C07F5FBF42641A1DAF7FBBAB71256DEC949D65DBB76AABA4
                SHA-512:6E2D075E5AD62D533A482B38CDE9EBCD82AB1E652D5334FEAE9B824670DFF6ECB0159DCFEBDB533A3F0E7B86DF153E863AB18D58B0F9B10CEFE2CA35DBCDE3E4
                Malicious:false
                Preview:D....7....f..........X....(.O\}k..L.|.9..9dI0....k.v$X.b..a%[.........4...?J......~..9s.,}....C...B...*...av...#.cp.r...T....P..J...-...PD(+......%.,.......x..J.e:\.V...U....R>..V.fhF...:...+6.%cyA0PYZ....?!r=.b......r.e.2..}....K.D.......f.5.L.....>...5.X..}f...TT....I...>*...!..w.+`b...A.n....[..SG.m...R...!.s/h@.K.......@S...+.y...|.G..o...h.E\=.....(.^...._..Q..H.\{...(0..g.BD227..(q..A."..'}......V.....V.=N..c...MBo...O...=kW`+....@D..L.1y..{j.Z..hR.d.;...x....#y.T.<./7.!.wv...]~..$..;oV`.`.].6.f...r..{~2iL.7.hM...#.s..<....l...Y#O...o.r.0K.b..(......p..H...9..n./...v.....@..4...".p68{.V..f$.'..e3....~2.....|..+.UU........5.;..w..+.hD....3I.>.6vD..L.1...b..d..q...l.Q..H..:..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):674393
                Entropy (8bit):5.63851475271528
                Encrypted:false
                SSDEEP:3072:gz6m8QENdgd1zRkkdGpuUXAWfy9zMVMeUffTpkp2JHNYCf+v99oE3i:gz6m8hNMzVdcXY9z8Me2VkWGvoES
                MD5:BB2603BFE03298FEFF2415D54A8FD59F
                SHA1:075F7985FB6B68B97A1C08BE4D2348E24E83E1BD
                SHA-256:6C37576C8FEE9F67517F910D5E54EA24B7E07A6511C50D5C16AAFA062FB86144
                SHA-512:5CC95AA456954FE9475AABADCFBFE2DE4A1E4C3DB4C89BFB4852C082D974D402203C64C43B020C880627A055A0CE8FFD4AC4DBB308E6D0E1A337AFE38E2775E7
                Malicious:false
                Preview:..}.L.....J...!..[~..:+./ ..I.....`M...7.IAm..\ J."...'.v.5:.B...*....Mp.';..W`/ ..B....C.[..>JS...~....}.kv.=#.@-.=y....4.....B.i.S.P..CC........aT.8N..;.0..2..M.p'.9.t...Y..N......"..s......OK0L@...;]q...v....]%.>X..Eu...E2......:.......`.G....+...+-.X...i.sX...*.gJ<.a.-.2]..K...ctK..Z#y........X......<.../...H..t.MV.Vf..t...^.....).J..m....q..n...s...Ql=..-..z.....W....*VV.....TY..1..k'....."..B_.....%..+k.....X.H.0{R2 |.D....H.WF.}I.......@......;....qC.s.:...%Z..]JE..vJ....t.^...\.Z[P\.....1d0..!...W..F.NG.-....Q.,?hlSKv...C..%..E.nP.s.|..+3..(8lub..=.N..".(..!".K..W.y..'...Xy".4.3..4Y.n...oD.#v.H.`#7.......'....T+;b.g.....V.5....E..(2..}.........!..}E=. ].^..2.2*,4E..-..6g...R.^...).Z..-y. .....4..I..<...[.T$^..@..OK.LB.l-..>.3.Sm(....6G..7.a....R.Q.,.PL.:.._h.A..u..`Z6&.......I.....l.....w2K.c.....`L>=..r..U.W...?.9...1..\.WN....Y:........`h:..|..+.._...5e..J.[.G..*...S......dU?0.'m.h.9.sE0..B6\...kn......p...OQm!.r..@o I....T.

                C:\Program Files (x86)\Microsoft SQL Server\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\Program Files (x86)\Microsoft SQL Server\110\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\Program Files (x86)\Microsoft SQL Server\110\Shared\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\Program Files (x86)\Microsoft SQL Server\110\Shared\msasxpress.dll

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):22216
                Entropy (8bit):7.986123380245487
                Encrypted:false
                SSDEEP:384:mLAfDaliruDD7rQH3c1/w060ft1aEilupXd2cIa2wo0V5p7+eGdKMEqPyEV:mEfQbQHs6036J28ZGt7J/7e
                MD5:EB0FC3DC6F331E8D583D411430482E0F
                SHA1:275FB9A83C5A148035467FA776D68B34ADA68B63
                SHA-256:8C2E5D1BFB5A816FC4D53368042B486D266A7B7AB068B666F008E837AF439C52
                SHA-512:5542438A0BD6FEBBE26617D516D88D7F6C782751629D4F0AC0558561295A9DC546B53675971A82FDD0A31D3D9D0ABA7C7ACB6E72150D4F5E810B583EB3F2B160
                Malicious:true
                Preview:-r.B..9).C....'..."......O.V#.9...0.gK.%.....2A.....DM.h....(.z.......Y.<.z...p.....Gm..D..Q...m.O...@.._2...gr.w]...A.*m...{...~....;......s=9.QJ... .........h....>.(...... .#."CN..h.H25...o...(W<."....w'...JQ....M.q......6w.w....r.. ...m"t..S..^.d.D..gN..a.8IX...........7.....Kq..T..pR/.&i..G+..k.....@......]b.R........[U........\. ;.......`.....yF....O.Pc|.G....YVZ'.X..v.....s.h....P.].F..w*.....@..r.....j.^.ps'.k....s.Y.\<.....E.{.....q..6....Y...B...F...nFe...NC.S....O.=.9...Yb4.Q.7^@.....^..8..b.U=.m...r....^5......x.5..w.g..."..XH.F..{1......3.Cc.b6iN:^).eT....bi.1.....m.$.x.S..bp.&d....6.$....0.?.c...=.ED..p...R..9.6j..~........3;h.>O*.#!*?y..+.WM....{...2..(.2v.7z.|d..=.0+.Jtx..'./D....eN...3...I..pZ.. ..V.A#.U.P...0z..<q.bc....bd>....'..Q....X.."E..y....6Kz..4a..uY...A.%.........S7.]_eE}E.........l...n...*...7Q..1.......V#..".WS."..m.#..k.:...[..MhC..@.Ua.1.]...d..^.7w..0./..:.El....N......|.})cC....T9.Z.6.X.F{.>.SRlj.?..O......

                C:\Program Files (x86)\Microsoft SQL Server\110\Shared\msasxpress.dll.SunnyDay (copy)

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):22216
                Entropy (8bit):7.986123380245487
                Encrypted:false
                SSDEEP:384:mLAfDaliruDD7rQH3c1/w060ft1aEilupXd2cIa2wo0V5p7+eGdKMEqPyEV:mEfQbQHs6036J28ZGt7J/7e
                MD5:EB0FC3DC6F331E8D583D411430482E0F
                SHA1:275FB9A83C5A148035467FA776D68B34ADA68B63
                SHA-256:8C2E5D1BFB5A816FC4D53368042B486D266A7B7AB068B666F008E837AF439C52
                SHA-512:5542438A0BD6FEBBE26617D516D88D7F6C782751629D4F0AC0558561295A9DC546B53675971A82FDD0A31D3D9D0ABA7C7ACB6E72150D4F5E810B583EB3F2B160
                Malicious:false
                Preview:-r.B..9).C....'..."......O.V#.9...0.gK.%.....2A.....DM.h....(.z.......Y.<.z...p.....Gm..D..Q...m.O...@.._2...gr.w]...A.*m...{...~....;......s=9.QJ... .........h....>.(...... .#."CN..h.H25...o...(W<."....w'...JQ....M.q......6w.w....r.. ...m"t..S..^.d.D..gN..a.8IX...........7.....Kq..T..pR/.&i..G+..k.....@......]b.R........[U........\. ;.......`.....yF....O.Pc|.G....YVZ'.X..v.....s.h....P.].F..w*.....@..r.....j.^.ps'.k....s.Y.\<.....E.{.....q..6....Y...B...F...nFe...NC.S....O.=.9...Yb4.Q.7^@.....^..8..b.U=.m...r....^5......x.5..w.g..."..XH.F..{1......3.Cc.b6iN:^).eT....bi.1.....m.$.x.S..bp.&d....6.$....0.?.c...=.ED..p...R..9.6j..~........3;h.>O*.#!*?y..+.WM....{...2..(.2v.7z.|d..=.0+.Jtx..'./D....eN...3...I..pZ.. ..V.A#.U.P...0z..<q.bc....bd>....'..Q....X.."E..y....6Kz..4a..uY...A.%.........S7.]_eE}E.........l...n...*...7Q..1.......V#..".WS."..m.#..k.:...[..MhC..@.Ua.1.]...d..^.7w..0./..:.El....N......|.})cC....T9.Z.6.X.F{.>.SRlj.?..O......

                C:\ProgramData\Adobe\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\ARM\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\ARM\ArmReport.ini

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1254
                Entropy (8bit):7.02691869608283
                Encrypted:false
                SSDEEP:24:ZxedxzkEwt1LrrV5MTFtGb2/maDJn0QwxrYCZVZjH0TH9O5Ye+QUiln4V:Zsk/17V5MT7p/maD3MVZDNEBiV4V
                MD5:1502CCE3B0A2E7980C76B94DF3A22834
                SHA1:C84C7AC85F2F1BE374AD3D0FDDDFA388BE6FA5CA
                SHA-256:E44CFD29CDB102FE1543FAFF5615A3599605324D1D7BE6E05B5F13E25F75DB4F
                SHA-512:9D242C41F63703D1D63280946F9DE61C2EA050D490C83C16E659C4B59880D8B73C5AF589F77977E149C9C62D81FD54D6E96C5050F11BF674A27E32E0BBCB791B
                Malicious:false
                Preview:..IX...&....@.%...m"".8........2>7?..@H.......&..8 ......;...V......-A].D<.l.....EP.)O.$q.v....^.|(..q./.y.4...2.r.I$.L.U6...........t..2.d7R...../...q...G..I....Lq[...B.m>.i....l.T...].s.C..6.."...I._............N.X.|n.".r.. .......P.#D.z%....]..iW3...>`d.P..t..4.......T.......}.ZW.....4.z..vJK.../.g....e.....?t..S...]D(i,7.i.E.J...&....`..l^Y...C.......?.....ye...eE+...&..e{.+.~F.....;{. 6.....K........[..n.#.L....x..I.I.'.O.....+.....V...o...w.w..._.....(..`JKE2Lj.}fN..L..ja.3bHU.y...r<..#.......\....w...~..6i.....5./...Q...cn..`.M.......3P....L/+...d....!0...U.B;9qF9.7...\._..w..4}ml..R.w..Jdn. .......ljZ..Q.E.....<7.. .A98........l....t<...'zP...Pye%.....;...KOxANs.i.v.-*.1V.K...:T..9.,.....t....-460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e38993

                C:\ProgramData\Adobe\ARM\Reader_19.012.20034\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\ARM\S\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\ARM\S\11399\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\ARM\S\11399\AdobeARM.msi

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):991752
                Entropy (8bit):7.626507275468615
                Encrypted:false
                SSDEEP:12288:dB8CfiwQEHeSHMTuLTBn0wM67J9ji8GUrWelRRzMzzD0Ad3KYo7hAx131YKTwIiF:nnKVa/INiRoz0AhK7+xyL6A2oY0E8
                MD5:FFB796F8B843498557793C843F24E813
                SHA1:DFDFA869AB5090DA75B4073674357A12DD6F61E4
                SHA-256:FBD6C1F7673114B6838ACD72D42550430C126F197D99534D32A6F49D8A3829B1
                SHA-512:0496785E62F95E12975A342E9A0218FB23699A17F2B902E1B22C5CDA49EEAF04207EA883A543A00793532915EF6A5AF71B3C7D63F80A1172E1AA1E15AFAB94A5
                Malicious:false
                Preview:O....~E.2.}..f.K4V.B...p.^.9.....-.(3=.O.J...4....-.6oK.E.B...=;B..t..Q.X.m.QO...Sy.....F*..f.ve.Dm...n.....M.r.3......2Y.~.@4..#.a.....H.u.R. y.`.@.V..W..!D. ....W.NK3.J2....w.........:.....E.......l.........:..A.7...pI..v..p2].H.&J?K...5f..{d!S..iC.$..u..al0......B.d....=..y.N.:...)-.i|..G..2.)x....E,M$.....g..._._C...B..2}l....Z...ix:....Q#..a........*d.%.......e.?./=..A.@sI.,$.....G.X......,..3},..e...R.r.....z.~FA.".t.Ayip.....u..Dh..r.;.. .2..eb(.?P.v_.B.?&.u....'.%M...9n....!.6.A.hJP..='.....{s.9....J..P.U8S.Ot...`..=.=p.Q...T.....7.p~.....m\.8}_~.S...LU.|.,..R..P..=....p...i..mI.f6...t.3...5B....~.{.....t5.z...!....JO.=..q.Z.4%CL.Z...S......"..fk....!X...I.. ..]..&.!..O...-..U.L..e....%....5.+."+.<...U..........70........0O......m..o..>.p...*..x.^3......./.CU.f.5.5An9...s*.K....y...'}.......x.i.4;3O$#v.....:1#..4...3v;./~.8.r!..II......=L:..-......Z.k.g.b.~F..G2.,.l.*dY..Or._..[."....E..st..U.z..z.x.a..Gx..w..U....r...;%...

                C:\ProgramData\Adobe\ARM\S\11399\AdobeARMHelper.exe

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):423984
                Entropy (8bit):6.812958831857012
                Encrypted:false
                SSDEEP:6144:SlHq6WUBfn7LiJdKkAtyKuskePvX2Zp7DmuXYvr6ys/pV:SZAU9n72/KkAtydem3nM6Bv
                MD5:84B1C6E77490CD35CF033B16A45F1B18
                SHA1:7027596B9E0F369786ECD4AA9BA2AB938D070D52
                SHA-256:A507FEF96103EB16FDE83AE68A0B4A8278CED10E4C5914CD5D9E0B46A73F5A6F
                SHA-512:114FFB9061395407869E9D6FD97565BB365D639E7FE3E310500F856D71C63898E221A92EDEF851F40BA2131C451EF9BA314EBCA492CB4D7240BAECC60740B080
                Malicious:true
                Preview:.........:.....O.....1 G..b.gv`..G..q...cX....J...|qd........L.F.i..6.).Lq..d...U.d...y(K@.O..a.H.+.....'......BC..n..N....N...lR.....d....&.%-.>....L........~mx....v.5..u..S.../........L..~....HN.x.f.+*.~.?]_.=.k.WW.1.+j...D.bK%.1.P.CX...cZ......t.hoIT..G......b.-[.9...rX!.(W./y.LC!......aSI.D[..>j.....-..k;.}....]...[....w.9..xP.P.......7r...WF.N.Q...8..J.....Bt.F.._...Cx..a..%D.0.x|..........3......U.'D9.._..................7..,C.M..w.@...P.,.S...G.G..h.O.pz8d.^.3.x.r..o.C...G..W.)A..J?(..N..ER>[=..'...x6...F..&..x.....[s......7v.P...`..Q.......Y.fV....6:......s......Z....5b........0,"J@..>,..u......uQ.A/....h.K...?.w..\..3.....s.<-.!}n..X....9N.........?H.....!......../t[8y.t..P.&.R,.Y.6Su..9...0<=....s...3.<.(E.q.BO....Z....!X...s....GA.^..R.z...SVs ..M..|D...,...,......M>....1%>..B....s.H..{..).4u.5..*7...v....IP....GfN..^.G.O..Q.......Yk..".u;W..4`....h..g.....+..8,A.%.x*;u......."...6..=...G .B........j..pLxS.%h..O....-.......

                C:\ProgramData\Adobe\ARM\S\1977\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:48:2leJFmtFRwW3Hw0Ic5uXewWCU8d+naLTJqe6Ixwf:2leJ03l0eXCld5TAe6IxA
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\ARM\S\1977\AdobeARM.msi

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):983048
                Entropy (8bit):7.625384010401799
                Encrypted:false
                SSDEEP:24576:2ucX0PbwtL9IkSmZB1mNw6TjxY5hhuA89:GX0PbGZBsNw6TjxYhu79
                MD5:C2754EADBFB3853ACAF498DD23AFF8D7
                SHA1:3BB3954B563C17F461163CD8D28947BAC060F813
                SHA-256:790DC24C9BB6104DF883BF292FC50D582BB2C786C6D8E062360B2017E3FCCF22
                SHA-512:7C4AF00744BBC6B17337C68379F428B60D317AC34EA47A89F397C51F29B2457B7FA5B6744E4D757DFC83A754DF2545C187DFE52A80063B89A8295CB072AB93AD
                Malicious:false
                Preview:~W...p3veQ.#.ml....-rJj......C...e2DNW.;B.a;...);.....A...VI<...A.,Y.......iL.TQT..Y..y;tw(..Pp3KK....9/..b.....=G:& \.}...6b.....Q......J.esf.st.$a.C.F..W...r...#.u../.h.=W./?YI.#4R......NM.:. 'AA......0.b.l....4.v.\y6..=..3...$......5.F..k.Z...Xf.D.....q..+`NU.g..L..1.#...........+.}+.0..I.N.V.).f..'........X.Ah...z.xB.bm.Vh.NTk...1......h..K....[.%o........!2..EO....T....~./.O.%.i......;mH..V..!....-...|e..E.m..........2....AQe.h....Vt.{.)......+.&.09o.....9j.d.<..Bi,.w.......|..>...=N.e..ud.[.y.D...%.G.....wF..F..H.....;/J..9...r..].9gc..`....n0...>.e.7...Q.>/V..........l...ZV......~./W.t$.......0........c..>Q@........)$.O.........kW8...`d...t...'w.....[.F..fJQ..[_)..]....L...H*n.e.;N..$.HZ.(..*v........&..e.b`..X.3...&..:u...J?B.'2.g&i.k......h^!kz..x...3!.@.$vzI{....f....a..xi....#..8K....F.<".@...g...D..nH..-.L.Q$....x.#..-M.m*...B'J...`kT...........s.!..l.qw.a..<_s6..1.C#.L...tW.}y...l.S..xDPV...E7.N...R.:.h...T5.q:...1.

                C:\ProgramData\Adobe\ARM\S\1977\AdobeARMHelper.exe

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):423984
                Entropy (8bit):6.812567711909317
                Encrypted:false
                SSDEEP:6144:qVd2NyuWU/plBYWzRYH5n7LiJdKkAtyKuskePvX2Zp7DmuXYvr6ys/pY:gdWplBTSH5n72/KkAtydem3nM6Bi
                MD5:494D0CD8CDE8149A5CAD25A4564412F7
                SHA1:02640604AB691FFEAC4B49015A61AC0255BC8909
                SHA-256:B5F00E2BF6F860141C0A9B761E8E003091456A834CB90E8A03F6A3C45AB8517C
                SHA-512:9CC57F1623E3AD7F8E69C2CBE70E8880F088EDF8364B1648549F18519B56181A6C8B72D5F4CBDE84D6CAA8CDDBAA037A06D8B2B208B15E5CC82111E4F08A08B5
                Malicious:true
                Preview:.?EO..-.8'.!....Ub.4...l.cSJ.~K...2....]..|..(......3.....=qb.T........6.A5..H...D.$.FOI.J/ .Ot.;.|.F....T.~.'...D....n.=l.B....zc+C.M..(w...".q....B.<*..Ce.....b...."...g2..r...l.9cI.V..L...'...[,.....$.c...;.#..@...+..R..k.MQ.K....H-.hQ.#2...':../.).F@..T..........w........f.u..L.bx....3...5.E]6...O...?H,.<.x...^..zH...y........+.5.y.....P.a.Z.x.....]tB...M~.`.7.......\..T.*qW..(Q.....=..5.%h.).Y.<B.s...8..h...!uj...-@.WO..92..a.....y..N.<...F...b....k..w-.O...F...sN...G..X............[....o.n...W..S..J4.W...!|[..V..t..Z.97..,......WBZ....P..~.=@.h.J}.s].S'...f.~<.g...ul....].*h...&...:.J6!.+.ib.6.I....*7.>..!...J[...!.=s...e.9.:<.?.xp./n...}.u8...$.+6.I...?~....l....eA.)....#.r........g..jRv.m,.e...v.+.U.%E=..e..U.4.n..m|..J]..P4K..G.U.&..p....,..B_.B6v...:.U..M.SjcN...D.^.U. .X7y.k..........a.....B?....a.......1+../.bh..'JuaI..V>..4["H].Q.[.L...w.......b..h...r.#.L..W...uU|...9....x..4..2E.g.....q...C....(.qQ...B......h...7c~...K..

                C:\ProgramData\Adobe\ARM\{291AA914-A987-4CE9-BD63-AC0A92D435E5}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\Setup\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901220034.msp

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):244417032
                Entropy (8bit):6.906775747123068
                Encrypted:false
                SSDEEP:
                MD5:C266D7BC4CD1AF078AA11334FD021DB0
                SHA1:07B137C9B05A9E219EA768834398F50515E1B583
                SHA-256:859F40B2C700C3998FB00AC054960EA5CADF282FC3BDA82494FAA7F197635E86
                SHA-512:2AAFD88FA61D80D95C708AB10E7F0433883972DC5E16532FAA28AAAB904F2910367F6623CC875A1D3BE30ABB327C762E06D7CB392694AB50ACAF4C0D77835B28
                Malicious:false
                Preview:...f.1.8.....Q....8..}......P..s.n.+.b...H..+.s.."@,./l..]....H.....k=..ig.gX.Cf.....*.f..C...Bw...W..Q4....C\.M1n.k.}.*.3f.c3Z.F..]...8tY....YVN.8.2X].7|Z..........O^Q.W..Ng/+u~x....Y....\.hb@....T....f...F.....A..B....51..P......`!.h..V?+.0..Q.n..$k.W.s.4G.m.e..........|.X..T...+N.3...".e.$.p.[..-B.]2.......4.1.7'..a..q.....`........K..$....XL.?.~.M.].+1).i|2.y.[.S.Y....4.2..V.3;...h..GM.n...5.&.........5;.%HUp3._HP....P<.l../V.@wxm]....1#....%......GM..CqC4&D..jF.1....l:...C.....~*4.....KpA..G...<...J..%....k.c:{-. ...i.=^......(%._.lU/.F.x......m...Du3..4.l..4O]..e.....zS*oi.' ....l......9...i.^Z.r.%..a....bp...]1...8.d#^6.e.p....?:..E...6{B...x....Q......5N.jr.a'.e.,..bw..8.$.$K[..-....5.!.vF&......".*LQL.`.|.fQ.PV..H...%..s..t......OFh&].Z....Z....).lH.&K&B..W...$.K.......Q............HL..S...lD..Q.... ..H..0.o.x.....%|_.7.U..C..a......Z.+A.Y."....@.1....~0.9s./..QW.G<.(.w.Q.8..s..>.....N.....K...R..@P,.T........\...?t..o.\`<>L!.Z.

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRead.msi

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2793480
                Entropy (8bit):6.07045132125952
                Encrypted:false
                SSDEEP:
                MD5:ACA73DA7B65922ABDD2019796E47ACCA
                SHA1:6E0E7E7977CDCACC919828F4FEBD58825863D13D
                SHA-256:DF6B532A69D20522331415F86C1C68FB32760948CEE966432673A99D82F9E059
                SHA-512:2E9B8B0BB13B49F5873B32B2732160E6558F1D647BB7E5EF511F7D9E5C29E58B3553ED72B4836F72A41DD555A332ADC6497E1AED8FC4E8F22FC12D4121A940B2
                Malicious:false
                Preview:I.^{.y.{U)......{.nd...{....#........##..5....0j.....$"..,-ys...}=.wP.6w.....|$><....uUmV..fr.."V/a.|q>f.....Nj...i.....B...].?.|^...*Yc.6...hQ.....S.....{....s>.JL:CR..."Q.r.A....N$S..mx...,..B3....|+s..x?.i .Aj...b.....gsB{..J.8X...T..i.[Jl..i)q../.{g. ..f.O..j'....U3.!b..+..............S..[........*=Sg.d.........9F...:.H8....d....E........(..w?FWR....{{...4.`..U ....8.S..<e.,....]?:F'......V.24h..~.TIv.o.e.....ZQ^.j.s.S...U=....`..z1...k..%.....u._..u.TN.v{..4_........ ......a.a.M...lT........#..LG.K..kV.3*L..~...*a<..|..].b.y.mJ=.?.....dx..x.j......p..6%..F...b/.y.!U.... .^......d......P.,f..r..'.......wJ....#K.p......AG....:..L..Y.......,_.^l.(...........x#f.-.....9~..3.........Q..?*...sb_.#.-.i*1:@.8s.~0..-0...a.... ..C8R...J.M..&.Q...I<<...8B..:...rw..3.V.1D.J.k.!.}.L7......Z.{.l".}.l....a.h1 ....n.....W...q.....q........`?...%^Y...za..._..|..n.y...9.;....(r.uNi4............8..)r$.....h>o...<Sf.. .....rK....4. E....(.&.7.)...

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):175114563
                Entropy (8bit):6.829207774192238
                Encrypted:false
                SSDEEP:
                MD5:BC0E77A02C543761D47BF937EA189EFB
                SHA1:DC7CCA60B9DEC24515B6B6EBA7FA022302C3B01E
                SHA-256:B767FC3B9C719F7F6971C1D02F520EC51D288CE2EB460E9AD1CC494402C99198
                SHA-512:C782F2F897FB10CFDE1D07C8F07A6DCFBBEF2DA9D8DECA0294D3B2BEB74D71872FA0F8CED66AE44C68B623EFBB3E31D61C25826E299986DCB23AFDBC1F1B227F
                Malicious:false
                Preview:e......1.a....{....\....e..Y[..t....../.lx..!z`>}|.m.^.b.P_#..xX..N9.v.Z..H..G.=.E...y;GY...y.ZV%.%Jg.Yi.......8...:..r..!..wl...tta.B.....1.Gj;3......i..0.^...g.s.x.MK...m....vO.../Y...........u..3..'6#.k.%e4a..PO..\x."....... xj:6.q...3T..[.<......[....l1.oN..B.q..a.R..,7...q.5.../Z..%.B...."._&..C.Rw....u.Z......x..p....A`.1......K>C6.%.#.{....,..%.......!e}56...z.c.#)Jg.-.8.j.../.uhe.f.........2.8..6..I...v.......f@..").fR......)U:..7.E...h.{2...GBy...k<|!...z...:k..|.=67...9.b.....*n6.`...8....,N.(,.fs2....,....Zg.,.eU....mkl.......9.y......9tn.6...^bO.@....q...'$ZE..>..g.y..>+....L$....Y..w...i -=a..jWQ...<.=.fWGV.+A2........'-...#......%..h~..u.:...br...,.......B~.......J.kV.#..%R.".....Io.A' ..}.]5........r.$E..%O.|j.M..>..!o[.qzPF=.}U0....&...&.k#'.B[)..`".0....q.V.......h._KWD....n`$y...i^*..G8QVR..gm..%^.u..;6..JI..h..\..K..[F.>...... .......4.K..l8.....%.....[..j...gs...J..../.....5b3.*._A....h[?)u.S={Pi.n.a.,.b.....UNGYs..

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1128
                Entropy (8bit):6.802099894010874
                Encrypted:false
                SSDEEP:
                MD5:5133F4D1831D5964906CF10CC7184282
                SHA1:C1B180C7FC56128B022175BAD6EA0ECA47DC4248
                SHA-256:C9428A02B8AAD54BC813F6C6BC1B069E850E397723C9ACD8D4746349944C8FF6
                SHA-512:0EB9855FE3C97CB63731C2E2F047C2CFD45E53A7DC0465D0353C9078831DEC0DDFAAF4FA1D78848045C6FCC79435C3E8E20A685045C493B0FCE3793C9ACBD8DF
                Malicious:false
                Preview:!.qpZ......hY..H..ia...L.5..S.U|%i..2&..pv|h.#......_.O..m..3..8....DO. .6.(.V..?.o...qrA....D.Er0....j...'...(H.....6.}...?...._.X..6....9.r...z..k.....sb...h........).}&.u[.8M.........|..!...z....V...n..d..2>..># ......B...."..9....X..~l..._...5.E6YD.dO0..S..]..C........2q..1..#.RGc~..DP{.....zd...L..8.`ZT."..E........=M..I#3P!.a......f...Y.2t .4..9...y.V...(.hp..............x`.Ua.5N.....E....x.13..`..S.......I..w.F..v..>R.OxN..5.n..Rt.$..;f1/!.I.).pP)./....C+...)..1..I......b.G...@Q..o..v./.z.5.F..}9L.L..A(k.?...%/........H9...R.aS..{x.|...;[].T......@..g.8.l.....p.......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.exe

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):465400
                Entropy (8bit):6.514534685725487
                Encrypted:false
                SSDEEP:
                MD5:F608FFC1D33E611317404EBFA2CEF2AA
                SHA1:B74687A5365673C0F1AD4F11F960644EC54E8D78
                SHA-256:6767C541F6D9E215E2222141CF5E2537A8A97657FE9BCC1FBE40AD2DD253BDDA
                SHA-512:5891ECC67BA88796C53234542F9D422D07B8A9E0B47D75027A85A7926DF20F866E6F3FDBC5F912B325FF1623A2244D62E14DE3F2E46DDBD60BF9CAB3CFC2DA69
                Malicious:true
                Preview:.....MQqb.P.../(y...h..W:.S.{.....J(......)y.)3..K...E.i.b..c..r!..r.....6.:.....@w.....I..U..a...R..9p...=..{...f...p7/.|..1e.....T.pV....A...qj......'*fn.7.VQ..G=.7L..2.L.............z6."a4rq*.R.......7....^s.2...y.....e. .s..h..J.G6z..6gZ.........Fx...54.\.:"k.J.....$v..b....p.x4....{...:.......8w..$..W,B.x.........Ng..aI.....P d..r.^,.{D.....O...............1..x......X.Z;9*..0....=..c...1<INl..&|..c.#...+Ahq.d..v.Pj-......fD.).z.H.J..D......^..{..MB.c.o..K.n..q.2..^(&..'.T..(<......<>.}.^.......:Y...M]..2.w..y..EZ....I?...*.JG..x#.......=W.<.q.*.K$...k....9.....A.=Xn.Z.\m.!.....qT...&.......IknoJ...`.F7:<1W./x.%.u..#p.B..Lg.%7..zJ:.Dt.....s...H7.Mc.n.{.r1ZQ.G..R.7.S..+.D2..}.ud#O.Z.P..E.....].#.y..UY.r.1.q..@....+.l..1@b.....k...%.......e......k..;u....6..ar.........;..^...7.D'....~...ey...g4..U..(..(I....v.H..H>..q!....,..B.C%.....-....x....lf....Z....D1.9.CN.Mlv.a....Y.....^U.'a.e....../.N....q.Z...fj....<..S:.R...a.We.e

                C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):734
                Entropy (8bit):5.689073912393182
                Encrypted:false
                SSDEEP:
                MD5:6362C86657644C67465D3799164EC22B
                SHA1:59E97F799C46E750893766BACC4907A5B5FD5DBB
                SHA-256:06F8365A086ADD91143AAA479CCC64C4C8D566DAE5C369C3801600AFC13E21F4
                SHA-512:5B8A5E72C8771B47B948A70CF07CE1233308B971736258B806A458DE7AAFEC12614065AA3C241D3A5077F7A3C3BD031E1203187D06F70A63057B8389AC9514CB
                Malicious:false
                Preview:D.\..-...t..M.........q....V.$CU...%....: 3.K..W`.,........Fj.y{.C..F.8...=.F.....p.....IC...M....a...."...=......WeD..O-<.../H.3`."}b...X9..tj<....C}+.K.E...3...n../..&[.g.*.h...G.8s.U:..".$h......... .~V.-G...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\AppV\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\AppV\Setup\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\DSS\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\DSS\MachineKeys\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\Keys\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\PCPKSP\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\RSA\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\SystemKeys\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Crypto\SystemKeys\8161c532f4be2453f4e2b357fecb49ca_d06ed635-68f6-4e9a-955c-4899f5f57b9a

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2085
                Entropy (8bit):7.536886819389944
                Encrypted:false
                SSDEEP:
                MD5:81F3AEBB1E9DAEEF1B5850836A299B54
                SHA1:A29C19D4B89112914D62852A95EF3E0EDDACFD12
                SHA-256:E8F14570F353717862938D005BD56A2ACDAD54167B437362F42057B0451E282B
                SHA-512:A9ED0495B2067E43ACE9FBBDCE00B9243AD2C10FA68B848A69D56BD2DDF02035B70FF110B98569C3B4CD61F7486588D4B06D2710F59A10930F18B72D1FA3E3C9
                Malicious:false
                Preview:l.F`:dB:/H.M..#..\>.......`.....-...@g.....?.BR".pS.dh.......l@.... <...&z.>...B..Td..]..<.8..1..b......}.....?M/..nu.S.$..{.z.4...[......B.I.. ....`t.. :............vA[b.5..'..~3]......`?...?5m*b......A|z60.........+..N...h.Y..~....a.A.......RC...w.f..........2.7..4=..m.m.R..2....E.........b....es.B@..*....'.........4...;.e)....j........'".Va=.3C-?..#.wt..#.A98.|...r...-@....X.%li2\..j4.t....h2GY..x..."...\Mo...I.[......e..+....q>....D.8o..Y..<.j_.......a...)sB.&.......O.W...."-.....Q.=......n..I8q..li(..SP.=...AC..............._..p.X.5."..P'...K...KZ.<..K...[E!.....(.,...s;....(%..x..?t...9...a....{.....!.w...-..RLzS....KwD.......F..h.f..+wy.t......P8....8'N.Gc.Q...!=.#.Nj|q...)F...1q....N.@~fW{.ch....y...y.{.....%.u.v.,\...../6.J^5.|..Qm.+..a4.#.#.A7z..D...O.....e..#{+.8fW.......3 ..y.i..7=...6.. .c..!m...........&.p....3.YP..3c.m...zH...N..-v.O*..4K...........e.Ni0....c.c..?x..j..V...F..$...~z`..e..P...*...UP..yY..I^.3.....d=!h..';..6

                C:\ProgramData\Microsoft\DRM\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\DRM\Server\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Device\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Task\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\DeviceSync\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\AsimovUploader\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\CustomTraceProfiles\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\DownloadedScenarios\windows.uif_ondemand.xml.inbox

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089428
                Entropy (8bit):6.250678348779951
                Encrypted:false
                SSDEEP:
                MD5:EC064766765A7F885B422B2933F0A729
                SHA1:35BB37DA538C71B71F5AE1DFB58A305A9727C0CE
                SHA-256:B25472687E229BE16148C916969BB8890B672424219A5660BBF4FDF56AB9482A
                SHA-512:6687F475E7AE6E63B2144817E16DA7431B11F04BF942E43C8A5A52BB45808F49A38DAFD7C60027CAD2EC7AD7CCF06E9E6EAD8F621642D30FBDE78AE5135E84C0
                Malicious:false
                Preview:..FH....5..{.6PsV_.IPBMZ?.OS.`.Z.}g.`...t....`[.D".'w..~...zW...Eh....&K.5'..t.....C..S...3.3.?x.._.0....?GM.2...V..%.Ep.%|.5.^..e'..B....{.c..(.[X#.]f...`.,..j.[.~..N...0........?.>....../g.F.CD_.....hR.?...-m........<.....RT...A..'.A..6s...5C.K....o"...8.F;.~.'..z....q.z..;..U.Z..........7..1Z...g]4I..&...h...,.m.T!.R)....7.s....P........<..FSS...6...d.-V .X....p..I.:..6..]...Gv....m....8v]..v..$.!..(` .7/.~.Ljl...:J#.Bk...`{.'.O{..[a.>x|..Z.[.7.(./^.C..e..q4E.....E...v...^.0$......|...:[..3.}.k...X...#.Td..../.......[fG.ZY...QS.b....x.._..3UR.@..1].....}..e......Z.........)...F?.N.JbV....,D..Vc..g9....'.rf..7.:.lAPr.&;K..\6..N|P..).).5..l.X..........:..@\......[..$...j.t..d..|..u.{0....}.a..3L.8.;;2@..F...`..Ux../...o.......{<.%.&..oY ....".ab^g.....g.z...c..Iv..{g.M4G...g..u...8......|.L.../+.eIG..O.....4.0.......,K.:T.5..RG....~..R.A...oz,$v.......D.4....c..f!e...?Y.......q.c.T.E...U....i1#O..I'.......D..Y..F.....0."..P.F.-

                C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:PGP\011Secret Key -
                Category:dropped
                Size (bytes):1623
                Entropy (8bit):7.314976398663098
                Encrypted:false
                SSDEEP:
                MD5:2CD3BBFFD4A198B031555FB58008B6E0
                SHA1:98ABDAA87EAC142ADE4A594E21956DE4F9EBBAAB
                SHA-256:120ADD26DD2800C0E97FEEC522070F49AE0818E490CDE230A3BDE107293852BF
                SHA-512:8B3EED986FB5652F1DE6EC87D51E6E04D45FDF8528D7E1C96294508C867AF6466F7630BC70A500E40974CE2C78E589B8D5721E4D23A2139DEC788CB7BAAB5D74
                Malicious:false
                Preview:.o$;....L-..(,...&.!m.$........."I>......:..V.......&:"......'.G...d.!...2.<.......:9.'.,..yB..m..b...`...G2.V.#.^ZS..0. *3?".@-.(I-..N.>.~...y......F.VD....i.....N....(.B...(WG`......_l?...:@....7C...^.E.g..........-.G...~.......%.6 '......../..YUk..A..c.*..;......d....{K/..&.8..b.?[..=....k!.ds......0.i....w..@ ...b...N........... ..F..$O..h.`Q.U#....`CQY.R|johF...t......`H...4,.uV.........t>v}n.......R./.t.l}..}..|..R.....p.q...-.b......#...*>.....=:M..L{<Z.?..h...&.Cc...3.Uw1zo.Y2.CJ..F...y..5t.pfo.t...x...~..8....4..r5.'..h..`.%.0....O...P.M.j....w..[2.h+..o..*KF^...x..a+.w........B.....Sf.:..S.*S...?......VL..Cs...{FD..&...W=.)3v.-.aM%%O.d.J...z..w~..[%P.9..........k.x?NZ...K.l........mG=.iY.w...t:M.....p.u.....I...yU~....i.8 `...?.....O.#....v....t..L.Y...W...2./.S9....i^7&.ah.. .....CO*......~..'?....4.%.#.k..6.>.!.K6..`{..P.......a...{.0vz,G....#......-...`O..C.\..b.~...w........c1Y$..R.0.P.<KZ.q.9$...P..y.Z.3.lx3ZD..nC.)F{.V?E

                C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.json.bk

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):4148
                Entropy (8bit):7.841603592196144
                Encrypted:false
                SSDEEP:
                MD5:103A54DB15B00483B0EE3B5B23E1B52B
                SHA1:4E28A05A91E4554A4F472763521072327D34530D
                SHA-256:4902EEB091B6B55073ECF8A94B579BD0BAF317EEBEED24A2F7F10B2695E33C7E
                SHA-512:5A870B1875920D5DFC76360CB70EA07F82203AEC17615D4DFEBAFCCAD4A79986EE18D8E5462A01B8CC3781D3BFC167B313528AFC2A79A001457CEC401379FD2F
                Malicious:false
                Preview:o.."..!......./.....W.58.V...k.Ig.......oEA..m.]....y..%..~........Wv.......i ..hq.3a....J..4...\H...hDG.../...c.>..T..pxe...J kUw,....gT.Iu./.^......s[..Gb.z.....\<..Pe....J.*. ..n..........CB...8bnR>....5....0'.rGc..,../"..x....:n.....Q..'.u....!......L`..G.............J.....Go.D....a...h...w$..(.)..o.9:..^3.J........"s!....mHO..........x.B..h.b.E#Z..aPC..R>...2.8...`...`.IA7.....l..V:...*?..8m...W...2.+t..dy{z.Z.Z..%.FV...J</.*...=.^.....'......V.5`..l4..CU5....W..Of}....d......;.p......t.DnsX.O..}5.........3..3.}..qE.*QI...........P....b.i...<...;hWs...#.x. ...8..............(.....t....h<...X.6.......-...JJ.Zj.*.ZQ.........{gd.E....f..L.....N..}..w....{%.+..:8......%.c.]..A.;.....<...e.........W..}..t...(..K.#/OY.X..;.|hA>....a..M..CoJ...*.....I.Ed...n..3.6.\........OB......N.2..n.$uh...d....Fy.....Lgd.....Y;..g..N. .4c.P...a...u2..;r`.Kc...q.0...j.s......R.c..T.Ln_41G...U....u!.......:.8.M.LM@....^..h.....W..>r......2."L.;A.<.2B

                C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.privacy.diffbase

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1812434
                Entropy (8bit):5.256056045203617
                Encrypted:false
                SSDEEP:
                MD5:A25820D5161E1B46AF89C770AF829CD5
                SHA1:E01F402E8E8255EC8C7951CE34D32781DAB77FF8
                SHA-256:8124E98A8DCEA84DA39D8DC4365EC82CDB01F3EA17D24F23878916450CC6DB17
                SHA-512:2CABFCE0A4063686ADBC7AB6D3AE1916BD0DFD55F3F7F35D0F5359281FDDF2DB335CB7C664D6FA229385E43A03717D275563CC3A2E03F685ED44264D2DDC20B3
                Malicious:false
                Preview:5~....:.T.p...M...=.3.....-.M......x.....%..mXn...SG.{.....i....P.F...t.Lx.z-q5.,7..L.#......C.NE.Ls..RT..aQ.9.#I.=..../..j`...#...(....)o...(..h.S!..-._B....'.K9!.....>.\..F..!/.]EJr..y7<L:..|._...'b._Zm.....BP.Z...a..Ns..+.-..4C.....(9./d..P.,k.,.|....{..M..'.2.U..#........4..6.s'x.y.....b.e.....i.0....&<...E.\$.%C...9',K./2.i...*...Tv..Fd\.|>.].(.S.T.u.;..*....X.g..+l.e...{.?#[rd.-L.-,X..>|.......(p.......W7.4SbjG.f!;./WS..{."Q.Po?. ..wW...............i...|.,+9....L...q.5.i...tp.>"a}-..2...m..sp... ..-..-.{...t.....H...o\..5......;U[..k..GL...U.i"...Lw.;...yz.Bk.N.V!....A-lY...r.e.U.5Y.!L....G.a...........l]Y..T.oz.pL;?.C.={.......&".c.>..R;....g^.l.yU,...Q...`...nr..Z......#V...L...}T...({.!.. .O%........K....q.s..'=|C.*j.+&.P.......,.)^JR.t.qi.k..E".;.9.ei.#....V.....L;6.. ....S.*.n&.e....i.-_....3..x..Cz.J......\..Kxz`.......*|..._...;..P.'........z...x..(9...j..y..1...SfX._;..}....k$7...5......G..P?.....,-`.......j.e

                C:\ProgramData\Microsoft\Diagnosis\ETLLogs\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ScenarioShutdownLogger\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\EventTranscript\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\LocalTraceStore\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\OfflineSettings\offlineblocklist.json

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):551
                Entropy (8bit):4.420858583820719
                Encrypted:false
                SSDEEP:
                MD5:9C97C714536C6C8587A2750DFC977E9F
                SHA1:34FE6E0B83C79B34CA5D0EF9FB5C07660DB7F896
                SHA-256:7E6CE979972953D3895912CBD06F8551EB64372BC65C2EF7635B07A20CB91D62
                SHA-512:A42DCF65E4477DDBEA5E2BE8CDEBEE5C6EBFFF34EE6FF50488FEBAA8F70FFF4D1A45781275DBE23CF6779B6A6F8E8D99C100040498A92552CCF73585A484A1DC
                Malicious:false
                Preview:..Q{....G..W.....O.T.<F..b.1..D..y460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Diagnosis\Scripts\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\Sideload\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\Siufloc\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\SoftLandingStage\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\SoftLanding\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\TenantStorage\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\WindowsAnalytics\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Diagnosis\WindowsAnalytics\analyticsevents.dat

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1396
                Entropy (8bit):7.14018132302589
                Encrypted:false
                SSDEEP:
                MD5:8771599782ABC1EC2FC86A6CD92EE363
                SHA1:DC1CFCB145340983785957551214D4B4EBE8478A
                SHA-256:E038D7DD91590D535672EEDED41DA8FA1ABB75B7B82DFA06EB51B6C6CC9B8B08
                SHA-512:412840F8C3F1578A23B0A9002A1E9DB517C72917F14F1223292581BB332B0BEFF75D746A720F033A75CB38DDDBAA7BCF790C9E7BED57C1D8F79832CF22318E7C
                Malicious:false
                Preview:;$..9.0.|V\._A<P..5d=...T.Q...c..xU.....!....J..>....s.d.~y....H.M.......3lr.OBI.....JJ.W@...E..1.BC/....>...2~_....i1V.X...6..K..'c.;.4*0......h-....QL.."..<i.... V.?.).i....rv.r..8f\<.../.k ..0.t..0[.q..I..H.j49#Ot.t..d.....;..W,..[r.B...a...~C^8..........f.....-=J...m%o...`.S..o..~.n&r...|4.6S...'c<.@..5.\l..l.GF..T.U.T....W.U+AgG.2....w......p.....c]J.].E%......h*Nk.1..V*.F. ..9....Z..j&$...!Jjr....6.c[../.(.e....IM....=5..2.._J.,.G.A.K...$......-.....G..u.7.I..2...n......=....%t.7\..s..........!.$....,..W..J.k...i.o..2...S1....Jz..3.O..[G..d...u......d.T..3".....a{s.<.c..l..A..[....}.7C*.}!.q...(!.[.r.D.!g..tR=......x>.n...;.w.SM.y....T...../....).9..]...l..]<....(B..c1C..V1..0G.;.%$.?.....I[......XNn...5...-.$.l.Mj......fe..N...Z...8..EC..F{..#.R.qg..$..\?4.M.p$xH.td..^.i>E<!.-:...w..w_..DN)........)SG.z.9.V..p:.T.e.N460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049

                C:\ProgramData\Microsoft\IdentityCRL\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\IdentityCRL\INT\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\IdentityCRL\INT\wlidsvcconfig.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):13266
                Entropy (8bit):7.971743178383917
                Encrypted:false
                SSDEEP:
                MD5:BEDE332009D998676FE32C291E54318E
                SHA1:EB8E90D6560803CC535E678089B3D841CE99FFDC
                SHA-256:532C13D7F54041DC15AA233A696DCD99F366FCAE71BB3CC33D23C0E8AE801F49
                SHA-512:3E5D337779C50AB07DF6C545F6D88FE88D63386D0DDB09A9B1DDBE0373CBEEBC845E5E3F845FB762FE45C1225E0D0EBFAECD12FAF54C548C60ACC72B07C06ACE
                Malicious:false
                Preview:..B.#..#..7J.R.K..li9c....8s.|.4.{...gl..CX....d..v..co\........K..Q.n.N..Zd....4.....hO.o......i4.A0.h.k.W6f..0.>....mmz...T..}S(....A.f.........n..?.p.%...A].b....D+H...A..[.....s...C.K4..y...c.w...G.B...Z0V....-.o.b.5.66../..=r.......!q9....H......L...K.N...+...........4.y.......|#....Q<8...b?\.8..I.....~......!`.....Y......dESn:..,.<:X..j._U.......>.G..h}*..8..p.B..)...cy.I"...........>_0.$.I.v_=.....!..Y.U...I....K..s...o.)..Hs.h(X...:A.@.F....THL(.c...K..vqu1Zt.+W.n,.'. .#V.t..z.,.;(IE!....O..q#R......N.....B.L..hU`.I..r!.|...T..g2...~U..j....R@.aY.U....c.......>..)d.....e.aX...a..F....q...&"..mxc[..R..{|kyM.5.y..O.........wc.`,.0e.0..PJ..?._*.<..'.x......D.O<YT.Ah.....jQq.n.{by....K..X.O.iJ.I)...C.eI.I..,....z,K.%...6.:#mn..~A.SN}*.!.....'98>.g`|.;.JK....{.. ].BT.Y..b.g...eM..R..f$.3....?xK^.ISh.I.87puM.=.QP...A.....*....,.@.LY.I..~*......e=...>....o.,.. j<..4>.#......'.._`...............0....AE...P"WU\.a......'=..<.....WrhFC.

                C:\ProgramData\Microsoft\IdentityCRL\production\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\IdentityCRL\production\temp\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\IdentityCRL\production\wlidsvcconfig.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):14760
                Entropy (8bit):7.978033243801228
                Encrypted:false
                SSDEEP:
                MD5:87FB06F83A7134AC0F9731AEA9CAD3F6
                SHA1:D1E257837B56A630EF7940DA213DE1F6FB13FBBA
                SHA-256:FA5C5F0C7A2006A1E4334B03E738BEDACC266F562EDDAF1A6BE0DC2643801880
                SHA-512:F1E4AE487C2FB72FE0A25C97F8507A7B11635869C3029138F1DFCB2AFED478D9FE9CCEC70EBD8F3EA610197856CE9349E90ADD0664046E0B541A9F51DB21B844
                Malicious:false
                Preview:.\.6..Yx..0...Q..b.....W;.K..H...@L.?.?h.9<.J....m......5r....y.O.)7...%.d.p..;Wk..M../..k.U-6A_..3.UCfM..M....D....O8..9thW.i..GhCH...%..,t...#5...).Ply.b.....5m/....B..A..1.{...d4f.....gIA.".....2./6...x....Q..nc.;i.B+.;!.TOF.$.gbEX...-DP...b....s...\..."=....I.....0...........&......}.rm..zm.c/..L..vTz.M.k..8c...XJ.. !.4xRa..u....T..9.>t..q.;...ze.6./{...(h....W.B........!.....)..9..2..o..D.@%..C]...3=.A.O..{.npQ.>..b-..n..~.D.x.xz...R(..*o.l.....B..~...'...R...b.&.u 3....$...m[:..'...b..?.48.E.m...c.""0...../..'...{B.....0...CM.Qs.)1..e.L<....uc@5Ek...-P.....\.r....B..C.X8.F..]..Tc{.!.O,.j`.#8B...RN1q..?e....Ng..j..T.c.k.*d....8M. ........*q....rP\.......x.!.`._MA..X...g.G.*.i?M.'.b.....-.M.F..~....=3.8..uZ..K....~....-OyT...n.\.f...Q>mj..0.(..RI|.=.O.nRRfdb..k...`...y..........[...+k#.)..Lf...`3J...b.W.e.<......B..-..8I.Q"..z......q..........i|..\...]....R|.H.*.V...pH.n.=l._...2,..U~..2}.B..YI@x.Q....W.E.-.7P.(.}.5&.Z\.".^'.p.Z.`...X...

                C:\ProgramData\Microsoft\MF\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\MF\Active.GRL

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):15492
                Entropy (8bit):7.976094782842844
                Encrypted:false
                SSDEEP:
                MD5:93EA6298A5B2B8093DC3F103D642E180
                SHA1:25AC420B67628557D4FEDA626FC468C4AF2D4BE1
                SHA-256:3BA1C3791E5FD385271B2FB8E143EA5FE7FF35CDB380685DCE36B7868815A187
                SHA-512:4A4CE61D156421130FF32496B41E4F0DB910DD160AD614F1618BF6D855E7E3903B6762E18A6E5C22716162AA157B172755F2FFD9673CDEC0CBBB99BD02B4BF9B
                Malicious:false
                Preview:..VY*...:..M.s..7.<..6...$1X.C?W.;.........+:@.v..s^...........Ba"<1.H........'15.]$k...}..L..(.! ...........l..!N..._......'..&...l.j6 >.Jj`..B..h..mb4..c.;.e..3.p..2.....O).v....j......`wt.....}.T.......F..p'4...r%.i..;...?.].]=. b.H."...<D.f..x.I..M.......TeS.)`...c....Z...Va.|.....!..l..K0S.3X&~a~+...V...G.C1![.h !f..w...v.+...e........A.....D.=.m...N&.4..# .1.C..$...e...7.{.pG`..j....*....<.PH.;....-..!`8V...6WKnR.p...U#.h..,..Zh..t......P./.'ss.2.n .B{..0..A ...E..Pp...m.N6.=k./~.S..V....pvg-.HR!....G.:...s\.NQC..'5.r.M.{.{.s..2.~`....8....+T....,...Y...l;.o...ef.X... ..-..l9......D..S..#...^......8X^......i..!...@.9..#-.N..r..c(.o...I..-.r....i.w1........M... .Il......^r|.h?w..s`1.....+..I.i..v..KGw.I...d...5.p...P,.$..mwq.LB.._5.`#<.\.S.!.{G0.TL.<.h.....:.4IQ..].,.....B.c....#LF8s..8....47....Y..>5S.|#.....IN.:e.p.~..m..O<.....q..:m.c.+.!.\....^@n.......6.F...;K;V..O 4Rj..N.W...U...Y.........#...B..y....<..^#..{..O?.(O....w

                C:\ProgramData\Microsoft\MF\Pending.GRL

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):15492
                Entropy (8bit):7.980845333418046
                Encrypted:false
                SSDEEP:
                MD5:32BDE1049C69EFA88324446A9848E11A
                SHA1:2C1B85D67EDEDC356C1BD90C783C605D8B43660A
                SHA-256:8C044BE0592CD3C7140FEB132FB6C27F8919DFFEF3FD65E156F17795CC373FB3
                SHA-512:23315252D57EC24D18F284FBE62228EFB51DF14BBD437F3D6A99709E4667D6C6B6EAA9758C50237DBA6387CC7607E081361324391D1BACDB9A7EA47148E78716
                Malicious:false
                Preview:..(XWI....oC...9./nt..-.....q..e..B..@ar~w-..I9..#.f.e.....=..Gh.#.uDp\..........,....p}./m....%..[I-ZgK].i(9..o..Gm7....=.V<q...^Y.:.-Rl_....i.%.M..$n.sK...x...wC...VU.0.S.l.t...."...^.Yb..V...a.aC...RL....wtJK.U.&.v.x:.....8..(C....o......)m...\...?....6C."5"..Z....Xr....!....6.ey...\.*..Y.q_?v...^.1.:#.*L.....B..a...uxn.F..........8_.....#.-....I...v]k..J..4.Q....k...2?O..E.p.h=,.'*R..*..`.}q..B....j#.M.H.w.[Rl..:....iDu..b.uX..A..B...:x.M...k...].....f..:..P...KWc;xt.20F..[.T..1\l.F.%.....H.i....ck...5..{...a\.6.O.##z.A....t.pw...{.{.)w...:.}..,H...Q......4....[....Q-j..;.3r..EU.^S.x..X.X..*......tRz8HfN..........Tje..#-.S:e.\.f....3B<L....k.Hq..*.w=.=..Q...d.....|..%....i.;...~.w.S.X..3;.hQe....!..."C[.a'..#.?..}..%...>.....h.o8.n.z0."....s......a.=?.......?..[....~..QfB4 I..Z~{.Z...6...kf.8.pN...p.r?L.h.(3{..".....f.7..j....A?..#..!.NMJY..%C,.=..#.LtiI..<..a...]. 7k.E..r..Ecl...d.-.K..ki.....bM,....#*;J....qz...#..A.q ...2.&..

                C:\ProgramData\Microsoft\MapData\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\NetFramework\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\NetFramework\BreadcrumbStore\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Network\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Network\Connections\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Network\Downloader\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Network\Downloader\edb.chk

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):8712
                Entropy (8bit):7.947365308354234
                Encrypted:false
                SSDEEP:
                MD5:6154802AA0E93C84FFB41DF91A477975
                SHA1:BFD4743A11A3A334573377E2D1499DFC2AB53F48
                SHA-256:4C3B59900EBC1357BCAC7F817F61ACBBB87B537981E17FE4ADD106B9A56C3DDC
                SHA-512:1D7166956AE640454EBB57E0AB81D495FECAB5396421C4D9AC53AABD5D79F9E1367F1E59C91E2A64533E890B75B902630AA737C5B02B4463ABD9F6F319D081F5
                Malicious:false
                Preview:.$.o{n7.J;.Q....7?nf..`?...#[.30?Z....~,..x..|k~..E..?....h..(.l......8..=..c......c..A....o...q..\us..1...Sun{.....Y....{f....5Q.S...Z..fA'..M..{.N......B..D.H;d.5.|!.....o.M.tM)..Dx.....rX.....T...X.......b%........c V.rfQr...i;...A}X..."..0,........_.?..zW..8...@.....3.x..P.#..W>K..w...I..........7.G.'....2~......&.m.z Bf.o.rO....`HT....I.....]'d7.i...z..H&..o.......q~.....e.8....,.M.k.w...9....f.#..z.2"4.B..n....s...7..oB .:.w.z.n.E...Y....6 x.0.uH..-:X/b+t.,.T....._..w..J..2.X.......Q.r..A..M.^.......-.9....Z..'.Pm...d......l+...9U.Q.NTn8..1!.K.yQE.0.K....Z.1"...\G/(~..........sT...kbK.m.s3~}..]BO.....{.5.Z....'....4.a./..;..iU...h{.r...<...;..s..1.G..W}..p...@8......eywC}B.......8.-}..........r.......{...ll.$q.../c$.54..t....AU...R...c.B.3.\.=....A...0......O.r.$.w$........,...Q..!y9d.IV..7......5.|/.01+.......>t..>+A.G...?.9..X...RiH.b.R.U..n.i.h.-......Q...N........?..d.i,.W..h..^G..+y+..dN.....zD.>..@Yh=....7....]...[Y.

                C:\ProgramData\Microsoft\Network\Downloader\edbres00001.jrs

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311240
                Entropy (8bit):1.0209134036805216
                Encrypted:false
                SSDEEP:
                MD5:10686B4E46D61383F815A7FF16D9CE89
                SHA1:E5CFA5A5C10DAFE232A9D5F353D714CE6D26FCA1
                SHA-256:134D18D5358B8F7B6650A34B6B34B4216839EEAD1315B81993F20CE704236D13
                SHA-512:E17D052F90851735F7DC5491134833EF9A6C9594483B12127CFBF7E691EB3774B00111EE758E11F059E4BA495AED053F27F778B5290B869077ECFAE954A27322
                Malicious:false
                Preview:. ...+L.A T.b...{.I..L.._...4.;.%."...=.....m...j)nU...Uw.?.@.9F/......d...)...= ..!f.....y!.,"....}........'j..Y..J.Q......u.M..O...j8l.nV.F...44.B?.E.......\.......x.3U..;.x..s0Oo....T.*......N=..G.{.-..+.$..j........WG.u.Q<k#LP..P..e.L7|..2.......r.F....+..6......@......,GI..:.\.8?....R:m....k..../ a.ih.U).MW...Y..A.+.}s..H.=R.....@..x.s.e.8N....@.O$ ...y.U...[Zb~Q...ce@..;C...~..y...yg(..}.9c..m!....F..).%..z..4...kw....H..N...r-..........*...g.D+..@.Ie^3....a.m.Zr.S/....-...a/J......n.Y.e....z.Ud..(..7j...u...xOz.-q......'|.3..-.......g.......z]t.0J..........c..,.N....%..I...^.T ....k...p..6%....2.d..R!h..>..tG_....Y..q......\.B.~%...Vt.Z..(V...1..........~...7hPO......S.t.....=G-,n.b..x......{...0..S.`).>JF.R.+....[.I.C.V.@N..J.}W..N.&.$..K[>[.E..NjOx.Q.G.\\.......b.uoIfC.:Q?.H...[.@ .2.P0Y4.. _e.....`..d...^..1..|T.37.DwfU:....i.wz._&_7.(....L..vUu.x...q.Os.......$p.$.g".&!.|v...D....`.4....G.^h..n...x....c.@:...o..J-K...J..f.0

                C:\ProgramData\Microsoft\Network\Downloader\edbres00002.jrs

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311240
                Entropy (8bit):1.020631593232994
                Encrypted:false
                SSDEEP:
                MD5:5BCF7246F74B1C533C77EA19F477EE42
                SHA1:27148BB7E49ADA6B1C379E62F24F62287C475AAA
                SHA-256:B9C4E9DBF840A24F39A455C9CAA21CDFD62E513508A6E51B1B1D525B120A418C
                SHA-512:75149D6635C4656E9DD338E9B91F295F8784EF8F33DC0348755F23E51DCB63F9116EFB12F06EAA4A5058419135A5A43330AD8D9E13BF8C9B26797ABDF674CF3D
                Malicious:false
                Preview:T...*aXoR`".^....\Zl.t.3.h..I.`.....$J....N.....v..&-V.2.f....ABxy..]m.N.!...A.n.7......T...J...x.;G..=.k.|.........V.%b........;f$...WO}.. ....6a....="....T.=..B......F.#.N.b..<..`...z..{..Cp.A.:q......Lv.z3N.....+....:...@)..}.}....,VFH.J.....J;.t^,...t.RhE.NMb.#Y.?4.......,.s..,. ....G.V....{.W..(.pdf9...U......Iq......h...n`t.8.`......D.....%.,....R.................f.=.U..cm.6.J....SD.....[...t^..n!.a.1!(tI.E'...~d.r....e.k.}(.N.8...k.Y..y.5.........X=..E.H.2....W.e..L..1...v%m..k............6..|W..E......i.....70Y....ps..~aXt..D;......9+.z....Hn...af.....7..:..'F}.....S....r..b..|... ..N.{....b...r&.q..G...X|...4.Gqa.L ."\M8...283...>j.Ti.#R.N.&bI_.^..zc.......U!..1.J.g...N-..-r..J.-.,6.9.q.S}}G.~..T..K>....$.......Q.@..+.....T...s\.X...v.p......\3s/.f...l7..'..j.r.....3....EP.....Tc...b."P0...#Y......4G.o"...9N..)#.%).Y5.q....uN.G.8.M.9#..l.).2....Y.........l9.5........E!.Z.g.e......v-..U..+i.a2..`.u.....~.p.\..._../U..|hvD.O...P[.

                C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311240
                Entropy (8bit):1.0207589710685068
                Encrypted:false
                SSDEEP:
                MD5:07D798413AA54509BC70E499F948CE98
                SHA1:B5C36D6938037CC4199B2C7FB41C8BB027EEE93C
                SHA-256:59D3855F4CC972976711F8A6DAD490CED3B019893EE6887CB41247248CCBF034
                SHA-512:AFD56FE9EFA9D5338275605750D4322C80E3014E69AA1BFA6377C7A32F34F529B8A88B815FD2ADC7AD4644143F7C0395E92A5CE8B319F8DEB63D45FB162C84A0
                Malicious:false
                Preview:.V..f...0..}.X&...+.&......T.w.R..:...., M..Q......y....8&.r..I..r&.X|.fU.y:..`Ze....... .}..2*i.o..B...'@..BZ.9F6[.7Xm.E!.......K.N..CF..g.?.K.p.b...C*..w...M.K..k`9L.....'....z....Oi8.[..`CB..........E...7.!`$..<...h.k.&...d.b..@...P...5*uE."d..I....c2.C6..l.....x..>[..{eP.%.m.Q~...D......0....L.P.2.v...e.1^......2..8.........7.H../..H.]''.#...oc.m...*xY. ].<M(]....O/...Sn..d_h.;..2..1z.S.k!.7...wh...$....q.....m.]....{q...F,9<W.(L....o.S.....T3.T`..J.J.p..[I.(..Mj.@g4|$$4HJ.D#|.....j...R....L'.ld.....?...Nn..E..U.@Z7..&"...;vE*..XW.A..5....?.L.F?-.9N..J..c..]...T...K....z.M...Y..0G..gNew.+h..<a..k.x9..#..|)..:~..@.T...0.N....0.b.n..1..].%..>.ie+.......('.........9...xq......q.x..:dl...*Uh..8..^.Q..K..J....c/...o_S?b}.f.j...a:..C.d..XM.....v......S.O.v....XT.M.....\s....39}~.............c...P.=...yN....&)Dx1+...d.........SMr..?8.&...Z..!E.0..d.....8...B.?E..,~J.t.b...{..%9.r6.w..m..yt..,.|.....Z.VR?b.%.'.E.......vH..<m..c(_.

                C:\ProgramData\Microsoft\OFFICE\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\OFFICE\AssetLibrary.ico

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):5950
                Entropy (8bit):7.90944627112566
                Encrypted:false
                SSDEEP:
                MD5:26E827B13DA72ECE91CC1FCB6FD67092
                SHA1:CF24220C28283554B0A4C4ECDD77916EE4348C9D
                SHA-256:1794B6A160FED4ADF8CCCED9780285ECFB1F6ADB6C2F8C429E0C4161D0BD6EBF
                SHA-512:CE2676E75E63E38D9A3D7DF36A0ED4ECD7519CA481A6756516115F6FAD055F66AD5C77EF3A4FDD3EBE9D88C846F1BEAEE027CFAA918941318C4869F0C216AAC5
                Malicious:false
                Preview:...Y.X.x.'g0.89.o.RO.J.I.....&.>....M..t..R..."X||..`....m...r.L..R.GaO....J.g;F..P...xj..RF@t.B.{h......o.J/FA.5.W...u;g...n.<"....3..r.C..\..".MWQ.t..BD.F.Y.. [g..YI.^....c..c..x..?u.......R).}.}CQ.......c.0..."4......f....."....].o...k^iJ..R.|..{.]..J..9.@9.J=G.$.....4.F|I7^c<|.......9.lP".....i".....bt\.h.`.=.R}..4f..[..S2.`.d... .r..M..Q$.i...].U...G.r.....PQ...j......$A{.V.3...f...~G....,..'FZP.o.4...}..$h.8.+N.e......_.d...@.v~v.3...N.nh.@2K.]1;.:.i....M._..]]..FLG..(4g..T..A..w.3Y.C.....8......^.s...`.j._..m.oD......F.ua.<$.S....?..v_ d.s..zuz7)'Y.pSCR..8.&.^KG..5.....h.M.@.J....x-.^.[.e.,u.w.....%.A.`t.?.....LZ3.!..S[........N..2X.'....Z.-......Na.Y.K4..7.....]_8.nb4M.,..4~.....vGUx.;.R.N..#.k...u.A.K:~...#..{.......(.&.....H?.).E.@..JB.cTYW]^\.....GD......._.E...^.s.(.......!s.?W......4G$...l6....h;.E.<...F5*r>.P.C.X:.8t.%:..]f.ETT...I/..,.A.B...r...8..T.\.v....-).Lm..!.FG..|.&......-..A....v.l A.Yn..s.I

                C:\ProgramData\Microsoft\OFFICE\DocumentRepository.ico

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.988955987301468
                Encrypted:false
                SSDEEP:
                MD5:DF6F2EE78C6A1AF7CA1E497A414B1B31
                SHA1:4C694A99A72365C2C621D23E8E0ECC573089FFF9
                SHA-256:F2C3274D6031E593F432A046D0EA0CE5370C3C5B8D373B15515CF3991E2E4ABB
                SHA-512:A2490073115BA2ED695D50A354FB935A251469E998D79166E6BD896B37B9F715581B13C1750BCCD31C200322E79F23985A1418994EF36A6031BC9A668301BE1B
                Malicious:false
                Preview:..UyD...Z......."S...:C<..g..Y.<mwe..o..+o.\.'L..h..m...e..... "....N...........>7)......z.P. ~....T..8..Te8...vY.~m...=2....+..m$..u:P.f...7G.\.E..P-`.KU.7w.qf#i?f...X.v.=G..(.$.|...../..{....d..&1......x;.1.U..3.?..r......PKq....^..6u\t7.T..B)-"c:q.J.u..;"k.k.}.....4.Z;c...$Ne..@.Z..+KyC@4`.bP=..C...D...DI......+.e....g.....Sw.l.7.O..........bb{/..l..$^...G...sW.o.].L.....O6....J.l.Ie..........Y.R..W....w0j...\.P.aeL....;t...5.)........R.5...q.p/..DLC..(=.$b..s.._C.2..M..+l...~.'.....;@.%8..P@.....G].....Z......'..d..g..:.0....u#...Y...WQ..@.f..?...c.......b..b..*.1..M...MA......0..y^.Qm.^..Zx..u....l.C/(.>Vg.q.h..?....X..]..G.+;G.]v.&v. ..Z..T*.z.K.[Q@..@zK.<..)jw..;..4..9.h.Yi.to..r.99...q........!P&%..j6.....6.%...1v...]R=....8..i...y.|.V..kEX.....D....$..x..:.U....-..h._.|.Dd....2*....U..j.^......{k..=>.%4..&kF..a..b...[.v........B!..Dk....#...bR..a..#L..t_ c..6.....j....1.oD..dF.=.$c....././.3.....pM....)0.'.{2.nm..n..

                C:\ProgramData\Microsoft\OFFICE\Heartbeat\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\OFFICE\MySharePoints.ico

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):99792
                Entropy (8bit):7.99777753481322
                Encrypted:true
                SSDEEP:
                MD5:55B36F0A5D5C80D6FF479F70F08F4EE1
                SHA1:77BB8206C19E52A018EA2BBDEF86DB8CDCE03CDD
                SHA-256:2FFF93D66D0F0D15D433133DFB8CB07FC68F8ACB1CE6A44E90FE027A9A267D15
                SHA-512:BC926B583FBB8892D82F15415FC777B683D7750A4FBAB368DB42E17766A0587610A8494AE5CE18CA350CB973F9D920D770CF0442E4EC0E31F2C57A75D864FD9E
                Malicious:false
                Preview:.bX...|K...T.<...w.......C.8...C..x..5.-..^.d.. ..I..Cg..E.q........@.!.B....q.jrO....4e..a.^.-.(c...p[...;T..+^..n.j.q..,.m25.U,.].1..u.....x..|dW.T.5.o.#Zv.%P.....=..r.&..r......F..m....y.:.UV;...x.x.f.*R......E.K...O#.lM......|..q.....'..A8.F...MK......8KM.H...3.....7j7...\.:.4M.g...$.....1..$$.../....~.kl..xO9..5.JCy..W...pF>..3{...O..(l...~..y.......c."5....t>...)n.G].;.~...<J......8.&.{.|.....+........w..n.u.G.....#/...^x.......W..T.T.,gc..)....."..0...h...(".....r.[A...jf.....9X.).y...itX".F.5...rekL.g..z.\EZ.XH..H....Ul9..c..jy..c..x.ib1.9..>.>D..u.....k..K..".`].....^.%kn...$.;.j.}........;.r...;..I.....a..{.f......d......-R.+n.0.eOw.]r.wl.]._w...y.q....-.u..zj_...iO*..Vq.w:dx...`.qB?.RT...."KTm.....V....]..*......A...3.+...].........5...p.q.Y....R.Yo...7......R.#..B..-Wo..P...>.t.......M.<...Zf.....Mg....x.S.A......b...U.F.!g!2..3ng..E|.eo.>y..*..[9.n.n.NV..du..K_......I...I...+..b..7j.[..V..=-..G..P`H.......A(".L.t......o..........,.X.

                C:\ProgramData\Microsoft\OFFICE\MySite.ico

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.98826978781403
                Encrypted:false
                SSDEEP:
                MD5:3AFC15FDBFE9FC4F418CC4A4A433DEDE
                SHA1:D2939329E383623055A8F5F7686CCD0A31A8A506
                SHA-256:85ED88DE69F03DA964830F182B56504D030E6ECEFAD3AA32115175B27A99B344
                SHA-512:5A7FF300AA7919CD9C2B2199BF30BFC99C28839F06A008523DD9D7683C06B42FB51F543BEF9B109C55FC43A7182142DDE6A5E6F96A3701C177D077ED84759BF2
                Malicious:false
                Preview:....k...u.}..*xn.".}........g..`.S.4r..ZZ...2.u..h......%..wyX........g_.P.&.S...~...D..o../.u...m.]S.....E..$.....]..V.b.-EG%8..J.w..#.U6.r .9...*l..0.&.\........sdD.Z8.qt=....>[.Cdva%."....Y.Swm..c..y....Z....R....h..........X.A.-l.f*.....9... ...WF...E2q.....}.f...._iv....."I.kA...5M#O1..C..%.\....O.4....j.m.3..<..V.|_..3u.+.w.......4c.e."!O8.[L...TH.t%.f......o..|i/pL.;.$".e.U:..z.?...B....nn..D.@..8x....E...5.../.!..2)...&...6...P.....e...7[....L?.E..7d.0.I.lW.(.&._1..gH.J.$..TV.#z...G('K+b..5.n..y..n.L.....1@...f..{..u.*i!({.0`.3......M....AVg.......]....u.:..v..........h..G..K%.U.........@...m.XBy..<P.d8..d......... ..+.AA..p.1..W.u.<b.%l.9....?.[...r..&uI..y.kt,.lu.J..:..6....W..z6..MB.....c16"..H=1+.)..b.VSl.}EN.........S.q.=.v....7...W..... 5..V`.c>....p....c..{?.:.m.4."...[9O..E....C.....Ns.R....../...!5%....i...E..kz............'...z.Xn.......!.r}t.$....%.,.T.eY..&....:S......(cA.. ..@.]X........]L5..a.Z..B.+..k{S}....}..

                C:\ProgramData\Microsoft\OFFICE\SharePointPortalSite.ico

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:PGP\011Secret Key -
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.987484117553923
                Encrypted:false
                SSDEEP:
                MD5:802F9916F6EC233156AD8DDE412713B1
                SHA1:CCE6049DE2C7ABEDA02E2E5267A0AF676B13ADBF
                SHA-256:F5D8BAB90B508436AD67E75ED605A06F639EA9CF88CD2236280F658E28DA2BEB
                SHA-512:5C3ADCC0811747E2DE5E1BB3382FE1A34464A6EA5F79859BEF421F42F334A3D6B925FB4E01752997F2360D601FB8E5FDD4748ECDDD998D1D55EDBDBB0C02F6C9
                Malicious:false
                Preview:.._4l.......TS][..G....E}.I...C...... ..Y....!..../V.CMl....y..a....0.H..8.#.GLm..r{;..........R9.!.T=.....y..iX..&...j.P.Fn7.......3....av..j./...5..U..U.k(...j..'..'..T.jEt....K...\..V.cj..-..#&..A.W..7.....4<|.,!5x..+M..a..d..u..N..p.....+hI..sh.~&...hS....c.........rkU.:i.Y.W.=.727V6..w...'.n.E.U.8..#Q,..J.......G..."O%v..0.n...Rl..%(.w.9.6..Z.......w..8_A....bZ.....2NV&.4....p...sK......u9....{...B=&.L.B[Mx....-..".>."a.>.....u.$.!...cF.. ....R.}.@)..w...Q.2.|.. ..;./d|y...1.Z.-.=.......2..BO......W...].`.ta.wq..b.#S@.,.........[...?T..TYXX...`Y....@ .d.{..m<T.K....g.^'..y^.q.x....g...S=t.sr....sey."..kp..A.w.....7...".(w.p...gAe(..S.].).e...f.z...B|...u....M.CC..J4.VpD=....o.Sm....@z.<..h(S6n..0..$..j...d.%..#Q.h..b........1.f..>..o.w.^>|..C~^.....8.&..v ..5..6..`....[.|......x.:.uC..TS..^..g\.7dpu.........A....CO.V=.5khb..qS}.k...*Z..../...z.56)[c........X.......-.{..i.F....cv....e!..om...pL./A..]Z...Ed..<.....Ur.hk.`..]..Q.e.

                C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):25734
                Entropy (8bit):7.988192998045503
                Encrypted:false
                SSDEEP:
                MD5:4D826301F16140554DBCCB4648302A2D
                SHA1:640D91FC167AD0EEDE9BC71ED0341EBEE69DED36
                SHA-256:B5B6A81BD1F77DDB2D4A724E99BE2055BB5DAB7A63F2CEE1DBCA6A04B9CD97B0
                SHA-512:807038F32D13E51CE2F25C8741831A678A28A8CF04440349A369D6536E709895B8B5A278BBDD4FBEBDFDD486FF5905B37A8D129ECCCADDB87521CDCD8BE614E1
                Malicious:false
                Preview:..b.{..<...C..V.+{..v...Lu.....Q^T.-..L.~..".u........d....Y..=..a}|...tZ.x.w...y..OZn..O<.@.7..{.>J^..8.c..SH5{...Z.d.23MD....... n.VO.....q......(..pdh.A.....y'.'4.`.Z.94.qQ..JQ.N.......I0:..B`2...i...V..3.@......................7(k..] ..l.h.QL.....P....dR..."./..~........E.@=...$.b.........=....%.../..*..CQ..0Cv.....K.F.C...C.._.Si..Ig}..$.....$n.p...!..x....9A........6.{..f)..2.1.ji..9 ..|S..|^D.w...M3|...w.'K.P..md...q.)..../...Z...@..B... ..I.vx.........|z9...z..m.!..W.0.-...g{qr...".@.........$..j...8Yi3.<^.{1..a...B.tJ.b.q!.....*...k..?J.t....V&.l&,4.uF......t..c0kh..:.[+.jO.-....Pj...l+S~...#2H:)Y.f..IH.nt1...G..>....<......BVOw?.....0.a.w....&.B.#...?-%...u..|..Y.s..h\...?H.HR.#O..B_.>D.j....U.U.j.1yF...].. )}~.y.j.P...(.!p..}v5P...#c.L.58.<e.........P.....yR+;.....n..[Po..K'.BV"t.Y...#1c..A...h;.nd...!.)...L.a.d.D.(.0...4.x;9G......N..?..\!.....'.u<..j.W.K...x.R. ..\.p...<.m(s.v..,:.W..xq....y"n.9.)1?T(=.8N"..".a3..x..8;n..P.,;!.,..

                C:\ProgramData\Microsoft\Provisioning\AssetCache\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\AssetCache\CellularUx\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.969300623348929
                Encrypted:false
                SSDEEP:
                MD5:9F2BCBCB50FB5A2E2148DC9DA41D5238
                SHA1:DE8BF24636E7BB05517748BC4B1D174AAFFFCE32
                SHA-256:B8E1D9D695222E19A709604577E1EFA9A8F6081FE89CD677AF46330EEF932F97
                SHA-512:515756DC115DCC09FCE9A5BC961FF19EA7CA38C4D228283F780A83BD82ECB9EF44136DB1930D50B252E1630158ADF541842C9751FDDC74F922924E7F8A5567DB
                Malicious:false
                Preview:...'.:........Wn.).?..7..wI.D[.p..LT..;.8...E.4.2.L...|..S...RT..GH.....".].v0.Phf..|..jts..LW..v...&.." ....ur..v..d...p.vb.T..y23;N-..U....N......h.?...5S..;.gp.n.'+.p[..m.9..c.B....|:.....}.\..Dt!`....1...g...[...#.vZ.V......m...{(.P_g.Y.........vY...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1099
                Entropy (8bit):6.7911392783981235
                Encrypted:false
                SSDEEP:
                MD5:918B23B36D94CA179E53EBBED3592749
                SHA1:F6D40A39293BA9312EA0D819DC52D5337466C59B
                SHA-256:4AA643A266D7E0ED5AA95BD40B74CDF583A829AFABB04D5E111555462E541F09
                SHA-512:D1A347C6EC09063EAB6AEC97B3696AB0209BB467578D0A6C68940C7173DF4E905FB50555F6610EFB0D6AB6F3AACA57D9DF1850C349595DDC54CCF212A7CF515C
                Malicious:false
                Preview:.y.r"L(..m.@...T....8R\..N.k..<&_.Cr.w.&.g#....v~:c.U.fX=$(O<.h....-.p......b.....z...u..N.......~h.W\. .nt...s..s+.0F\R0.W].x...n{+.0.K...)-h*M.... ......X.E6..}-...iE.Z..K;.I.....`.fU...O...x_.......~..)3{5.EK.ok..`q.h.Fh.w.j4.....iv..#....X...K.\.....6.P5.fK.S....\V..=....x.us....J._. ..dP.B.H....2...:?.:g.b...p. .<.W_...MW#..fe3)...H.fD%F1H..5..:.!..n.y.\Qv:......uY...D...y\.v.OC..........Y....4.H..]...7..G....v..uK...p........j.n....'......z....$.}........6.q.Q.jo+......r.R..9...'<h...G......[.P...]n4...|.r...6r.....?`zRQD[=...........1..*Y.8.lUV.U..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca84

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2342
                Entropy (8bit):7.627752265738773
                Encrypted:false
                SSDEEP:
                MD5:6314C35F2AFD21D6744318C36F5C0135
                SHA1:B8F4EEC0E699A4760C55F93A8525B95E73DFE30A
                SHA-256:4DF2B9B6C0681B7E485C8531B6D53AFAC476D178532BD5CEFA417A8074FC4CD7
                SHA-512:2963D03B6734B0B9E2FAC2DDB8647CBEBDA6B66A24D6DC5D3DB9662A6609372741F173372436F57EF4F53E66AAA2B17CFB962EBFBDD887B4D79E5DC27BEE0605
                Malicious:false
                Preview:.<../1.8+.u..M'....._...?W.....b......K7...1..Wo.`.n.....(g8e7.e..D_.m.v.k..^....5......y.CC.V!...E9.TYX}..C.w..H.VI....u....D.H_.s^zRz.i.......^.2.x.#|...{.....'l.V.%.K...q........N$1.(....m..}+....,...._[c.R0.b)w...z....t=<.9.!...r........nD.u....._!(bFO.5./......F..;',....|c,[..[...3.e..}y.c....h$.z..L.r.......x..;.....M.d_...Y.A..r.L.W.kk".......=.po..F....fZu..].4y.....\.....^Q.4.....JQ......y....yu.N..|V...]...U.._...3.\.v.!...a......w...5gwL.....l.....0..4..7.? .=.Lj..L..6....d...{.mID:u..oa).dl...7P......I..].?..c...q.......y.XH.......d.../.@..Z...X...*..U2....Z.<..C.C..Z....i....j.....,....M..../G.S......6..N..-.^*............w$t..{6..h.....v4t....KH...V.c..;.6....w...e.s...:..k.%#..u.g..&-g#.K.LRo@...;u.9nN.....HC.h...k..',.e...]s.t5L...a.zz9.4.8.|Z..g5c..U.N.d...T.4+.I.....g....../Y{.|.R.vl.....0.".."....x.l.V^.M.w....:...*.x.,pMD.6..D.mY.......%U........$.j.p.J...k.......i..%^...f.S./Rl.;]..!.T;.l.h...p....!......Mk.=f..r

                C:\ProgramData\Microsoft\Provisioning\{18dcffd4-37d6-4bc6-87e0-4266fdbb8e49}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2964
                Entropy (8bit):7.746466109577555
                Encrypted:false
                SSDEEP:
                MD5:E6E0C6076D38B9424FD52D715E9F3F08
                SHA1:FF4F0E68374A594671E950995E40003A4C4937BD
                SHA-256:2D66AE03580284B4939EE41E91B3DCCF7DD93BEA2CB4607276B30F724622D07B
                SHA-512:CF02C761437923643098EE735B7D97F8E7622BD15020FF6D42B5D6D1B63892776CDEB6BA3DF3B8E5A1899EE915CDEAEAA10DE420928CB3D804A4C94370DAAFC6
                Malicious:false
                Preview:.ao.. ..F........|..........Z#.....Q.z~..X..'.u..n>k..L.SD...nj...2...d....H......F.>.e..$.m<C.^.q...z.Z..:*T.j.?.`...|H.g;|~.o~.X....d.r..].A..#6z....Z.L^/.N..+.G\.f.h..../.Gi ...6..On.+..=...5....(...Z...v.L.Q%.6..oO.C.`..Ps..CX.Z.C..F...e/..k+A.."XDF.!.[!.<Iu..dG'..Wy5*..:..........t......(....1..65E...w.......B8..?z&.....]...C...A.!Y.T.P\|..l..!....Y......}mU....zS.I......A._u..\..52-,au.......-Q..DF.&......i..t..kN. ..%.{Y..D......g>........?~S0.Fn.s.'@.....B..2eOqK..,m.......z.e....+.E..0.N.#"..L{^K........p>...{D:5..........[ .#....Z.R).>..k...d.4..8.R.z^k.U..w3..._:...O.Z..[..>A...M...#.[;.R#...O..1...L.7.i.....S-.!.F...d.s.....9.|vj.!...0`@...R.W.X..cHD.9..<O..,.....|.....+M.......b5...4.w..4....|.G.....R..2....+..t^Ah2.Pya>Y.B....6..t..)..1N.l*.KM.Ut1.;%w..;.7a..,..,.......o&....t!.....m.e.;.D})...*.....>....N..D.K...eB.....)i."`.Ov...C.[N<.j...Mp..SP\...u.J....*.X.s...}.+{.L.a....`q.V.............u..O...0..]...K.^.q.s......

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.932035358238633
                Encrypted:false
                SSDEEP:
                MD5:B216D74F2BFAF9CEA7EE9E39EEA8F423
                SHA1:80359CA8F7475C770B35D48E0D6D5F5DEA39C912
                SHA-256:47C09107ED6186B8A089209715FE68EC742418A188B05747BF57C082A2DD9B8F
                SHA-512:1501D44001BBD84367A99C9EF0E2C5A4030FF77C5315F9AD8F208994DA0AC6265C9CC6D2652D69EDBEE8C1B0644BDEB3DBC786C3C718A1703C240E86746F2B13
                Malicious:false
                Preview:..F..m\.!(~W.....<{...)`.!.TeG>..a.. .I5.k.....xk.{.O...%..35/....2..RK.X...(j...j...rx..O.G....1......KB.e.4.C.lg..~.C@../...`.*c.:..;.P.+.p]....X....M...$..=.r5.C.....5.q.......xw.a...j[......L..q.u...*... ....$.g.....I/...!.*Z9..~l.W....U....>%P.?1.#..T6\./rK..l`.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):764
                Entropy (8bit):5.8241366068121225
                Encrypted:false
                SSDEEP:
                MD5:7C1F03BF562DF9C0D94AC9EC8351D36A
                SHA1:27F99B413612D49E38E491BBCD580938EFEB634F
                SHA-256:97432049F44A6FBB275284B44FBD1E9E64E9A6FA4B0E7085FBD21216B0316666
                SHA-512:57E9947840B7144211F8AB514C7C46B4473DC3A1085B95F471822F31CBAB4950EF8051912041D822F6AC1B22F65FC1718D0B8455CEB213BD8B8224FB7C3B4B71
                Malicious:false
                Preview:.....u_3.......x.i..D.E.D..[.:.t%D.>....t%...d.U[VWM.8..}m=5O.7.H0..J./.....Q.q;.....z...z.C{B9......V.i..@..m...rw..t....;;....^\...q..5.xu...e.<..A...c....lk..Y.B^.<..$..U..?QYs...V..>H..LU,.8../..c_T.J.\'-:'.fd.#..@%.........4.._.S..-...-?.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\Prov\RunTime\0__Power_Controls.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):879
                Entropy (8bit):6.281459990152895
                Encrypted:false
                SSDEEP:
                MD5:1C0D4E61DC02F26C6393374978DD5630
                SHA1:C6EC6454451D3AEB2D1964928D8C62FE284D89A0
                SHA-256:28647ECA66E11993D57CF906C0AF4B8649A35D5F7B89CD747BCF64BECCE63961
                SHA-512:45013F6843B678514A2EFB5A31CBD004CEFD3FEB5D3D2CD030F399F0BFB384D36F5E23ADD9B898DD5B3E928A18B6363FC1A8489D3F5D782B0C5FD4F44BBF361A
                Malicious:false
                Preview:..9.Dow..v..X..lc~.yZ.].p....]Q....pF.8<a....-'..IwB...i)...>.....H.L........&.....T.N.....Y.xGQN#.Et...(A.3.@.(......-..........R>.n.xk..P....y@.f.rZ..o...?..P.s.Le....4.X..S.pc.j...Z.'Pm.....-t.g.B..9....>....S.[......~)...a9....H..S.u..Oib..M.n.=......=.jL+H.R.>../m.`....$....6[W.qz..gD.[].r..*5.j.....1........"W.Q...p0....w....T....'.*...=P..r.v.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{1e05dd5d-a022-46c5-963c-b20de341170f}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):7.015210969694021
                Encrypted:false
                SSDEEP:
                MD5:6A0CD473E14365339025A366B4B654EC
                SHA1:D56F8BF4DF10DEE83A4299C3B9F853A80796F20D
                SHA-256:7BFE1B1B64F6DEA54E2579792CB2404EAC8CCD8B84CF3675C362C44CE834A965
                SHA-512:C93F197C57971BBDF537C5E80C4DC6208AA285DF4C6D65C054BAB4A5E659CB86EFAD0D9F37CE31AE01E4E4E7008FECA34E88590129C4F7D7AFD3041A5A79288E
                Malicious:false
                Preview:..k|.l\.<..k..T.+...r.... .....y..J.p..^.........C...Dr.Dv...bD..W/...^/b:H..Z.u.U...M.t...g...6p.e...6.1G2.j..`i...O...LS.. .G5;H p.r..@....,...K.k.......\.[B&.....U....P.r...B.....4.."w.&...].f5.b.8.w..2....q..2......!..o.P..j.....<f..Yvi..{}....7..\.6..R).-y.._.p.Y...=.\....@}...h..o(/Z..T.4....f`^.....[G.;M..t.W...S........L....I....8M.@.....JYF.zM...~....*C........p.7b.>xP....`.....P....7.x.].*.\:S.....>....2..j.~..l..7.;..!..|...B...^.r.?r..4>\.....Z....C.}.sE1,.....]&.>`.:.:>n.......k...........On.....7q......F_.].=........ZQ...X.3x.P.B.S.F)T6:.......i.C..p....3O.C.>Vk.&../...w.*Q.t2...U..NSQ..?tUn......&MX..i...@.....Fh.c.d...N...0..z....b...l..^@!....}....,c..:.t9H..G..H..<....uV.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.957442082799866
                Encrypted:false
                SSDEEP:
                MD5:BD16459393F47BE0567A397F49FA40F9
                SHA1:FC1F61CEA591DC00BF13CB8B6401447B60D5EA9B
                SHA-256:541446CABE653E9A9435E60231F8A09539A8CBD2BF5BE4C64794C305F77690A7
                SHA-512:C6FC4E104BBFB1F136FA5ABD4E71D2CF6C1D119CD426E9F2B2E7CD09D0DA655D20A03304032605CCEE2352758A7F349478E4D7CAEC418DBEFD84C95EB694281B
                Malicious:false
                Preview:.eis.....z.}.p+._D>6....V`.........!^.%*._..t...fR..|dP.K....:>.........3.>Z-4H.;.4.6......+...Z.d?.........C.Je.3.*Q...u...r.r .....x1.G..p.........9.j'(..6..fO.u.C.n!@4.&..<.B.y.{.]m...l.%7.9.D.~..b.l.......K...}bl...S...v%..[d.....sw.[._.F.._Hkg...d}(_....$..M.Go 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.848132861497693
                Encrypted:false
                SSDEEP:
                MD5:6240AD1B5DA99788576D34E282D7CF6E
                SHA1:20B4EBD77F18A4DB4EFE50F3FED1B4DCF8AF6EC9
                SHA-256:DE116BB140B1CEB8355C217A7DE705C72A354F529FE1EF21587BA5D7403151F9
                SHA-512:4734D67173798411986DC7356A15695AEA7EF295C50D62031DBECDC8FEA0942331AAC2952B8632B2C47571ACCC9A567F7EC21F3A796E68D7C751FA1F2EC137C9
                Malicious:false
                Preview:.{\.6`A..8.J..o..U..B.+.....d...72;..t..]D.v4..`.U..........w...;......o..BAJ...........O.....PH.5.}...m........I..O|.a.R...p..^..i.....8.q.J....=.y.p ."../...5.0...$@^..h..o2..C..d.....x..p....P.R.e...2j.F..[.M.G...o6..5.."....=.QDR..!.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3813
                Entropy (8bit):7.829261498865288
                Encrypted:false
                SSDEEP:
                MD5:77CE36049ADEED6569333D8445FEDCCB
                SHA1:7553FD086A0E902202C07EFB2C2C61AEE19E505E
                SHA-256:840E85F88D5D64377F0BB9B48FC2F572E33218F6CD172A94F8EEF295174AFF2B
                SHA-512:6069CF672B917DCE8735D67D6AA4356ED458D38B8C93B6ED18FE0F8DE9677D7901B33DABB7F864DE838217D7E99C54C2B95AC367EBEA5EACCEE414E5253FACF9
                Malicious:false
                Preview:.....L.ak....s.%.9.6z..i.a#tDK.....'+...........Q................M1..u.vb}.6SX.bw.\.~O..........d.../.x.q.#.Hr"..4....s.....+...Lw.....hm..k.#L%+. b0.U....%........$.$..'<N.o..6...P.v[..*....!Bc3.E.3....C...Z..E5...it......st...h.....`n.~.r\....\....n[..j..........b..D...u.....5...jS.Z.fc#3.oX...SP...g.q.......cc5.q.v.}.*"..p..Lwv-o....0W..`.@L.......+..#.@:.x........x...8....3..8n.y.`x..D...Gs$.x.D..P..&."L.Uf.0M@..[=.Y.sn.a.......!...Q0W..6.....*..9W/~.8|.F..H.;}.P../.c.........M...]"N..e.y..uRI.Ej..F.O..+..yw#.OKU.. wf...y.....h..L...!O3..........e..@2.q.../.I..4Q..`3Pw..v".w.u..jt.a.o.....jW......QL....p..:B..sh..7....r.........n..e......5......Y...U..;)m..9B...8.0.........}..)B.?..^..s.(.J4M..B.&..Q.}c?.{..g>.5<O..IM...6$.d.+YTl......1m.jw.=.....f.P......<.....Z...S..L.E/..I.+....|..+..:z...........m........9..xlJnv.O....../.....KV.D..Tz`...q..X...z..Y|J]%hE.t......e....G...w....@y..zNm.....B=..F.l...Uu..0.........N.....6...=.=GSo.

                C:\ProgramData\Microsoft\Provisioning\{23cb517f-5073-4e96-a202-7fe6122a2271}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3777
                Entropy (8bit):7.8294742210933945
                Encrypted:false
                SSDEEP:
                MD5:38AB328E770045B0389E788DABE8A917
                SHA1:D5E854816BCA4A9DB36A857A4B559A61C01E2A8F
                SHA-256:550D140042FF09356306C0918EECF075A45843629FB32B6A404868679FE6706B
                SHA-512:516D3D531F714AEC926AA103DD732F36B4EDCE19BD7FC1E904E7AD051F2349687A4AC1F925768A67F913B1D7AA05D548A9341D78865B32EABBABD8D8B53544A8
                Malicious:false
                Preview:...t'..E6...C..<Z:]R..c.......m=L.c.h"Z..XzU.a.w.&.|...h.>.L0....J.L.S..o..../FR......!.I-....h.........(.MD.|`.z......Lw..7..~.........}Pa..U.F'....cCs.Z.2.~~.rA..</.. *.h/.S..o.Xde....k:.z-..d_.M.f..........3..P...3.a..U9.z..?.x4..:J.D.[k...Y.;...".,[A.5....K.N/.^+.\.....|..'.#.#.X...b./"o.L..U^.p..v.'.)).!,g.F....#..n*Y(....Z8..\R.......v}OwA.......`m.@.m.'w)....w...Q`.=..[k.w1z..Na..J.f..D.6;W...p).1...?Lv.!-..M.s59....V......8.s..T........-{...U>..?...x.W\+..F.g.bV.)..VE.!&*.`.K....R..o.......W..R}n....O.^..b.>..$...ed..v.l..{SBx..ca.@........H1>..6..]Xv^<...'.V..2Q.....kZ.@...dd.v...P... \....B..L.k.....f.P.Q....y..mR.5.5....f.{(...gS?Q...........>...s..D....P...M.O.z.50..t ]./....y!...z.iB............=7...iC.6r.S.c!.^H.(.E..W..J...|R..B.$.<...;.r\.........>5K5..c..|..2.p..;O.."...<...sk..Vk;.JX...L....O......o..9..>......G.1..B:al..7...+..sy...m.K...ta2...A..S..r[./....itk..G......W.E0<.N...B.i.yO..\......p..&s..=.e.\.n. ...(.g.n.s...

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.983552760709714
                Encrypted:false
                SSDEEP:
                MD5:AB69777B61AE4CEF91EBE108B833F867
                SHA1:373F3127F25976238603626CE7488FE74798542B
                SHA-256:9B37EA702C7B6FF78BE982851C998D192070D4776712149E3E624DFC7E6A3ACB
                SHA-512:74D97B78117CBEB744C2C545CFE06161210A4DAE6922D74F92BAE14FE114EA3C2E0BE4696A3F1A7F0DCEF0187F924837801BF264B57717934EDE60BBFBA2F4F5
                Malicious:false
                Preview:..dW..O....m.UWK..o...R..(...94X..P..<O.....F'O.!5C...=Mk$.q.#..?+.w.n..%.Z.@....tH!.J>.+.7.M.9o...<..{x.z.......(p.>@.E.. .Y.E..^K.X..=^....5p..'|..KG.*.B..u'...r...~/. #6k.U....G.8..W.......p. .".....R.[d..K..Z........3-..:'.G.Qs...\.u.[;..{..a'..A..og...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):948
                Entropy (8bit):6.461200357996786
                Encrypted:false
                SSDEEP:
                MD5:75B431113B9E5F12E3C08CF4D4F75F03
                SHA1:E1E5F1945B7CB7067A7F7CC8AC8CB3277FDD7B29
                SHA-256:7B06DABE6D91121B0067A026B68D9D2E428A57F1C9BDADC330EF01642B4314B6
                SHA-512:B5C3A498ACA63AE80A223A5620CE4B5B114F2DC03B1280E76D2075E0A43F541D796017AFDD45E4A27F64430E21F8782242F72867B0958946FB8569D00DC49075
                Malicious:false
                Preview:hJ.m.\[%A~.z..t..T.._b*.6...7....3+Cje...F..\H.U|pF3".`...dP....{......J....L~........W..\%..h..@.Z...e..!D6j...b..,>.......V.Pc~.....6...CiZ./E..-.FM....2u.rXH.X1RFj9.[. g..Lj7.Qg;._.n.5p..Om6.4~..^.~h...Z...-~|.j.a...'..#..n.~..%.l.=h#w..o...Z7.!{~..cC&..]...'.mG......3.|...v...M.[.......o'.:C..-ST.j*.Y.%=_otGw<....z.........].n..."^>....W.`.8.. W.....Qk..q..e.x3+..C.X.GY]._....r.n@.,x.W...s...W&./YN.:.F..txM.l....z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1455
                Entropy (8bit):7.2334211871412215
                Encrypted:false
                SSDEEP:
                MD5:8214746A4A4FBB361B2480ADBAA49A3D
                SHA1:0D14174E13E61143D1FA4935501BB0739511B541
                SHA-256:A8321D8841B77574DCB17E6020CC66DD162ADFD98F1B783158222CB7BBC869FA
                SHA-512:13C30264593C2BF16BAA69B563B386D44620116ECD9E83A251C1CF509D47F262624F9FE07FCF94340DF8E7922CCBEDCE66A8EF951E15DB188F110EB0602EA420
                Malicious:false
                Preview:-.!....l.9..}"t.f.|...AhMA8..&[.$..a*".c.Q.`9r.n.'..RU........KA.Z_Z0.....jN,.[.l^(...;..U..7f...[.._.N.SJ.OI="".L......V..8.o..N=^L.F.8...&3...5.2....4M..).x.[.6W..P.H...khW|..0.......i.y\*D\c...lL."....I..".....3/J..y....~_m.sf'.i...f....b..........w.a.........CJ/..]d......FT.g..=`...e..v;Rg..jL....$..h.{..d.@...z.....!C.I...4. ..s.......]..Xp..H...Q.."@.Z..+..L...J....o_...oj.8..v.....~.+..A...#K..{C .....`#.>E?.c.V..&....C..Z.n.\m.G.....-k..L..O...(2...Nbu+.p.0G.H..~.+...$u.[.l.JR..p..iSww9...sv.|...ju........?R...\....&6.2[.f.A.%.AF.n..).".Q.z..P...G..".g.}.J.{......q.....=.2.&M..-...]..".4...9.....(.}.....9..+Np..`....@..kW.?9.p.aYo......C.a.o..\..C.M..c...S<.(..@.RG...aBo].D..=.,.;U|.,.7/-..C..T. .C....+...|g.z...@.7.N..K.....[.u..H?.p.}E%.......H................Nc...+....._.#8I....`..t..))....LWbS.'.....*..jC.O$\s....k.i.hm`s`..I.X.p...{....S...jZA?........{.7O...`.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26b

                C:\ProgramData\Microsoft\Provisioning\{268c43e1-aa2b-4036-86ef-8cda98a0c2fe}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2151
                Entropy (8bit):7.5660676614678435
                Encrypted:false
                SSDEEP:
                MD5:9003A349DA58FC89E3C91C31D674FA7C
                SHA1:EE27C33C9A07CEFA9D713BC4C05EA169289ADEDB
                SHA-256:237E475268D0710730E44882B93361FF5853E88551ADAC4967FF995CDC5AA3CD
                SHA-512:6E60AB3F88114C7EA46F0B9DB34586975A6BCAD448A672B25FE92674D7D54450324A4A524AF35B08415B22C2A96360FB6EB306B1F569ADF9542961D888B3DB4A
                Malicious:false
                Preview:..SW.IV$,..P..|...C.u?...vZ.I.*.8./....J.:..:K.R...a......#=r..>...%f....e2.E..P4r.....O.. ....>.C..%O_..__Al.'..........q......b;P..g....0....a...W=R]E....Ev.x.tW.7m...bJOo@.1F.(w....c.&P.<.'.^R.u...s.R..5?,K?.*...o.....[.Q.&....r'AU. ..3h...l........>..P..p.[...tD,'.5].\...b.......S7........c...}.d.~Y....a..2..........cT.%.o!.-../..}.........T..t.<.%q.Hm.....H.D..T9.^o...K.8.c....r2...K.Z.+...d#....qn;.[.*........f.k/l!...5...3..=.'M.(..:.+).T[......".p.K..l......s.....z..G.=[w...jY@.......~..8)..._|.&.......mn.. .H..a^d...I.g..P.....@..4...Qg..a|.......\."{:..?.......`.$.%(48y@./...i..X.._6..D;...K..:T\.....*.fL..V...+3.>*f........&xuKI.~....K3...k.2....e...y.1..+.....$.{....X..L'.T...^....@...s.6.O..B]4 ......I..N...m....w..gx~......!/h.3'.tvn...."..Sw.T.Y.c.<...W..h.A~.D.Cu&5Q.OM..|....246W>..a.u.:...u.o......;.......GZY..1.bF....[...$.ndrQ.e...H.1.}...&....&.V...;.MF.iL...6.B..".w......%..".9..%.n1..3.;-.d#........4...x.0.....<wbW...

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.963289290511076
                Encrypted:false
                SSDEEP:
                MD5:BE436166078798A12A2F0F12B4C2901D
                SHA1:1A5C1BF069E8AB60E8807259A0B7BAFB51198A44
                SHA-256:B56ACBC6586B3A41FD79CDED30F70F9C94F1533D8A61A5A9DA03A82A9663CB04
                SHA-512:8D79D24024F8ADF2A5C00CF1DD22E2B125BE699167411DD2CBF60C4F155EE39E79222D8C16CAED87DF7C7B70EBFAA1F9BA495368704E2254F37BDA30E33BB754
                Malicious:false
                Preview:)Ao....{.....K...>.r....s........m...f.{.?.:S...kP.....j.;..CP..>]O.H........... ......L..d.c..Ap-.;]....3...,..q6..&......[..b.f...!{i........$..~x#.y9..sf.8.9..A.CD..::.;......._..T^k...{.v.<...oU;..l...9(....K...~t...}...7.7.RB'K6..Et.T..p...YQ...a..zf.....i;.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.892399333807413
                Encrypted:false
                SSDEEP:
                MD5:0E71D789D2AB4E0C43F6A8394FFBA623
                SHA1:1634B216E8FE1546E89C926BC9A843F2B4BF3598
                SHA-256:A6216715E4B10C32AF32D91CC56522078596AF28444579015AAD10267EF9DDB8
                SHA-512:9A22FD5304C3A6A3CF643675719DFC132969C7721054F727B8A388ED98332D8B992B2A63AAAF158E7BB4350E75FFC6C5988895A06CEEED6D5B4E9BB7CBC9F931
                Malicious:false
                Preview:.n-.....+-%.R...Lo.....a...}....w...Y1...y.]..G)..f.Z..O.0..........M...5...h.b.-..j.Z....X.T.....&!(`g....R`..<..5..7b>.@.t.W.6....o.5...M.|Cdm......v$n..r...{$H|........"..Y...v..Rghl.B...W.K.}.l`....,.P........&kgZ.*4W....r.@.%....f~...t.$#.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1384
                Entropy (8bit):7.139377704727144
                Encrypted:false
                SSDEEP:
                MD5:0EBE4E9E7944F895BDA68F4AB739657A
                SHA1:83CF2B06CBF9A981CA2E58C65EB78EBA16842286
                SHA-256:18994A0A62637005F2F9E7A48C43571F98DCADEC5C3180C9D641BBE04071E6A8
                SHA-512:C636DF3BD4D5404497634CF1ECF25D57062419291720489B6382F0DA8D0E475B6983CBB5693B2539F18DD24FA8189005DDB939DE1880B89B34919A0B69DFBB24
                Malicious:false
                Preview:.`M~@.F.fGa. ....^JX..K.rd.meK.{....E.n..#......oE...v.-.E........K. .zy...L.....z..Ee.eMY...jB.d..m..0M...y.t.%..../.U...f9P.P....e..gB..9...%."...Wf.....6.......aC...:w....5.+z..P..d.p..+................:.%Wi.t..j........j.s... A.w..a.....#...7......}....3....TB..2.b......K....@.L..]...`+.uz.N...?Y....F.w.@;..&=....wN..1$..8:../..D.\~...c...1......n.zp.N...$..'!.......o..b......!.&$.wD...2........nu..g..a...&k,"}.~..y.4.nWT..9....R..)...$..;U.....C...m.........S...........Rv.{..v#.F.........]f.....8...)R..$....pug.DR..Y..`..3..~..MPq.!...{S....Czp..@,a\....^./.8.].D(f..a{[A...e..z....+U....;t..x.?....U...Xj.......8..:....)M....]..t.iXt-..s..TL...FL5.?..i.&..Z.W....J.~...[|.$v...`.......!.0Zp(......9.o.C..uu.._...c.V.Y.../..Ns.{.....j..B.......f$.......sU..rb..my.M>...].S.se...4../....p....8o.#...rXV^.K..8...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b

                C:\ProgramData\Microsoft\Provisioning\{33d78dbc-3db7-4398-8533-000d7c02e5d1}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1959
                Entropy (8bit):7.487582068271595
                Encrypted:false
                SSDEEP:
                MD5:97F4F9C7296D7E1B530F7844D35D3023
                SHA1:7DBFC3C6C757703AEED46CD5645CD309CCCBB87E
                SHA-256:9C466377A45FE492A0E14B5F2BD2CFCE8673FA9DE05DE396D633DC8DA12DC759
                SHA-512:E055E489B7300FD00492D19AEEE62B159CC9C88E4362868176B6CBC94959BEFAAA0003F84D33BD2D38953DC549CF3B97ADF37A5A3ACA3493822321E8D7BC0AD1
                Malicious:false
                Preview:_...Vr..=.u......K1.P.6Y.>..q.._e...NO..........`..%.U....8NS...jBr...."/g{.<L..P>2t$WJ.......b.>..]..^..`xh.H[Pd-....A&.^.....u...._Q.%.....r...*..G...Z.Y..`.(.I@..c.b...i...W..I..sU\3i.......:....P*ca.U..I".3k=.l($..M..(.c.n.[@=...o....f........WC..W.H#..s%..U.l.......4..8..#`=.yd...]*}.4..;.......^2./.z.s=9..'F&M.?...}..OF.="#.^@.!.i.\.^..6.t..;[*....~8.6C.y....Y%..e$..=.._m.>...=Otq...m}..F5......7qT..$.......U..8t...c.%..S.....,..-..a&.B7.X..^._..G.....%.-.U..{.....~,5z...e......k............l.*...).-....\b.)....4Xf_..!fJ..u.4."....i...z...Id:(.A_\....#.2.....h..|./q...'....(.s-Q.`[.....P.."uJ..#^ .Sj..x.:.H.I-..../.....y....X..]..${.w..Z........}./..IJ.?...=.......\........p......H..,.fz&.J\...`........8....0...Tef^.e.....**U.T.@......:.....]..P&..sI...=HI1.W.5f9.....C......:3.._.8.0B_.p,.3.."Z.k.ri\.F....[q._..PA..q0b...*.....#....H|........15$obcO...:............Q...3....../.5N<..5...g6..*J+..".cM)J"m....m-.m.[..h.&.s..)..B...4..i..

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.898064424879527
                Encrypted:false
                SSDEEP:
                MD5:9F6FB24B346630F8BCC1BA4A39DFEB9B
                SHA1:ECF87331F3A4511B11CC02B0064D0AB29DE325C4
                SHA-256:488EF2BA7CA598178A93669A0080D49FC72BCB24CB4786794979A88693C91072
                SHA-512:EAAC18621A70DD52810EA29F23A8CD92F1A6002B5C51824AFE0371A3B05FE78C6398E39012D35A992E873031CDB6D8D093CC4B0F406549AFC3C083B43D551874
                Malicious:false
                Preview:.8.Th.2s..<..H..'/O.X<.W.../K...q.Sa\..M.@........ ..~...;..2/.M..NT.4ERf.x@J...J....\......=...~&{r...._'..a...\F...... .. ...F.~....d.w.Ew..`>Q.S...6.A>9.b......}.n.e..u.+..+.z=.&.G.....z`.......@<...L.TJ'Z..*....m._9{Xz..,.M.f..7.........6{..%....{.[.6 #.OJ..P.u..w.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1119
                Entropy (8bit):6.772922946528207
                Encrypted:false
                SSDEEP:
                MD5:43AD51708D0B59CC301B444D1940124E
                SHA1:B1E1DAD175E7EAA7CB85C76D4CF1C363ADF94142
                SHA-256:F695FF1085A14CE47387115F2F8CA4384C0F9087A4A099FA6AE6C6E6AD84EE9B
                SHA-512:3E26960935C922E3BA8B3D207D358B575F7665DFD0320CF8EBEF56E3C9CBE8FD7E2E6F76E874F317840918F7E05C52EDD31CCF804C0B4FC8A67F680D4D3F1769
                Malicious:false
                Preview:+....?lM.NPWU..[..-.6bA...,.Vb..../v..<..e...&.......M........3.....g.h..Z.=./...Y.^.))..<....I)Pyb...pn9.R....n...a......]n{u.1H..R....;.-..{.=.}..x.h4....V..U-...+.5..IL..V..f.c..k...q..Y.v..b..c..XBjcQ.0o+..g......!Co.....*......R.S..<.>...dB...tz.....XZ5.8/.<$..]*....:.F.....M.X.....|5.~..d...Mn....D.4.-...Uw@.;.J.h....8#.+..53.&..HQ...k..8.!J....^6..[.]...{.....8...D.O.p..2...b..|.....6.=.J...}x<ib.[B....../.y1..kcp0.y....h... ...>.p..f....}_.....6..?XUn....V..-jK.....M/..<.T...V..TSm.O..=D..)4...2.uHH.YF....\../...7.?......)...~.N.=.F\..~=..c...jn...H..Gy.(460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2344
                Entropy (8bit):7.607053714012189
                Encrypted:false
                SSDEEP:
                MD5:6FB92EBF754F9E1E5CE9DBFEDC2F55BD
                SHA1:5AD49C5F071D669733E704F45ECA023190A1CCB7
                SHA-256:5A5E1E2C5B872C1466D7F5D999B7F6C61A58E72253526E4FB61C8D1EAA95DB59
                SHA-512:FC5FF1D9FC91DDBE0F67A3843DD7C700BBD23208133FB4094D860E804E2269AA392411B431DEC396D66749A126DDD28A0548B4FA4097DA4C80A7D41B7469CA14
                Malicious:false
                Preview:...\j...3....XZa.D5..v..d.I+.6$..X.G<.4iK....Wx..4j....s..K..[...k.sx}..c<.^.2.z.1F......%}O.2...<...h..Vd+[x.$."C..d(..]#O.......i.q... Vf......(E...B.M.0J...h...b....%..G.W.+..m........\`.......[eQ+.F9.8...0...D.{%@.Q.,.^.3L.+....4.....~...c...Ws....TS..$.....P.4....*. ........rC...'....8..}..&<....,.O......0.:\.V./...d5J....8.[oX..6N.1o.QD...L......Z=.S....0K}.....~".).:/.......?.B....7=D.odcK{2]x~.......&\.....S.O..B...C.........>.qEq.*s..].4...^C;T.....,w...!a..p94.....n.DAq..K.....&..&2.5M.6..C...)p~.Tw.R.a,.D........%...-..?.F.q.;.6./..q.....}..R.).1.R.V.F......z..x.4..;..K.....-%-..#...24..z...K(...S..&..i...a...6.|)0.J..s....Z...G.Bk.)[V&p..W-b..1....:a..+..."...j..=.<"r.xsH..q....p..j,j.(...9f..Y..x.W'..?....._..#3..U.....E.y.G.:e.%.g.{.,A.d'.*...a..M.C..m..Ym.....M...I98.."P.T....D.g.....T`2......k.$!.AL%..>.8.2...6?>.D..9..l..B.&.|}..V ..F..;.s<).......?.d.P5....5..y.[...-k..X...1.............U.."I.......1.N..C.....'\..g...

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\Prov\RunTime\1__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2829
                Entropy (8bit):7.714999071850339
                Encrypted:false
                SSDEEP:
                MD5:CCB0845981716797736A1864A272562F
                SHA1:B06E4010D2F44BAF96F24DBCFAD8C5D929D8AF4A
                SHA-256:EBE54E5B9AADD3AF3F3883FFA482128C73F668EACB12688EA3F9645E68E36F04
                SHA-512:1330887C551863BA813A1E5F7E6D99A26032EEE8AE7A67F1DC98FD75333F39F22605A5E305E4D159322CD23109241B5F42FD6D1FFBFBFB0E9063AEFDBDF86A09
                Malicious:false
                Preview:.d%.Hl..&..._.B.S.......[.L..t=e9./..<.....&....f.'..\....G......%.w... j........dI..{.'.....d...8.+.t3..j6F.......@..>.b.6;.#@(zN/.L..7a<...B>...8...'.$.-..2H_......^...\Ys'2B....r.`..*....0.H..t&.....'..W..~.@...ul..g...*KL....r+.B.)_.O.f....l...A.T.T.FT+T...}....2....+@..(..l.@.<..Ww`O?b....b...k.lX..u.r.(T.LV.Z5.R.}_....u./....&/...\w}.....^C....<Q....1|..F.'~...BT...K...........|......>o/.:...X.>.R.......9^%....>...Snf....9EFu.....Ix.;.fm.......*3.... .}.....4\~........oG..4..NZu.E..._...t. .."J.^mC.:8.......9...U.Q..x.J...!.60.{...5.yEN..H5.2M.......PIx..v.H#.A.#.7..kB.w...'...".x...4.....qu_....3.M6.N....|....X.n....p.\|..U...)..9.6....|...N.....m...r..2e.r+.....D.I..........1G}M.r....gV...]u\...21......m...um.H....[#k.......<./3.......D/.9...)^.C.cle......'..7.L9........@..^X.k..f.....j.^.....i.j,i.1..!.....(../.....> ....&.)...q....X....j..bt...ff..L..J.u.....E..U .81>.......b.3].... .....B...pH.%..d...F.....I..M .-'72..X?4...

                C:\ProgramData\Microsoft\Provisioning\{3742e5e8-6d9d-473b-99a6-8ecc0f43548a}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):4940
                Entropy (8bit):7.88373268161798
                Encrypted:false
                SSDEEP:
                MD5:61C8B9E438F8D1A1953F37B21C4A4B4F
                SHA1:F8A8BAEFA4BCA73A1A7851460174E7CA4730FFCC
                SHA-256:7861E1D363F89AC4689BC0769C8DA7B91E61D7B45372EEAD3F6F325C11521306
                SHA-512:EC4D2045F9FC25F4B3222EA22448B8E3DFE6B3734088CF0B0663418FAA210C4A089E8054D08FF552CB1559DCA6B97469CC1FA2CA30C231030562A02F115871C2
                Malicious:false
                Preview:.9F..G.)}....]...u..<... .t.O.z.U..3.n...-..k.V.F.....t..c}o0k%.{....b....<...@.=......~bf...o..%... .L..2DH.!0.:A........X..]D.,.f.X..t..fn.-..v\u.)p..R.u.0..:*...f.Y....>..kT...*.v0..U..n.[}p... .5...+.j_.1.V.mI....u5.R....;.Vi.h?.fX..R..(K.j..=L..e..R....MJ.0.h..H-.y{..Y..\..0....|..(..jD<A...\....\.!...Y%.&..o.n......K..A.....0.CE.....SM...`E.X...p.*.M*.=y7.}yf.o.<....w..z..D.+3.-**........bD.U..h...R.....TQ.6...LR..h@..."..7=.@C..8....o..s.....N<]q.@...].;.L.}..C.'r8.6^S."...{N....h.G.1..nQO.,.........[.*K..O.0....*$l.........}.r.^D.|o...w.-,...H...j.....Y.H...pO.w.1.Q.jCd...........Z."...?...d..a.e.Oi..6....L..:x.^>.xL.M<I...e.H..i^b...(.,.k.z.....n.a...Vs\.b..'?..&...Z.pX.....>g.n.h.1.|IQ...^[..^E...)...!(s..A...!......D;!.......*..^.....%..r.j8...NK.h..8.*..<R..C..s&..Kr.Ac,X...&Zu...%...X(M|.J..........\..F..A^...FB..-/...TB..&..Z/...4.5P!..2..N...Nj.a....L..P......$"..........{G...:.ghD.......Uat._.7..LXs..&.....).

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.940357039373671
                Encrypted:false
                SSDEEP:
                MD5:B832B4888E5FF8CBAF72C95FE3798A67
                SHA1:F7ADCDEE699B17B4A1C695D0988CC5B08E1E7DEE
                SHA-256:E24400C157F65D08095AA6A5D23821D7BB462F3F4C661F896CFED7795915E512
                SHA-512:824DE8E93A575BBED846E97883D3FDB59B0B4476A44876D359DE9DDF4D638E6FA58FD3B9E0294E32382FC9E49C182CF782D7C67490400CD724DC5355B3DF0BC2
                Malicious:false
                Preview:..f.-.f..6.\$t......+..:F?.F.V..{eP(|O....4.L|.~.@..e.v....#...e{k.... ..{L....W....j.s^.6....t.....I.RY...\....B..c.25...0...E.....{..KU..3....b...o.Zud.-.......;:...4..K..F..u..d..q...J..H....}$.'..L...$a..o..3$.V..Y.\6.4.-....$g.....zN...,.....T.........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.821347723574474
                Encrypted:false
                SSDEEP:
                MD5:77A16C94A63779BBE4AD036606D98C57
                SHA1:AD07174E0B1B1BC03D514B62FA492EFA70536E0C
                SHA-256:BA90C22B7D71EA9DC0FBC0F2C58E389F50FE5E8C626F8CDD40CBA5F264F47148
                SHA-512:3D6C4099EB0C11CC0C682876FFA4D15A5ACE835B7B2722FBD3F4BB4C2E5A434F6F0FD8CE9466CC8B125227E687DBE45DB3811FD76DD6853E42DF6A101F435227
                Malicious:false
                Preview:'XBg..S..e~.?.qqm...;.....K.....6.`..".......ay."+..52.X .......L....%...].7v5.pd...5.....ZBZ3hb.3..w@~u......G.6|.".lvk...o.O)lR..g...]...7...CVj.e9,..9*f..[........{T..|.:.xQ~..j.J.+....Q.....D.R..T...'.}..(...7.H..okl..pf...|.Z....x.R...8b[...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3828
                Entropy (8bit):7.827933856853937
                Encrypted:false
                SSDEEP:
                MD5:8C423614FE51EE93A6FC3BA06202CA04
                SHA1:70DA5DA48412B5AF6E622D9E78F765A5EC91C79E
                SHA-256:E56BB6501120D9D5A75185D3D7E875F8FD531468B017F0B2AF848F803D3D23F2
                SHA-512:74C6461561A3E97EF86EF3E672AE1AE7184DBD50E086018A8DBF2FDB483F1CE9AEE5DD03973B7A87AC6AF4781A59B7FAE5532ABCD4D34772DE85A4D62E6CC6C3
                Malicious:false
                Preview:z+.)......3.;.....4%...j.]z.._+u..C..p.Q[]L.N);....<....D.....%....Y.N..Y..<.1.....#.l.`.0...x.......3...).C..Q..y .)U.[.i.......k..._...0..q.E...v..5.F..=.[..4...c.(.?oG........t.7..s.Y.x.9..b.zs...U.;.0K....Jf..`..$...\..-..jb,P....M.J>3.8.........G..,.a>77.7.OQB_.[.,....@.^{M....$a&..s.xz.:. u..?....9.a.....{...7.z..&nq...X.\....UiZ.;..jg..aN.....L6......4..6...N.....].?k.V%A.2.@B?.....).^.....s.x.s.4;.......9.;.<..|...S;.....L......C.kp...>5GX..u..._B...;....~$Re.!.A.l...zj..!`...B.1...s.QQ...]}[=.._..u>o..qu..kOG#....~...e..].}.bD<......l....`.J...._...|I_J.'..N.u.!..a.m.k..u.H|...d....{V..."...a+.J......\...8........3.\..YF..x."E...O={...M....*.....k......:.v....4...T....k?.d.]7.?]_...kY...}.X...4f..u....L.k%.;P-..E..fd.LQ...U..V..#..'..K},..K...}Yq.1f.):.&.@.:.0...;.q..K'2oc!...H..e...0.d.uM..8..ym..*X3.&...G.7.u.....s..K...K..n...y....I..j.p.=..2@..bj....n..O..QGM....&orz.{$.b......*.%.n.h..A..Uj.+rp.0(.. .\-.Q.....).... SL

                C:\ProgramData\Microsoft\Provisioning\{7a30a9be-737f-47a1-a541-6e7b0761ed19}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3837
                Entropy (8bit):7.813285628892252
                Encrypted:false
                SSDEEP:
                MD5:969EFE9C9978EA414973445256EFE126
                SHA1:4316E19277C2AE5FCE3EFEE7C7D3E14467307FF9
                SHA-256:EB63DF42D34BDD5AF2DC225BB042289211A931FC48FA45AB4BF842D287AD0B80
                SHA-512:C6F00E2CDB5941C1CEE0DD6486A449687DED1733C5FF7FB5C1BBE58D3A88DE6D737428E5EB0D49C0B6C0A503ED2D2D139D18326B5D5D50F75910B130D3319677
                Malicious:false
                Preview:.....%UX......]....`.|.[J].a.M.4.._..Cs..X.H.vn....|X.G....1...*....D3z-...u..-5}i.t.....).i...&........(..*.......y...F.;^..9..g...<.).n..Uy..$.i._....N~X}%..9..j.....KUa.G...-.}\.Nf...L....3.~!.X.q...U.......a.]....k{..J.^V.L+8..UM.QH.z.n....2.:..'.-.Vo&.yH*.qr..fC.k..G?.>rP.-.\...x_...KJE.G.....i.....GTqJ.)^#e.Qp....Z.4Yo.d...co.....>.{.E..c.?..\...)!..0:..W.z7nCp.....ls#e&J[...G.3.B....N....p.h...*..yw.u(.L...*k......e...|..u@.......2'.)...Gse...W.......1t..j2+.. .....R.<mVf.j...c....5R..C`.:....=...4.F.{._l..9.)O...v-...vN.d.E.!..I.......t% ........m.$...e.v\mJ)...l~..Q:.p..i..4#.._.....~.....:t.t$Z.,..2.....d...cvC..N.?1N*A..s..9.c[.....;.....A......y...f.$..{..tMa_.M...X.bi!...KQZ.;sG#..*..qF......D.+FF.;>`...Q.#.''e.W;.5..5..j..9Glk..* .n........9[.`x..h..4..-;...f.15.T..i;L.Ju....$..w}2i.T.dA&...S.),.......Fr...4.#...wHFo..r../M.#`.9..eT.KC.d...:..&.....w.O.M.......7...:#.^$.Z.Ui#..2.;oh+U.......L........U.....FB...vm..Hy.0

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.93275142980575
                Encrypted:false
                SSDEEP:
                MD5:CF5FDA03A4AD71BC86D45DDDBDC5E80F
                SHA1:4C840FB6BC36826C3EB061EDA7E556F3546EA6A7
                SHA-256:39A34088D0938C2785A7738ED0126C738DE0F1E9EDE15FD042AEB1CBB466ED1C
                SHA-512:7592A1E8880211DBBBCB872DDC2CB8699AD5AD48348730291BC767418F28522CBA9E2F9A76D5BBABBD32472635563A681C2DFF16D829791EC42EEB1C851BDFC0
                Malicious:false
                Preview:.3>0......i.dFV..tY.V.,....2...,.CH.u.;.l..4g.n.9....S.7Z.s..O pO3.B..W.1......3.....O.X..![sA,".K..sj[3S..M.^..Pq.!.{ ...$J..Lz..(\.....b.).."..o.... .Ip..Q..P"[/$.W#&.ZC.=..=P@R.5.T..U.(VW.W:.8..M.e^....i.....C.....M.D..M...2.yd.d.....A..l......P.......!ivug.J...&.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):778
                Entropy (8bit):5.838793555189804
                Encrypted:false
                SSDEEP:
                MD5:91666B659D7FE34D7C71A6388E8DF648
                SHA1:FFC48F7FB9D19743169BC4DAEB386B921601DEB6
                SHA-256:826DE237143DAF62767A6C82DAF33A4D0B3EA126BC36ED6109796E17D115CA7C
                SHA-512:F9DE827C0C9A4809D69355545577F949D8AE42E2A0F6B4EA64FC2B2B29D5FE49F2818F9778CE4894EE03536A9B7906377B78DD2A3C45724536921E23F4C80E37
                Malicious:false
                Preview:.....\.........`.<..,.2O...o}Jz%.P..R....K..<Lu.s...Ob)....@Y.S.V.7+.....I6.....(.D.S.z<a..[..._...~.j...k.t.Y~.qet.@..l..cM.....g*..E}.aQ..........%.}LXF.,0...y"+..H..Q..%.5.'.vl...y..8M"..H...\.e...:..J....,.s9....9....Zb8J.!r<.3 }.K.t..@.|.[.3...p6.O460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):983
                Entropy (8bit):6.53718405813542
                Encrypted:false
                SSDEEP:
                MD5:232B162CADC7BC8461D3DBB06836549B
                SHA1:005449BFBEAE80D55D60A058C08DF8DC45AA2808
                SHA-256:AA053DF5FB98D926A673D2D2873E33B9F8920850D9AE04E07AEEEFF3B7932ABC
                SHA-512:37CDB63A1CF5B6436A6D42E1949DA5241CE02674A3598B0595C4C2FF460936D08890AD796C963407D5A2BCFB6D820C5F1A84410E30E45B6345F267D850DEA635
                Malicious:false
                Preview:x.pG<....Sd)....nkv.8(ZY.p.l..t.6..sn..B.}.ky.u%.0.........W.y_..k.6....^.).W.....j8.L:..<=h.Qbij.......F...v....u...{.\.jf.w....$.._R@..o.......N..r..!.........*s.CO0..#.. q...C..f.".y..X:.sc.3.H....M..~..'.\.`q}.f.)..|...n..f`...q....s..A.V.v....*%.(qbC~..~...p.Y.....ih..=....>J..5...;P......7.C....f.Qa...;Y%y.......(..=qWh......K69..WZ.......oP.%....N.&.-.=.}...3`.fg..;..){..r.q.>i...@J..+..c.r.....LN ....O...\$q.ka.1/<g.%..p...h...1...R..U...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{8d196d7f-3eef-48ad-8bea-be749f12d3ad}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1365
                Entropy (8bit):7.189059519266758
                Encrypted:false
                SSDEEP:
                MD5:53F05604E7DA3F29A0BDB6BDBA524C6B
                SHA1:A85D30F2A319A773B5904BB692FC40C09CFF6994
                SHA-256:4EDE268BEE5FE5179A01DBC2DB0A5226BFE8F3A568B1FA7C16D14F4CCA119BCD
                SHA-512:76FA74F9BB9E1E7E4DACFFCC2B761731CCABA8FF9AA5281076944C3E2A537D314C01F23897D9F53E685E10C5C0CE23E0EB90C2337B6B582E2E8F909007097415
                Malicious:false
                Preview:..E:@x....gx...L..o.?.y._.p.vF...Q...U3..f.....-....%..u.G.%..3x.l.....I<.....^l....:..&(U#...i.O.jR..5\.B<Ze.|.}.)..k{R(..P..\.n...lf/.......$.N.....M.............VY......f..g...#........b..qN,...M..`.Y..c...;...b.9\..j....I.!.FP......:...%...&.).R..a.YO.F......~X>.....K...ow.>..=&.Y"..'.b,Q;...vl}.N..)3......@i.I..)dC!.KE....}7>_ .w'.....'.^ou...Bt.=#...T..Rn..Y..J..Ka....+k.v.*..B../.|MiA6{..E..... ...............<...E3.m.....y...tQp.X......"O..L.tO....U...K.at............b={w....\ab 7..)Ki..!.H....,.o.(...t......."_.j..I...$9..1..L......_..3.U."q....3.w:..A....I..N$\U..F..x.t...Vq.p.VU.....?*..t=K.dY...P...McL7.T.p...........C.........vv.P.m.n.]../....C....L......D...a.wG..%'Kze.i....k..k..fe`.V--...s..';2.[.8D&D.5X....l.N.K..d.$..Y....'.8........c......F.W....j..`lC..n.z.#,..Zp^..pH.1..F(...g.*]..jm.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.937069544459508
                Encrypted:false
                SSDEEP:
                MD5:B119271831447E94ADE2017465BD7A7D
                SHA1:D443C0CB9157CA0AF0F1223723488F4DAC64F41C
                SHA-256:072BF0C321A80B48087EE5A9D8B9B02437035D791B19A3B8ED28551D3C623129
                SHA-512:15BF74E8DA8DF38E11915D74B6D4AAB9F0D19592421BDD308E25817A08901F4E995FA4EDAE84512A05D9ABCF146974ECEC4B8E47ED0894DBF0551B870E7A8734
                Malicious:false
                Preview:...........n..[y...'r..R.|....t5.`.....y.Tvhh.M5J....sp....J4D..W.*.a..^.O.).....s....M...=...qh`.....cQ.8].g....#T...kP.,txf...h.UK....*1...g".o..k...."2...Z.+.=.....l.z.[...a0.9!Jw..:.F......7*<.|..c9..v.d.T.>2=..V.`...A...9.pYGixQ..j....85E..k]...=.]..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):778
                Entropy (8bit):5.9029238124265175
                Encrypted:false
                SSDEEP:
                MD5:5F77F483EC7367197B7649B9F07F0B93
                SHA1:CE0BE652F11B77F616AABB83893313BA24F3321F
                SHA-256:8AF784BB427F292DA78FEDA0E5F447CCDCC3DECCC7442156CE2D212412733134
                SHA-512:41BAEE3CC3363F275D5CCAB82091A4114F916B3C84459BC9B463C2F5383C064251E0FC4B6F98825D2044C8235F7F66B1D86C1A9384027A4DCF1047161463BAD6
                Malicious:false
                Preview:O..}....O...._..R..2*...t.Gi.1%.{..[.Q@n.k.7...u.V%.z..7.n?.......u=.W?Y](..qx...&....9v.0.C=u.+..-..a..JbMV.C<....O..a...F.RezH].D.....J...@E.z.....O..e....3=q..;Oj....Q^..0.y.:t..$b.E`......p{Pa..L.w...b....A..}.'._..Zz.ybb..&....!...<.S....rm.;.`.vT.x.+&.r460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1059
                Entropy (8bit):6.698909071262931
                Encrypted:false
                SSDEEP:
                MD5:9078EDB29870C0BB4EDF957250EFCAE8
                SHA1:D6C38728E3F6020E2132F920DBA1D3705DEE476D
                SHA-256:4AD300A97BACB2D988B647A77B0876F2C3492FEC44897DE21C74032083047C1D
                SHA-512:8EFDC3B183E68E46E8A123F31A25388654684B7D9384AC8CADDB37BC832A5DFFBA6CD7052751C7D917A860E5816DC74D78CD09E17145AE0CB2261F384C90F72A
                Malicious:false
                Preview:\bh`...kFy...p0.....l.`..v.g}y.|`..m..A..?...+..p,.w8..`r\..w..%Z.8.l!..R...G/....P.x$.\.'W.U.B..@...k.....1......;<..<r.....6....N.Fd..3..,.a.....Fht..K)K;...QkS.....S...l.3.a....e.E....".?^GZ....D'"Xi?..B.bL..C.,e...e......?n..v...#.I;3.......Gj(...w..7a..y..,}./a.w..k.j~..T^....,].../....B.R.gT.{.{k..P....a.[...X`..R.....9...y..>{.9.......... .&...1..4*:I.n....BW:.../...I....2Pi..t..lT.9..U..|....xW.t........Qp.}(../X..=.It.(.Av.....s0.A..8P.W...f!...h.u....x..)..b9.7...>5....k..tM......1Tbz8g....B...6.hQ.z....;2.J...H.~d460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f5208

                C:\ProgramData\Microsoft\Provisioning\{8fb7d64e-70fc-4f9d-89ee-d486817534df}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1416
                Entropy (8bit):7.174012102690096
                Encrypted:false
                SSDEEP:
                MD5:4284D050CE0E717B2D84C3C1AA318AA1
                SHA1:A6BE3A87E0E12899CFAF18207C1BB2D7E33EBBFB
                SHA-256:3337D0C1CE151699CFD90790BE42A87A52FE8EB9223813F5A7E919FF00EC00B3
                SHA-512:196C833DC880A08624F581F880F0DDB324B6F39121D6556EF24FDFD028916F865C733DE982230392A81507168A5B00DE647B4DCA22874D1EC79FF0631A57D719
                Malicious:false
                Preview:l&..1!......n.........J.,.......-j.. }M@E..dn..."O..N5.d9.nAM..I...............CGUl....g.$..R#..+nM..t1..A..$..u+...v/..z_...B.p.........._.....Gdy..6Z}y. .c2.ym.d.......N..#..d.|C.d..........kfa].i0.?.U.ZX.iN..ik....9._.d.paF..*...t...`.a...Z.....~...4.C...... .(.j..Q...Y..<..w...:.tC.mC9.{..b.+......8w........z.9..E.{...[.W./.....N.t..PO.7...(.6.7..G......#"..Y...F..1.........@...p.D..)T...jA..ly.....A..5..Y..].Z.W./.]@.*...?[..t*.;..;......F..b|-_.K..]......w...8i....{D#...l.w.}....:."(.}..... \.AS....:...k".XD1....F..O...vS...?..:.....T.l9?.G..n.d.Tn;m..T..Y......0.H>.D.-u..Y.....0..&.....G.#3......^.t....oymVV...t.n...).xO.J...p...f.....nEE..FnBvG...../.X..K3....G....E.e....yV..pj.j.7.t.:..KP..Z.;%...^n.y...u%.um...<`..6..9.....F.FN....~.C\..........?i..[.Z.uZ..c_..5.8.~..i16...].......~...5O..)m.z...`..<..A.~*9..;.hU(.3....F..x..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241d

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.895594188406812
                Encrypted:false
                SSDEEP:
                MD5:2C1B8E2BCF1C5AC34EEF936686ACBDC9
                SHA1:10D8027D6E21B8214561FF844EF1BA20AA5F70B6
                SHA-256:CB9CC9FC388A13BF29F862F2C1AC5123B91C066115BFE8A1A1C0A5D5B95A4D75
                SHA-512:39B36A7B9430C5EFA97400083C6DA843BDBB64AD278CFF9BC62011BD15C97B42017857A4CC2E5A73447895CDF9A9C416A6DF26195CE009BBAD551B37600380F2
                Malicious:false
                Preview:^.x$....==.N...u.Eb......w{...'.9..,....0.@.S....a.4+.......'e..."..Y.F..J.B.x.^.V0sv8T...~.a..6..zp...`dJ7|3H5.D...a........,.`Eq_.i...\V.rE ..$P...Du.n.....h.$..|....6..'.B..%.....r.0..+....wGP...i..\..S.......If..6.5.#.K.l6g....m....PX9@.|..................E.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.491841180197778
                Encrypted:false
                SSDEEP:
                MD5:2DF55640643C45014AD6B49B5C70B521
                SHA1:5BAC7D15394387C6B1EB076A2AF0C5DF04994F87
                SHA-256:D44D6C24F41944F6BB7214EA9052E21C86E1190EBDDB8620D2B40691B6138BD7
                SHA-512:00D40FC6E1BE53A953BE044EAF545EDADC1CF3F51496AFFF5EBCB3C84305E55E0401171DCF057E29552D83CA5BDBA9BA59ABC2E9ACD18A4B30F030766435B4FE
                Malicious:false
                Preview:....9.S.'....H.>...~.....$....r....'M.6.w.....b....kc....e...>.......T..r2c,Zn.d...2..=h.....u..keX..K.1.*...Z.l.....8.*...2Ut^...7....H.....t.U.E..Z.......8.p...@+.{(.K>.::?5.......8.^..{.........J.S@0.G-..f>..S..:..uo..{...I.C.D.B|1....b.....l.U.X.g{@.K8.<.kjF...^=......2.*A+GyJ....%.^...r.....ub1..'....v..]...CZ..O<...0R.j.V..M.0.{.....2.E...9hO.hJ...ed.Wl..m.&..ct...:[...(d=..p.r9.,.9...Wd.S8....".......|p.4t..P..V..........\...;...x5$jx..f.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2168
                Entropy (8bit):7.607999374949129
                Encrypted:false
                SSDEEP:
                MD5:C15DE7890CF0658EA2C4A642E7EB6978
                SHA1:4BCECFB7ECE6BD5BC33454586DDF6F6E6B154A8A
                SHA-256:EBAAD0FC5A9A3BF00E8D279423EE79082D490703EB7D9719A1D99E500010D991
                SHA-512:1F625C32600C6B4A7C55E94F227F67A9EED4A9CDEACECF31FDA2DC951BBE858FD80824C39F9A85F4F74AB889B1645636B5FF0C6FCD3D23D541826DADF796329F
                Malicious:false
                Preview:..\y....d.[\,..w=Qga6A..:..:...z.r<y....7.....H.zX4._.+.qo..JoI.....l.....n[.T3..V.K..-.X.')........`t.#2....j.f.9..;8........=..lI.9..?.X......H.O.g..........|......A-.Z.-@?S..*.!......d........"J.T...SJ. ....0....)...R:..mZ$...2............K.6..!.N....=s[../...B>adk.u.sc../0i,l&.k....9^.........yeI.......kmg.!4...%F.,...{...].s.h.Q.....f....m.u.nu;..-.Hp.0z;g....._..s.$.......(....._...g...@..J/w..N...o...z^..\Y...~7...e..&.B}h.KL...c..!?....Y.v..-h..).......#.J.XP.2M.I.....h<^p.g....C........Cy..iP......1L.k...I..,.....S?.A......R;.U4....7v-c^|.O..;^..9......y..H^.X...q....H..?....vM......%FC2.o.8..R.q.].uv..JG.+C...............`j.H.Ed/....7..T&...&.g...z....3....M,..SR....O.s.[}.....0..I...e.VH..!..:.R./.HlZ......L.&||..M.FG.-.S.8..:M.#...O;..\."....X,g.".Q..L.I.L..R.^.s./.....oAk^$m.q....=.............?........L..v{G=..I_...d.V:\.6...#.8.jQ........k...;..ls....o.ul...C............`]_~..1....r......;...Q..1D..}V..7....

                C:\ProgramData\Microsoft\Provisioning\{99b095d8-5959-4820-bea7-7448c8427b4e}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2767
                Entropy (8bit):7.716947712457765
                Encrypted:false
                SSDEEP:
                MD5:92E85C4292BDC10B6B20564E8AED10A4
                SHA1:71679DD4BA944DA1BDA9D70BE02F44C028F41F26
                SHA-256:DD5E0BF40D2326A6160E6FC497B6187DC64D5DA10FF9B1292154ABE6788AEDB3
                SHA-512:0704923808DC7E6BE6B80362C2A073864EFC2C3203175BAA33D69CF06DFFA32359C39F3237ADDF4B3B9A570021BF0C591A2BFE22C9D82FF14820F5F0C3953E73
                Malicious:false
                Preview:.%.c.)....+...........{P#..&......8W....O.j9.}V[.....w...|k.".....s]#.i..i.....[Sa.\...$...b.e.p..j.O.UD..-..=........S|.r..{......4.U.9_....\..p.1:..Z4...f.s#K.....j.....a...]..z........9.jKv.....N.6.%.w..{...k`.&*...X.q...d..+8..8...;up..o..=...O..`8I... .^:xlE...o....2F.Q.....]u.........kE.....u`..g.G3.L@lEoO2}....j.5s.`.'%4 ..K....>Q...[.R...,0%bm<...C...w\N0k...S..EY.b.G.u.+`,...V.z..F#g..2.n.{$.....yG..A1x.R?.....oV.1A.........rW...}........A@..Y5g...zS^......p%Z..d.....n....c. l.0u.m...=....E....S..|R../.....a...Pd.. ".\.......%.Y.V..?..z.....r.CMo..4.#...:... ....kRX.:.V.#w..zb.$9....]....H:y3.....?q#...zJC.....}.......q.|gi......D..X,.....m...@<YSn..].s/.N....6Z.>B...w.n.....v...p.Ut..o..K....-.po.. .q.Kn...Qv.k.VL.G....-;..+..0.1...Ox:..M..5g._....G.D....R.....M-.%...*..:....V9./(......m..>*.!.*\I...u5).5......T.... .|.3'..X=.Cq.F.>..8.;..*w...~...&......Fx.-..t...c!..\.&,......A..@fS).....o..g_p.".../...#...Q.(u..t.ci...@>...&."..

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.940197788907052
                Encrypted:false
                SSDEEP:
                MD5:BDE1D966A197CB7D139295B60E4ABA83
                SHA1:96193123EC9E115A8B273463E5E0A061E054C872
                SHA-256:F5726AC2983094EEABC5465B6C2D72C34586378669407EF6EA7678AE91DD3475
                SHA-512:2817F96C0D1A6C1617EF0534D168C8E91B5B001A580DD680EB4EE0DC28F78407C3D3A5B88C52C585D2729C5E4C92FD1F06448E5DB3252A23E315B059D116F529
                Malicious:false
                Preview:@i..r.*...D..ODp..+...r..;D....0.C..h..F..u7..J.I.XO.Q.....r..|9...Nu..8....C....yXe...r...DX....2..._...GK..'.>...E}."ji.........~5..C.S...F..C..{..`..gfA.F...72.7~...k)..Wx.v.....L...x..h?..1..S8....!.......7..~..W".......2E.CgRY.j..D.k.r^iL..Oq...w..E.>H..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.508397125789325
                Encrypted:false
                SSDEEP:
                MD5:28130C3DB6A2781F277F9F8D3F764FAD
                SHA1:F0B543152DD754538F1343A172C832015E3BEBAF
                SHA-256:7810BA1AE9D14546D20CB74CDC366360710B21D48ADBB919CDE849A89B5F9AE6
                SHA-512:38DE15E905102622FE3B527F4DAAEAC3B121581FF09EA08F7231F289305E82715D81C9C7B537E615B57EBB5A8CD7227EF477EEB67D26828A2C85AD09F44712F0
                Malicious:false
                Preview:c-nU/#...GTF.Z&OXr..z.0D....@.B....?m...x.u$4...ZQp..4.q.s......y.(.*6...N.oK.......{..9#.Kf........ZaZ.e.Rq..f.(....LVM ...?L<.XyU[..3......?...eN.p.}.`.#..... ...+...w.p.N.f.....JC..N..X.y.N.K.+..s`./N..G.......c`...7$....=.I_..=..u....\s.X.....?.~P.r.._...3s.....P<K=..X.g......7....eS......@.s.;..J...k]...z..ry.......O.&.....4.'.|.D.g._.(.V.T.....e.(..NJ7....v.Td.).9.|..&.' &c..d.."..{..OA.C]p....X.H.@..]...=..,.].Z.Wc....D.M4.7...X3....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):7606
                Entropy (8bit):7.9450155873799675
                Encrypted:false
                SSDEEP:
                MD5:7F52CCC28701222050B5DF8235FD922C
                SHA1:8F564FF0774AF3C92CFEE10C3A626CFDE1990532
                SHA-256:E1686856721FA68DA32176BBCBCD8BFA6F2C1DC465138652D910592BD45531DF
                SHA-512:00B698CA83750C983DCB2DCDADC3AABB10A411E5DACC9CE5AD0480232D413C902E27C1450ABAFEC3CB27B8B6911B1650DDF935745510F2E8350A113511ABFA21
                Malicious:false
                Preview:mw.W.h...^,<X..N.g.....1.9r...\.Sdr.......6.{/.!~.H...D,.Uz.#u.``j.!idk...!..g..N*...O.J...S%....['..........B.....=tBU...+...b.hj..^.b..[0Q.....["U......~`.%...4...,w.*.7..1/..J... .G.f.jZ....E..:~s..BD.e2I.s.e).].....<.....Yp...]Kd>S"........m.G#..V1..D.u....8$.2.{Db{Q.9.-..j.4.*...j......j.kJ9..=...s.ZR..=$Y.....j....S..._.......?...yb..\..[t.v.>.1.}\..v.y......pB.7 #.te..1...@..._*q.:h.....WY.qn{....r.CPF.}...?........%....,j.D.6M.5.t.....L'....D.V..,.x[.$E.?#-...<...si..p...S..9..8Z...,...U.D.,........y...V...-..T...+./c.....F...#..z.S7.$h8v.......30.......3.z..{.t.,T..K.7...g..2.\...s>..........2..........<......~*...#..At..H.....3ww.9"h.._.+<.......5...........x._......H.G*....RU\.r..i.1[...y...}5vP...y.~.[^+[.v...H.9.xa..@...o..'...&...%..~?......iG.(..Y]G.........H..dP.[._.L...73D|.f............g.7..9.^.....P.>(-...8].]8..3..../^3......aQ....W.)..3....;]......52.=R.....L..D...<&..b%/l..*...1[.|.+y7.....y.\....c...E.."...K.

                C:\ProgramData\Microsoft\Provisioning\{9aec5bda-1e87-46b3-bb96-1a01c606555e}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):7881
                Entropy (8bit):7.9413915813174825
                Encrypted:false
                SSDEEP:
                MD5:CF71EAF4FE5CAE6B094B841F1E216DB5
                SHA1:17EE4BDA7E972D09ACC1B904A346EADBA35097FC
                SHA-256:4ED6475ED34BBEDAD680E64963ED01E483E1DB6693FB0168BEF00F01410B44D6
                SHA-512:AD0C035F09D9F0750EC360ED7AE06818456477C521B8DA3EF01FF616CDCB0D55123432F125E721F4018848D102D3EF0C0ADFD3D96D68667095D6A5E39C6569AA
                Malicious:false
                Preview:&.]y..b.5>.p..EL..f....A...*..;_m.e..j....C.J..{R.u...d..?y.. .........'`........y.~..Q.%..H.g..DI.h...t..j.J.Y.v@{;7....j>.z..Z............f...z...`..Lm.{...FU1v.v.'.{.sy.F.5e.......TJ.r.......%.....w..W.Ow".y.^...+.....Kad."F.....V}...q..\gg.w...y.{...-..#.8.n}.s....Z.j...mwB|]X1n;.;..v..a....x...1VD......E>.4.....!......|Fn....%.b...wHZ.9g.>..C..<.......q.....jl4.G.qZZ...1o.!....\.,a..BGOe;8..}9...>.b.5.?.6GL..S.F.{\...e(.g...r...P.e.R.us..G..2.=0.QP....,N.).{.B....b.."v.8.8`..."fN4..Vr...B.....0....H...y.c.f.Iu5.8..|P.@...Z...PgoILVe`.o.'...M5...Ik..6.(m.?.cg.`w%%..,....S].C9....=l..:!l.l.U..c...{..yX.._...c.x.&.Ds5.@^...G..,..>jP.e.\.......'.a......=x....0.RkC.'|..J....}..EV.9.9.Z.9a...j...K........<G....^.H.r.I(.N....n..{i......[..,.L...6T F........O.?..4..q(H.;...[.XP.P,......`B..k.N..W3..L..../......BB.....fa..D:W."!.9.....X.j..h&....|s.\.p8./.C.....;....\>(0..x.u.3..0.J..x..*.0....%.rz....t]Xq.N.KUG..J8MBT.[.......o' m..z..

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.947468312763017
                Encrypted:false
                SSDEEP:
                MD5:30AA7477E5708623068FC519BDB0A66C
                SHA1:C73CCA867B417ACFAD419CFD04DF9EAB02170916
                SHA-256:5A85B2CFC8C5BDDD5B3934B9A0C52ABFDC6F7B71B8FF0C1E0E52BAFC93F1FB0B
                SHA-512:C7BEA79104E0F311DD83A63B170E59E37B8CFCE06FE3A0030DBD852FD7C50C42476198D6AD51C1667C5DB631F1806634B719C80CB20318C947482F5F663FCAA0
                Malicious:false
                Preview:...X9.m....SO..+.[.tv.3...A.!"%.v...WT.L.)@.|......>.2_L....S..`.*U...;S.h.0..~.J..=>..%.Sa...C..FG`H..w..*nM..Z(..l.Wzf...Y'...._&..t.s;...B....p...A......k,..o..b.4....Xb9!1...Ux..(.....Q...B......8h....&.W.m.tIsv.sW...Z...z6.(.b.V.s...........?4...E.};d..a.RtR.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):771
                Entropy (8bit):5.88792168505104
                Encrypted:false
                SSDEEP:
                MD5:A451C56D248BD763D0FF48309841034C
                SHA1:96E02F7B8DF17C263C521547BEAEA90F63C4B414
                SHA-256:624A9D4EF16791D717EDACE89E1F7F2ADBE47CF2E88AE5FA52E44F012EE59F97
                SHA-512:DEA16F42E56D59F2BE4632971CFD69F1F5221FDC6F1EAE10D4D7289A941A39BC78EDFBA8688036C8D12A4602056C7F040AF4F72FBCFB459A0C4600F1F45C5AAF
                Malicious:false
                Preview:.<..^n..j.q.?wO....zxRNf.t.M....wL.g......,W..z<....e.o<.....Xz".pd.......m1...)...3@..<....A...NG....}(.`..|.......O..n.......1..9^{.H`^..Q.l.t.=.XFJ..d..a..Lpq....l...D.#...z?.`3.V.."[..*.(k..*D.6....e.:.,6.. .P_z.zc..SGr>f.$.U.A)(....z.!....K.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2328
                Entropy (8bit):7.630030868051137
                Encrypted:false
                SSDEEP:
                MD5:36F45FFD496819EBA552D3094418E7D0
                SHA1:3174EFD064EB0B5F793A692193C22DE10E0E596D
                SHA-256:6715A56112EAF01BB471A9F9A724A0CB8DC313AB54943C23CAD02B624365BC30
                SHA-512:E29B7BF75AFBE29FA5C29005B021CE03FD4122A934AD622130B7D095F06807509D7116DB362ABC9AA4F5C1688FADA37D27D5390018200889F7C98F64F00D5E7E
                Malicious:false
                Preview:..3..m..v...R!..Yx.e.....*L."./.....&...6........h@.O......i0.X..Q...?..6q..t.:p.._L...w.F.......@!...=..`.S...ZQ...02......5.C77F=.s$.9...T4..f.u.;...DV?{.....o%k4+VX,i....a...v)9.&.I4..V{U..{...na...s..W..U...>$...=..q.R.&.....Al.l....q.[..o....z......L.#.A4(........A.~.........?P.@.oC..&g..C_|.....I~f...`..n...qn..P.[.<...4....].@.?.\A.mc.^5.9z...}.v....#..{....t...p......2D.K.J_..........-.Wx.}X.;...:S..3.Z..}.phbU.q.+..&.^.......~.ia...b>.Z.=a\..`.G./u.3H/........e....w..M@./_.NSJk..3..;.0/..2..../^......~#....;;.>.O2......ZE.a.5...6&..C.Jx..=Q.b.]./Cc^.....8PP.fD.z.....;!7........D....z\q....g..D...N...$...N..L.4.M..nB.Q..3.Q.v.qkt8%.OM...!nD...>.e....G.e~.e.......3....oH._W .L...oPD{%+.C......c.<.RF.D.2.....T..3.u ..@..m.!......1No.-.p.0..:Qc.-.7.&.....G.j@.2..R..drJ.c.[..(m..|C.{(..$...zK.4....#...E>.2.U.Rc.....Z...Mb.[R..?./.....$.+C.XM....z....%"..#.}.h.E..#.z..Y7..G;*T..o..k.X..B.........Z.."..ZmQ%..jv=.rl......0H?.. rF$..L

                C:\ProgramData\Microsoft\Provisioning\{9df6a4ed-fc16-48bf-8b24-6e2ad2bfcfea}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2658
                Entropy (8bit):7.680594124640585
                Encrypted:false
                SSDEEP:
                MD5:77C34AC5825EB833502D8F6E44EF165C
                SHA1:50ACC4904FA7B84C5A2EE135D4B7C1A17003A8C2
                SHA-256:8D19DB4EAD5DCF21607060B05B4223ACE6A823D81D0F00DA246C8DFAF8822404
                SHA-512:18BB945A09A0BD959A26F453A19180912EB10BB3C7148EB6739455D91F55B06A0ACB2501B97AFE9ECB9B2A265B690D8ABE63DD85DC12B31F9DA16A2167136A1A
                Malicious:false
                Preview:/M.nW.o.....X..}...."....$%J.;.1.(gc.v.nWN.m...........T..{..vR...-...0].%I.6......".u..&X"....e........9.vN.9`.y.e..^.}.t$nw.\?...........{.p..6@.:...J...Ki.u$....g?....a.~o...wCX.....9s.....0.bh....a@.7..W...2..].....u.P...c\..*9.....~.&,.\..G..,68ZD*.,/Z_+.[P..hT.-S.P..o....P.e.'2.f.85..N..Q]`.n....C.+..Z...B.=L.RV..U[=..Z'...,/..:'`....c..Y...[1z-Rz.|.T,.. .\,...0V]."..V..../".........;.w....L...ov..4...I.>6.k.................)}[...........Y...B..7&.....P..WV../@.(.;q]k*`;E..<...BO}.c|..Ry.mb..t^..f..f@2N.)9"|Gk...Q-..w}Q.{..J.....iB\.A.U..y....98.5]miCY..f.O.e..1.X6(Zf..@Vi.U.mqq.~..|..+..C.jAX.[9...]..KIT{jy1y.R.$..a..PnP.....K.@..g.z.....?...ty..x.X...&]k..NB..\.Z...^..+m.P.V..(A.|_...?5w...v..w..$.s&9..z..[.,..,*0..l...zJ....B..........2.&;8./=1.O...#.!..>..\..LG....!E...z.!...7....'..L..aow.|..V'9G.s.o.'BQ).....2.y2.4z.|....{....!j..... .(..J.....n./zv.).E.g}...XU..x....F..gl.......$....d.:.P....|.....ef.....%$...6.

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.9730769726701585
                Encrypted:false
                SSDEEP:
                MD5:11402E9D1E9E1561AE7947F9CB48C04F
                SHA1:2CEF51DF6E6DFBF6514E6DC24DA0B5DEFFA34609
                SHA-256:FD8BEEC8F6E7F22C822E87210CD46AB21F4AA8E9688AF76CC8CE7C5132DCF17C
                SHA-512:27C6859D33824E1FFDF37DD8EC2FC322B2CF1143877426906122EF151590B22E016B73D5C1BFFE92F0546D6FC18F07713807B841A6243747A2B3B3AA34B29F11
                Malicious:false
                Preview:y.A..mI]. .QQ...b(...8..6i?...FD.u.(dp......#.w..j2....O@.s.J..^.r...o.^...O......&.3p....(......$0....Th,.P..;..o.kM|..Uo....e......R~.....Q.*:?q.X(`'GBxO.T........>..!.!."G.3..&iI/aV)B..V.|.YE.<.. .Ki........{.a$.q..h....6k.7F.kC...;...o].V~k...c.).w....D. tL..rA..G460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.505542681960011
                Encrypted:false
                SSDEEP:
                MD5:785CF09FF06EF77094435E0C3F471B14
                SHA1:A33313788765234233B5A29078E5055602E3054D
                SHA-256:2419ACA5CD202A8643536623C9EEBCDA2684770D5A4E50865398FF4F8E719B70
                SHA-512:274A317E36D94D72563FB658509D63A96B844A3ECAD7D2F49AE919C16E741F3129147D220EBC1FCE8C35342443FB174E82CBBA1B9C8DC06A975EAD47301C820B
                Malicious:false
                Preview:..7..sd_o...gQ....N..G..qA..P.l#=.C..DR.5...5.P.W..T.%.+.L..P|.=.7..S...^P1..>d.D%.....W!..Z."......v>.9h.6.1.Jt.C.o.1._..T2C.?:[5A}...lS...FVr.....y.z.....{./.r...........H2...8......o.V....}....0..g!+..Sz~-J.5&.4PF......;WW..2y..}..$...9..Q.-.....8m..a.QL.O.bNh...-.%..#)..Pd.....'.1.Ct.{..rZkg.....)o=..OVt.T%.Td.g.$.p.....g&;.f..^-;5UDKj.O.....I5./v.p.M.4..A.t9Mc.J.'lo..!....U...gw..u,FvW@B.@.YL~...j.XNi..R.f..C.0z.oyk.J.......!...'$..#z.V..H.r.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2155
                Entropy (8bit):7.5780240072929015
                Encrypted:false
                SSDEEP:
                MD5:F53F648589388889AE554183017EC16A
                SHA1:7D83E2CADB892309AA974210BD4C64AB5CD0A492
                SHA-256:3AB6E92E3F4B64F35A7A275505CAC5943C355807BEBCE18C39B92DABCFD8E7B5
                SHA-512:14BF5A5B2E706276FCEDCACABEC502E383C89DC3017F6F050743A9E24C45C7CA04A2349802B34731687FBD77CEA0A30219BBF536D89FDDC74EF4B27EAE9EF1F1
                Malicious:false
                Preview:d.3?`..Li.9.&..>...Y.c......%.o.L.2b.H.z......6.V.e.-.Qi.....*N....d.Y...S...&y........\....n..D..x...M$...E...t.V.p....^.5...M.$.p..2.+13.[.G...V".<......$#.;...Z....59..5Z.....Q..".Y6..is..R'9.....X.{.l.............Q...(.f.85n..K.*...3.i..M......8..R.]".....C..oZ...._.A..!.....i..-.O.w.Vi..W........_..x..:s)...o(n..\..*.._3jY..v..z.....L.Zyv..f..4Vs.r.../.UIIuIn...TQG.....u.p..c.^].<2..).P.y...3?.^..1.5u......*]H.w..k....[..j.I....=..l..5.X,....@..>!...n.I..N...?n..W.\...+p..P[W...e.5.Z,[..@......Cv...o..X..j.Q.M....j\.h..Y.....(1.b...........1>.i..4.....A.$..>..'5..`^nK..o.#N\.a.o...$Y~..X.,..-..{.....P.:$s.G.4.(d.L..._...EE.....f.}.q..b..3.W..h.v....[..0[.P...evM.gs.E..'[.f,..H.I.g..^...0A.".Z...mS.C_...:....O.....X../....,g%m.c....q<...:..o..ni..A.Za.^@.axU.L....n..8.'.=..'.g.......2 m..}..RO.w....Z/3y.0..}......_....Q|.:..r.....Yz.7..LXcq..=|.DS...?.~.w.h........Mj....E5.+F......|L..cv....m........F\.h.._.q..K...p..........EjUQ=..r.

                C:\ProgramData\Microsoft\Provisioning\{b0b9123d-7d7f-4c6b-9973-ceced46f2a09}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2749
                Entropy (8bit):7.693441285558952
                Encrypted:false
                SSDEEP:
                MD5:70F2FBBFB55C9BC9426CC36BF536DF1F
                SHA1:B8BC5CC4BD84C25162BEF9681BB22C3B87DF55B4
                SHA-256:B945A258441C9B79518DE4081E20CED2C5B657227ED36643C9BF0769EBA2BABE
                SHA-512:51A1C05C39D5A00AB2353429C757BDBF49D287F637381F3403D1B6FF1A6D31E47D536A6FD59EB02C28E9FBAD3285AFEDB1326FBFFC607253A07510B66F9C90E4
                Malicious:false
                Preview:.?.9.K".B...h.AH......o.].....~....O......../...~.....e.......g8.....\..m.G.V.._...]..K.PcW.......?...P.E....H1....y...8xZ7.:Z+.V.z.}.0....."sx.$...j...z?./..u."n.+KU....k.?.:..D...=...\.X.S0..^......'V Y;.4o....*......Nl..e.2..^'..........n......_.%.......4(..xZ....B..M..-.E.9..h!5`l..R.v..z.l.....0o...../...(4....{..9.S..xB.....h[P....>............6>..8..r*..........YkQ.me....w...d.;p..>.c....q.t{R...$O.=....K..Q..{.lmX.!...h..)...a.]...n.b3......B.Qk8z.....Y..2.}5...Kte.C...R....c.]e.a......0?f.{.d..2S+."lKld.k...C.+@$..?._.O..A=Uj....1kb`A'.\).Le.(.".....d...>Q.........^a..o..Q..|./\K...H.c.k.(.I9'ea.....=.L.K(Q.Gl..B+..%.......V.4.#.!...h~...1.....\..P....le..4,... ........{P;.Uf.x..s..Ms.. ......]KV.L.M...l......X.....7....../6.I....._.g.....u................>..d.%...G..i..:i......-dR.u..6..-..Q{$.,....v?.M*.H......U..{.....x...cZn.T$*b....Rg..~T.V2........l....F......o.'a1.......0...O'.....N.Nf$..........9..

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.987489264447537
                Encrypted:false
                SSDEEP:
                MD5:2644191074AF841D1D4155207AC12EA4
                SHA1:EE3377A476C7BB7143F5863DF9F0FF6792B38D5A
                SHA-256:A49865D1F096A3CE92885B37C47E9E5E72DC812DEA92848203A10E4235017993
                SHA-512:E8343BE0456EC1DCF8E44867CDBD9DE6A161414D0AA0DF0EABAFBEBEB143DAB97270DA90B291F30D7D9AE66D6748552E3859BA499611C7DD5785F140AF27F021
                Malicious:false
                Preview:.QX...b...Q$.*..eF2....#.'.`.{s~B1..'...Ee{.....<.`oi%..p.4.....2..GI.._).JVR.b........P}A......'.vk[...<h...(..I....Y.0.C......x.....c:......O2t..Z`k...S....]+..#..]..B. ..FupB...CK.kthy.sx.q4.k ?.p.!.'.d...O..W..b.@_............\7&..{{e(]L,D...W.z..x..O.n...t.|.M460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.96445687007467
                Encrypted:false
                SSDEEP:
                MD5:7EF0989D8259D6E6ADDB2B5734F9C18F
                SHA1:ADD971F66B44ADB029D09B31B6ECFE92D6EEA6DF
                SHA-256:9943DEACC118D7F19B2A5B6B660A901F3539DBE1D6D84F799835076B15232245
                SHA-512:CBC0D00CC164E1F6F4C9C6DB3D77DB6370E8BFC887BE834B3BB363746048B6005451F5B532BB15F160A663D70F3110CA2B254D0E9C0BFC8A670073AC236321A4
                Malicious:false
                Preview:q.e./.#..G..3....@.....}...d=...A.P.>$N.iDo..y..........V. .- .c5...t.?LM.....p.Q...%...f.DX..CoI./<.nnw.!E...,........7...`<Z)m ....D.,w..z{\.../.n.u...=`....o.N$._].n..|/{.*..D..S.....K.......E..GbC.u..}.?g..l.....g..*.......N.C.1b....\.dKZ"_...R.P..C._I(E.H.|....0Y..z.#Am..x..z#//..S...."p.........h...{..k<.L.}..R....>5s..-.C:.j..?.n.!z.2....>..9#.{.Ju.mw..c.J:.."$.0...~..2k.z..A...Tw.?.(8%.....T.4.+..._.#D....*%.......g.eg.m..qpZ\....@+../.c7.....i......F..v...4....QM.,..o...F..$^.).lZ...f..Q...up.8:x.....Ax..?s!..|+2#^5.l:.....qV.$f..x.'...,=.b]7.G..].E.[ju,..\H.`i.V16..z..b..j...#...-.....&o..A.g....H..(3..3..w.].=NJh~!O..c3r..m.Pf..#.8s.6.S.._U....i..r..Rd.7.@............460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\0__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1909
                Entropy (8bit):7.4963008320419355
                Encrypted:false
                SSDEEP:
                MD5:FAAC2F6A822B54F81E546DFACA11C3D0
                SHA1:E3A9E189F3D431DD71ADBF603F9E5251ADB0459F
                SHA-256:70E020BEBD4D0C04977EDE0CF598061FA97DE883A38878CC8B495A032B6D4067
                SHA-512:B93358F265A963841C8FFF066919D98E5EB98566EDDF50E7EE6050F5939FF24EBB4C358386A7D6756FD6E789C929F1E417E38EE3E4712219380AF9F0737A3FCB
                Malicious:false
                Preview:...hG..+.ry%.*&..iJWK.-d.?..... ...Z..R..O.... r'....M..*7.{..Y......Ov.vm........:W.s}..3..16iH0.D?......".Zt._f.....f'/0..._.x..H.$..a2.l.&..a.J.7.<l...+$. .....00..!.,.AK...dm\...0.K.M.|4.....r...+../.....".L,.....5J.(.9E..)..9...t.^...x.3.H...gD...>_R=o..GY.U..k1.C~..U.*a...)8.........2.fWE.H.,..X...`.X3.G.Ti0x...$.&`2..BA".'..+...1...@.....|....#$..?..v.....N"5.(.-<P..Y...k..u'k...m..i....j|.dk.Q7\"YS..>....h...NU../.yt/........\......TJ..n@ZZ.d...{h{.G#..IJ..H.........)]A...s....xh G......&.y......>i..<......Q.K.<.8.-.9`.l..W.4.A....dZl.5w>.)i.]..H.._...4P..=.....t.Q.%.R...%.w...+..9/0.!.@..[P.V...j.d..;._:...^.%7+.....=S...o.....:......b....P.^........x.-.%V?r..j$x.....b.0.~.zlu....d...Yp...x.._'... :(.C..M.%...I....ZM.-.b.9.F..s..R=..\+ ..L.5.E.$...V.E.[z.nw..,... .U"...V=sn.^F.t.@.....yj.p.P./..%..G.....>O..y.........l.Y.........u1..Bb......A:.8.ZU.3.....t.=......-..u.#)c.m..Hd.^F...`.......R.C..2........Y.C..I].s.b.X.....

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\Prov\RunTime\1__Power_Policy.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:DOS executable (COM)
                Category:dropped
                Size (bytes):1909
                Entropy (8bit):7.477289328483719
                Encrypted:false
                SSDEEP:
                MD5:E4C7B6EC635F98E8B56915E8B25ABB6C
                SHA1:A9A0E432382857C6A91DDACC4487117865AE8104
                SHA-256:A1441D9B61CECC942FC1C63BE53BA2BE7E3E1C3C8C09C3DC038819AC98B7DDB3
                SHA-512:A8FD46638212F0C62B0B81F73390457A6181CB62DD25FA1F01EBC300EFDEF53DBC70668B2D611F44D850E4867322A08E2ACD10BD4DF91A2DF53AF5F24F5B902B
                Malicious:false
                Preview:..>G..,.O.7t..O...w.jz.2a...I*.n.a.#.qjm...0o..iBP...7V7;.ey5.......X&q..`b..:.s~.o...-C.>b..mCQu["uj.......Y.<..C],./A.F@.5..LV..|O...P...C.....\_3...8w..X>(......#<.>}.ek..-..6...c.J...T.....k..-V..1....."...Qri.y.8B].1...R.........(.)...,.....*...z..^..0.g.B.Q.V...iN.4..o>.1.....c,...P.!...$ a=q..w..,y.d....hc#...71....s\..a9....Ty...P...Q^.br...bLs....w.-.x.0..)..<....g...H..QJ.XK..J%{[.a..=.-..Q.B+.J&@...gY..PB6..OL?..d...5+.H..b.g......J..%.<...."y......7.=fl.oKSQ.B.K.|.r..>.=..5Q..e..:......~S..~.....D..oN.Y..gS.`..#z7.....yQ.../c....0K.....^.Z;X..K.....+.....*.3\..k......,......Q.........y.k....M..`P(..=1.]M..W.Fz....D|....N..M...Q.o>.?..z..;X..A...E.&.)>.C.....V.d)...RX....,......$y.............$w..Q7.%1.....f...8.;5..3.wa.5..}...Yx.WY....8.f|[.... ....e....>.u.@k.|...:h.....A."...~.N...+.:..f9P.w8.....V.M...~.."...?<[&. ^2`..`.......x.ne\......M...{...*..:O.^.I................m..+_|v...'. za.~...c]..5..I...x.&.P....T....k.&.p.

                C:\ProgramData\Microsoft\Provisioning\{bf56ce5a-946b-45b5-858a-1794eb0125e2}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):4077
                Entropy (8bit):7.85103981040673
                Encrypted:false
                SSDEEP:
                MD5:A2041E30700F8F34D030920100DDA747
                SHA1:6097C04BAB15AA5543F22F812B9A9CE50DCB648C
                SHA-256:66677F958B9B8A7BDC38A2DF72B9608C0E88C0B6D3B2D4E4F9A72AE61B3F0413
                SHA-512:099655C09DA2FD6FFB93AE3F01AEE7CCDCB69CC18152CE4EBC42383D385B7B0B556CE48F0649704691F476D0EEA5F20121B6A15A43CB88FB0A139DDF173AA0E3
                Malicious:false
                Preview:g..0..-.{.N.W..m..u.QD<$...<9..Q....R...T0}..P.$.|pl.B.....:.%.:.9.D.LG..B.?7$.&.L....g0#..>{O<.hw..pWM.(.......hg..D,.A_...62....yq.i[....j0.M`.rk<.{I...o6....=bl.Y.......T|.K..{.e?>g..K....6...MwP@6G.E.G.b2R....\...........wo.<W.H...8^.q.K..a..h...{).-~.....]. .9._.F..z@..|.....u.yM`.).U/..S...^..)D#...&.#. t_..,4.X......vj....%....'...5.a.v..m..W:C.2Xo...7G.u.H.......!..zp.K...S.O.u.....4.2.F...>;N.c-Rv....}.Z.]....E.3......d.P*.d...>..g./.Sr,.l.n.d....qj..nb....I..y M.sf...R;*........+..5. .,.7S6{.>e..RJ.+.*.&q..c>..F..f>=E.......'mi..|Q.|...Y.;.a.r..E..A.i.u\...@nm.t..H"..pN.b....W...W.b.X.4Y.o..|q.z...7.z3=......{..5F....A...E..h..&.?..d.....+..y...G.%..L,`.sV......J..&.........;.h.#.B....&8.,.q."i-...%~$@.>...b...{6...MMNm).Y..8....;D.(..o.w..8..>g.1...&.......n...^..........X.W..M........lhvnxI..l...5Z.hNGl..53.>.... ..n.i..........O.1..M.$T..d..+.....Lt.c...).9.\.]o8..:r..W...6F........;.7...}..'..+N.....vE..G..Q...1.

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.902634219086953
                Encrypted:false
                SSDEEP:
                MD5:03169693ACF189B030428F56D9DA379D
                SHA1:0FF948F700E08C12CCE019766B57EE2D1981E7C2
                SHA-256:8E07332AC84FCB4CA4DE7348ABBD3B31688950787FD44BD04799B5E604FF6023
                SHA-512:D4A0CA634DDDFDB583A84324DADD80FC978C8EFBC266BD45DA8DDCEAE3EE9858167F6F558A9C4518AF50E49F2377B35BC90880ED56ECB2784382E97E3AFAA014
                Malicious:false
                Preview:..+..8).e...xZ:..Z....9.L......."...i...v.z..7....~....,H..^...e...1..t.e.f9..+.;x...ML......;...w.$~......5...._.\.R....8|i....B;h[...k..6....-..6+]. ..:.Hj....E;.D..)c5.t...F.+ ~R..S."......M....../.@._..@....k...m.%.j..%..Dz..q.4.M .%i.a..[yc....W..3...8N*.X027T...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1066
                Entropy (8bit):6.710947013032687
                Encrypted:false
                SSDEEP:
                MD5:FB18AA62DAC7958015D488E60F2DE4B3
                SHA1:A24766952BAC09929AE96C74FA5BC28195AC8DF8
                SHA-256:0FE5D5DE66F86ACA35776FB70BCF0E1A6FAEFC490BE9F018835056119CD4A850
                SHA-512:D50D39BFAE25257B6FEA029681416A532BC34C8B5EBAE07925826D4CCC22E940FB013ABFA6E66617B0A080F6E1DB9AF26D9304FCE48E4BDFE17C51088D694F72
                Malicious:false
                Preview:....$z.WM.G..Z...Q/...P..^ev"fd]...}YB@...e^.....I.....".J..k.yh..E4.VE.x1...F..V^.t.]....5......Um.$...@f.1Zz....c..w..a......5.....5.\.y4OA..P.]......a..J.y0-..?..w...._........GJ. ..,:w.,......d.*su.*. +/....`....V.}...3z+bj....v..]....}.Q.F..B..$Q.1..T..G..p.&.I.K9..F.._.*[.,....5#^.s.E..>..OFaw..v.BN..f..)........,;X.;.=....d........`..#0....^...o.R...~..#.....#7...UDA...`.pg....../._...5..?....1.D...]...R.....F..?.m.Vf........KJ.5.....Z{Rs..).S..3!...vc.1.".k$........L}...P."}.......\5.>.y.h.....u..[w......U..M....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\Prov\RunTime\0__Power_EnergyEstimationEngine.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1197
                Entropy (8bit):6.936160697801039
                Encrypted:false
                SSDEEP:
                MD5:89F538D7DA18E1E6B4849DBF3EF1A00E
                SHA1:C6E26E60F53054A87277523007B8CB22A23657AE
                SHA-256:32928872FAE0F38CDB95C27671100455F5988865FFB5EC59CF2A84DB8E7489B4
                SHA-512:00864F287EA04ADAD6394DB7E872AAF51C00A8FEAC737D2F736E8BE74182B7CAA329F1CE86D7965D551F6A663A63299D200371AD7F1826E557B8E534B24A74C8
                Malicious:false
                Preview:...........f...).J...j0..k...pk.i...|.'D.nQ.._..."...0.XC.....|PPz?./8..!..3 ..7X..Ud.-...G.1.h....\Y..6..v.)...O....9...y..r.&.q..P.._.*.R...PB6.mY......z....Q8.N&.&bh...S..k<..i"j.3.s..I../.w..KW%...`.b.?9..Y.Y).l..........-......=.7.0E.>.9.&...lX...._&...fyFY..'+G....t.t..J..o..vH}%.s.|..n.$.x...N...s.....Yu..U..}..9..<.....G.(.....Q./W.{...t....v..T..F......U...m.....4)6e.jo..?..1.F'A......hg...6K..`P.:]....ThZ...[...!.................h..............ZK>..:...^...3..Z/D.E..wU.*Q.&...2x3..{.fz.V....b...k.nff./..=.6]a.Ee...y...(<.......n...t.. .0...YC.F`...<xPN.|........}...&.Oo W....(.O&....._.p."W.).v....Nua....,...}...BP.1X..../.I.t....x.....B460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860

                C:\ProgramData\Microsoft\Provisioning\{c5dc3753-b6c8-4057-b396-bf13d769311c}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2179
                Entropy (8bit):7.587089431568584
                Encrypted:false
                SSDEEP:
                MD5:6F2E38E5971F8BDEA29CF7954B41AE79
                SHA1:BD7F5BFADA11279079DE0E8CB0B7D5998A6DF31E
                SHA-256:9260D8D17D27C68D252C4E76FC5104F569A241BB3F6DBCC85F7EC9C40BC40E7A
                SHA-512:411F5564AC33FEE47805C571BC6519A902E7CAA1AE3EF5C1ACEFEF7809A5A5008AA63B023EE03521EF53FDF0E03E35E70CEE0BE6EC4ED52AEA9FC13F044389D7
                Malicious:false
                Preview:h..6<.37OgpK.../......Y3".H..k\.XEB}...lv. ...C....Db.....W.$..(?................+.x.|PqY.E.A.u..ZY3[.9.Q...w..$.b..'...a?........loU..b:;.C:m.4.|;.{......4....x..#....&v.......bN..ps..J.|.8~65..%.....%.?D8...-U..SW..w.C.d...r.I.)a......+..=#...c"...7.7..<.......S........j..V.u....'..v7...5....8$....i\..B....+.y.l.6)..M...Y....j....X6o.}..|..f.2..`....k...^Qf..Ru...T..AtSX......q..E.Rc%..}.).A...D...n...Es...V.#J4.....u..!8..$.. .V......IW...C.v...N..........K..N.7.G.w..g.].(..#.....Hy..".....NF..]......M.o[.qJ.R..+...(...%<..,.yr1.....uf.._.^...i`.&.?........7i_.s.0.=0...J......t.1.......-o....sg.T..2..2=....x{.o......C.._SP..w%....I...i...X.+1^-?...}.&...O..2...;.{...>{-.TFf..;r.(..$I.4aE]....t.)u.`P.!.....s?..!.:WU..U..$:.?.A5_K...8VQ..?.1._..q.o...5.I.{l....I;0~.;.MJ....r@.o.Z.jX..$4...8......%x.....\..4..'W....z|S.}.s.....7O..8......<.).V.....m.8d.H....v......../.dE..x9qs2...p.XH.....]|...Db.&..:.......\R.........`.i8k.Eg.3!..cG*..;...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\MasterDatastore.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):791
                Entropy (8bit):5.901252976700034
                Encrypted:false
                SSDEEP:
                MD5:4D0DDEDE75AF1C7A3073E4CC0B816229
                SHA1:B35F7006EEB029CCF8CE690E37F3DB4FDFB6D9CD
                SHA-256:701C4B777D64982C79424C2FE0528FB424221E8D01DEE6A944A566E7B86D5F34
                SHA-512:4A10BC9F576495C1D43E71C05BBF76EB092034E633EA8D2BD59BCFD0443873975A13041825BF5C5F47675BEBAB2BD0CA0F5A35FBC1061E0D678800A53E2012A9
                Malicious:false
                Preview:.G....a.~......a..r}U.........}.\,.&6.f.......C......9.k.B.c..t1B-.f.X_Y...-.8..}..I..R.5.F[...6.;.}[..].I.0n..b..PtI...Z.....d+c.Jh...F..HJ.nWsU.._i2..H.4.O.X.M,k..N...R.......&.9.E...z....$f...X.{.......vQ:S.f...>......XU/.....'G."....... ._..-(PW^?...v.a.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\0__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):816
                Entropy (8bit):6.076085178164504
                Encrypted:false
                SSDEEP:
                MD5:DC75B4F34920ECBDBC0509FC5E82A164
                SHA1:4BD5CF7ECFD793B82BC7D9E5281E8E224CDD8DDB
                SHA-256:B85EEFF6E82742F93367D72D8982C8E4D40874951865A608DDF508804E9176A3
                SHA-512:9B2BAB91BB4B50EA8FC169212971994E7FBE059E6B5EEE10F494C03ACCD57CF9634A1F263C2B67794ACF4FB426511F8703A7E2163092DDD0A5E5049697D341C3
                Malicious:false
                Preview:u..\Qb/..(.+....i%b.......j....N..M..Jh..'....E].e..(.8..C..uhg.2..M...V.nZOi. ..'.`...7.O'l..X.M...<:K.jZ......g.-...Ph...&.v,.`..X..t..t.._....V.D<.... k...I...|..6.r....D...[..K.I\we.>..[.,...hes..(5.x..Rj9]...5w_..p..$.;&G.%*..Jb.....o..PS.....rq. u.N..O.yh].7.-.....$....5.E...\jh!460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\100__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1235
                Entropy (8bit):6.994370212280972
                Encrypted:false
                SSDEEP:
                MD5:49010722E495384F4973BE56A1EA20E4
                SHA1:6611824AEB0FA0A605374EC377E707A4F89F3022
                SHA-256:BB65C681DFF1424B1D7C8B1D414C833478EE68F57A49B3AACD88F359A47D755B
                SHA-512:CA07D5DC11E38B243AEDC20235D922DC5106899F19F43E9F5350241698B63856B1EB5BF7FB398581828C8A8BDF520A730268578E74598A6AB6F64DC4C785DA9C
                Malicious:false
                Preview:....w.4#..p.f..5..^ ......&......De.X. ^...3JA.".......U.'....K{..z../s..4..$..L.......t....+.g..*..E.G+,..$..r...a......Z.s|...$9...e.....)..~.E..-....h.:uE...'$r..@...hq.$^.r...I}m.O..}|8m...l...t_x...5.....h...U.d}%K..5...dE.:...jh.]....y.....V..%..q@.....N.%m<.?))B.{EjN.(C.-`.....Eo...2..!.<i.N]...t.Wd7..,....s...&1...k.@..1.a...2..`..h.7.N..M...u..#...I.....^..`..re..V...t..`.y.d.I.I.&F.....m..;.N.i.:i'...QF,;..u.0..;..w;.....m.6.......N... .._.-Y.....4...=.V.1...8...-..N.Q..xPG-..#.....zo..F]...4.Zl....4.u\...T;.k..kO...R..0..G.%u....c..2.......eS....".....j'...K....={.n....L.AM..v......$h.../..\..L.SF........?s..'[..EX5..d..`...WlCy.x|..<z......XD.uV..`.b.lR..A.d........d.T.~460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2feb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\101__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.758243094508521
                Encrypted:false
                SSDEEP:
                MD5:1D1841AA2D21BBB0CD908DD39B39B35D
                SHA1:AB4E61D9AA9B049B7674A8B76EE121FBD9A3F172
                SHA-256:2C6606EEB35A3A1DBCCAB5C1C8072B1365B19C6A90EFF838F043844517BD9A2D
                SHA-512:3B25F8A3EDAFADA7C0A46E3826A0DBDA9BF08A7EAF4306024540BDE0E68C5B2F646C5C88C72BED2899122885C0A84ECC82D9944CEE7360F1FCBB53F23D05C6B8
                Malicious:false
                Preview:..M.W......gG;.f..0.3I.?.?N..9.9#.......m$pg..KK.i...Yz.L. ....}.s.[.cVz.i.. ..(..v..._...6).u...d..8..,...^...<8.:(J.$.*............Q.2.....J.L7......}61....q.(.B..5..+..i1|....":......bS.S.....F.r.m..%...s.....&...|5@....g.\.#.M.i..q6..Q.L(...<z.........U..#d..^I.....o.|.x%&.h.z.9Z..z........'*..A.........b..f.`.A.#E{@.P.D{..%?...ht...}.....d..u...:>..m.4..iq.6(eJ.;.w...R.....&....t...2....V...O....k:...72...g.=....NrgEwB;|f=..Iu...O.o95...4....(0.$.} ...E(;R...d.u.M.......,..............9..k..."Ew....H..I....uD.D).Ss..@.*..m%.....l.(...!9.S...!L..%...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\102__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.673488097006094
                Encrypted:false
                SSDEEP:
                MD5:1F097DCF0337324CD04581DF6FE761B1
                SHA1:1F2296C56CEED2C0CE22F79C3844EF9CABC1DD5F
                SHA-256:3CA9C8FAAEED412192AF97AAC9B8A5539A420D30374EF2BAC46B2EDE5002896E
                SHA-512:06EC2AEE41CD8C6BA6DA2DC61F543FF64C3E5D6B4C6A955D552FE8F607947D2490DC41265E60BFB293A503F2A6FE97612F535E515258F0E2F7EFF90B5A419925
                Malicious:false
                Preview:^u...k.U{...)7K..|#..).8........rs...F....._@%R6y..I.3.`.q..0|...mt....`.d{4..!.......b....38I.in.......y............0..Jvi..>V^..e.<3)..`.....z.j3...T.._..$C..Y%\@.@P....Saa0..L=...`2.\....k.....;.....[.V.@B..&eR...Lco.q$.....I..g;f..Q..E...-l%rq..r.n_./L."..C!..E.,....s..*.a..)..%1.>.U.....(..d.u.x!Zvc..Ks.>....$ F..W!...r+`...".Q...D!!.d....t..\..._.:J=.S....V..2In..y....}..^..<a.......?..iZ9....GE.V.|...y.v..C.^.Y....d..#.............mS.......~m}x.~...f!../.SY.(.8..F=.._..G....@.@.l.....A]OsG460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\103__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):967
                Entropy (8bit):6.557495064795296
                Encrypted:false
                SSDEEP:
                MD5:F2DB992554891C39210473803DA42F6D
                SHA1:63DDFE394C84F3B425338A8DAC051E39C77218BB
                SHA-256:963C6FF1172F2B79C71B13467227985F44ACAF1D103FDC375313F010BF0D3159
                SHA-512:ABE1DE116FCBD3FA276874EE796144C4284662EF0765212F7BF161169D722E0F994E453E6A0D38B8BE9A372499DD022DAD8E2A146732B681C765D692648E42A4
                Malicious:false
                Preview:...>>..DZ.....w.anD.F..y..D...T.....l.._..r....M..9V_....8....1.N.G....R..a..WN.o.......:1..Pk?z.GGQ......+x.......y...].c..T.L".d.,Z.......q....0...g|....fgBF.R.R.......U.SK.'...U.D.)...<..`...^.E~s......./J.os.r/Z./.~..pC..c\...........=~R.L..Q..<...5...'....;'..)..j..d`...]mA.u..YH8..).9......'..C.T.....%=...6.....h......b[.fL1b.._i"3..ng....)-S.v..]..%...Gh..;m.}.v:...;CL..N..q..k!.@...n...I...3......U..S'...GcW{..)R460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\104__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1783
                Entropy (8bit):7.456716653396949
                Encrypted:false
                SSDEEP:
                MD5:B589F156B2983A2EF5BD71BE8D4022BB
                SHA1:CA760D35ED47436177377A893B6AB01DA905C5A6
                SHA-256:4659F1213C6BCCCE58E89FFEE6B6EA343ADFF836B191F6A0382D46BD4824AE86
                SHA-512:E3C6BB03AD0D87FBE00C06DCC1F923CFE25DE390695EC47EF97BF3FE0B6A2E404E723A5C6B1ABF932E47F114D867AB29BCB32B46A6BFE7E7AFBB0A976979B58A
                Malicious:false
                Preview:.*.u.DUj..:..5...Z......<...p@.p....".R....g..p.....<.I.zW.a.......I...AI.f.Z.jW.m...pHmLJ..y.......7.....p...S..J-.7.e..))6Z.6.T'..ZdiO2..A......=k.*!M.....S.4-.r..Xn...,...L...m.kX.?z.NO.1<.1baY>J .u..VtB).....u|...9~{..GQqO.......I*VM..\[...'...~.<[....../^...2.}.k.VN!.t..E...x..k.v...d.R:.a...&n..Wj.S).X6.(U:..G..}.._!H.Z_....|y....j..)+e....r.....H.d`T!.R...O."\.8.f..c....m}.....y..DE.;.xs\.Yr.A.JR..pw.._y.Z."Z..t....6...Z.TL.,......j8a..*..@V....y..Kt5-....i..ySQ..9.Oi.d...d....#.8..*(^..U:%[...C...7,.x.=#P5...X.......W{...M...Pb.Q.:.9.....;..\......j.A.f.h..D...Z......?.N.~KI..&....q...;.Q.e..QZ<..fA.~..,.`0....]Y.D.._a...n...9....)+]I..D..,....B4G;?.,8....b..E...s..s.`....J.S.....,.G...-.Qi$3..h..'.CY.!........$..q...\.G...../..#^.!.XK..}..)>....)...>.u.....C.4...v....Y....o.....I^.A.,.....|(.q. ~.[....Y......I.#p......"....U..o.y...:....p0.......{O..H.%Dl0.\Q..#C....L..%..R.......Uf.....l.....qAf..p..|...T.Ly....w7.4u!\-....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\105__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.949220955351414
                Encrypted:false
                SSDEEP:
                MD5:DB7B6C9007A9EA8FA1DC34D886C8A0F6
                SHA1:E077C690F9C0C56A0B930AB56BF80D4D921E8400
                SHA-256:C9E599A93B45A23A68EF98BC8AFEA581BA5F2E6C080243D301EF26D6BA9E644A
                SHA-512:90B74AAC9430640A7152D3DE010428056D1B57BB9FBE46AAC9FC2F7DE32D05ABD610B7F29A864BD4E730A2CD9F3D3C4CEB4A9ACC364B0569A9DF58899D2E9966
                Malicious:false
                Preview:..._o.......Y.'../........./......^2..g-(..,.Jo..[...r.,2.rs...$x."f.6L.8.<..Y....DXK.6-O.!.....:..t.n.7E...K...`d.../.....=.O-.P].@....8b...VA..6.s.s..0.U.)...l..hF.GW....|.._.q.)z...i(..`.Y...h.R.P..{.*.A..Fc2....@...l..................ez....TJ$...0.\q...n..H...[J.._Y..3b..J.a.2...G....yg...c6^.....2..oF..T..H.:.fr..z..$.Fj{k6....v.A....A.1.O.]V....H...=...d9r..3.\(.:.......P.s.^..F......H...+.4.j...d...n].5..!.....>.......%@.........>.yQ.'g!T:.[.4.Wb. ......W..>we5.Q...h.y.8..c.....g.....8/...>n.~0.H...m....3eJG..A..uTOZ%..}.J$.9.A.....J..TD@gl....M..p.Q.A..|.JA..G..Ia..r.p...i%.k.9...{.]...J@.8.Kw..m....L7y.g..\...L..T{._......su.Z.3....[oQ...nf..o!..........OtR..s6.&460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\106__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1268
                Entropy (8bit):7.040179649069668
                Encrypted:false
                SSDEEP:
                MD5:15304FC97544DF7CBC887E475BFC9877
                SHA1:135C691B5FD6B7FF672B959E20DD3A1B9F731BCE
                SHA-256:C08F9927132B0823A38A6A12D475E2216537E6DCE63887DC024BFA16643B6429
                SHA-512:DCE1A688E2FADBC0788F2C22F0332D6BB0FC06A62711F9C9F64FA2AD0AA47E4BEE3F7041F33878CAB1DAA0B21E5C5B80C563A80071BDF42EE6C82170CA88D261
                Malicious:false
                Preview:p...g?.....8b..N.R..%.}..r+y..#3...!....n.C.).n ...@.t....U=s.;NI.W$.`=.z.?m1.KD\.i..<..s.....9,{./b.L..GR.S.#.=...2.lbE...`.X..>...fO_..)l.-.2<..".T......wq]......4.o1...#a.....C.lTu0.I..g.We.......&.yA,..X.LBt.u:..../..p~.~.e.x.....m..F...E.$.`~.]|.<..o............8.t'X...'..'E.(r.(..^]f/..Q...F.q7.].%......X.. ..-./.^.q...cY.....).t.0G...e.^.d.....0..Q.>.....M.-)..A....0..C.F.N..m..@>....1...o8.J.aBtzt-..z...,..:BI....h.........B.Y.../..E...@|..".&.V.Q...;..@......3*lq[.J|....2^.t.TmU@.....:..)9*..!.......q........&AO.G.W...............ZM[....T.ko.0..0...QV...]..3..Pm..cG${..!g.k..-.[..*.O.#..C...P..VO.5.Yk.C4._J...E_.W.........$...!..4.N..,....#...A..F....I.F....O..u....rY..q\d..UMC.5..reY.:*.w%....,..p..>-6<.nv460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\107__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.760367174690659
                Encrypted:false
                SSDEEP:
                MD5:55570116C9B43DAE3763D6E7F3FE5B15
                SHA1:822A9D703F1E47F32C27677BDDAD739CC72CDA34
                SHA-256:7ECD3ED774AA74158A6993B07293CD2D07AA26A50EF2F1DDEFF283AB2ED895CE
                SHA-512:FE5E2EDEE2554DA5315C93BA0C5678C6190A1D372FD5F009CF3221E417CAA418F2780322A02C0569E0DD2573185D5B1A710BFC18CAC85D966D293CDA909268D1
                Malicious:false
                Preview:..........xl........$.../_.......3?x+...<..t..EY..4.#.(....o91y..0.n............,..og...1b....Y7...NF=......F.7@G.W.@.yz.oI......y..[c...Wk...Q.W.8u...~j....c..w......X..4..q5..7.VS.&. ....x\.....J:...I.=[...2.m..d..P.z....A..\J$=....T.d..y.!s.k.p..<_V.=.f'.Cn}fo.FR~...]V.:.....(.K.s..o...^0!...5....d".R..Eh3}..Ns.a......d...D4.#.. .,.w....[... .n4J...... ....:..2Pf..+h...z.s...r..Ik.s.....|.[rI.ptx...M(...b.V......+x.t...v......o...%E#.E.. nq.=...w5.-...h.DI...I=;8].tC?Y.f...K~..... .....J.(.........r.j.......ONo.4...^-..?...J.;.lz.X.k...e.k2.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\108__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.708863648223279
                Encrypted:false
                SSDEEP:
                MD5:1FC102079C43A8454C7CEA747583F4E8
                SHA1:8422AF59A6D4E654125ED6475BBDF4BBC7716A18
                SHA-256:8B0495A95F64B0341D10BFB523685B34B3F1A135F05C27C7094E52E8F1892412
                SHA-512:44F218CD4D44923C8618852E3235052EBBE04E8579D2D21C4A0ACEC2A76A1AC9E2BF85529F18111315175911B8134F640FEE47F69C1EB8579D9470B07CA03123
                Malicious:false
                Preview:Y.x...M.......c..)#.<./:.:. 2....z=...(..f..i.K.u.%.+.J'/C.J@v...s....\bp...{..s..?h.b..u.....^.s....(a....3....>.8..|.g..<.*.;.$B......o.Q.....t...p.\,.."..N.J.....@L....j"..u......q.(H.x...F}.o...f.Fw.].>.L..Gr.....K...En..%[..H.........&.;%.v.b...Mm}.{.M.t....T..../.x.*.H.#..v7....K}.0.V.n8.HQo:.b.$........4...K...b../...........J.q..?j..`4..ux.O....b_X.?.b..U.....g......nD...I8.o.w.....}F...8..f(>../.....DA...h.}.?..u:..@.`.u92....Fa ...]......i.m..WWP...Q.rif.............T.......L...."460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\109__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.456605283694499
                Encrypted:false
                SSDEEP:
                MD5:68D7D116D148804912C738264E6AC74B
                SHA1:2C6C8BEB7718517395F0C12E7EDF4B60443E062F
                SHA-256:0B5754E2D4D17E154A16C638C216D8A46D62442EA0FF2665E2C92C79ED190600
                SHA-512:DBBB056796ACF7155968254114CC75BEAA79EB125D9D40C3BC4F433DDB35B0A0E45385B5331829685BBFC03B12806A72BAC458F204FED8B732E321D4E49EB7AB
                Malicious:false
                Preview:8..'U...`.v(..e...C1N#..&P,CQ6..p-.T...1`.g8....4N}.S..a.+.i.4.|.i(.f.E.O....=*.2f...Y.8n..@U...0.{..F/.C..A../.`|..E.X.8...+Q.).3....!..Y......|.q.B..Q.....z...@...5.-...;.May..s.wr..."....eg.#....=....X...P{..wG.....!.;H.m.`...+.$.-........0Qg}:oB..2....0O.]}..Xb.;U..OC.8..Y........*...y..V#.X\$.h.o.....b.Q.A4.Xg....yFG. pUG-..s.>.-..S.L...D.I.v.4....|.....V.g[..U.....X.=O..L...}.utb.=?{"....P.>kH....(. ....J7Zp.].=..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\10__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.968905601139881
                Encrypted:false
                SSDEEP:
                MD5:F8DFD1D4D6F0393AE0EE428BE79F466A
                SHA1:7844834D918A2D32CFA5EBF1CC7343FAB72B6E47
                SHA-256:33B0CFE0DFAB75219B8EE99FE8141B527FC3BA700D38D09CF411D817BBAE3796
                SHA-512:D380C52A23C36FA7A955696A251ADB9DD2A5B029F119D211528D62775CFE1B266B01A6DE70114ADC36EE3864187DDEE8811C069CC7C6554040DE14EDBBB65007
                Malicious:false
                Preview:X@E9..q..y..J..=......p/..).r..3..N...Xn,.=.+hf...:.N.......;..aC......d7..x.p..8D.x7..........z..._G.g..59..D.q.....w..l.a...z.z.C.Dw;.6. .N..b.&......?..j...Pg@.go..@.i.i......An..&.....>4.....x..T...l.v...m.bTP.H.$eA.T...?....Wp.....O...d.E.......2).b..M,J;.'........J..G....".mr.t.*r....Z.)....e...E......qy. ./..J........\5......c....A.Y..g.p.Q....e.....%.>...-..~..#..M.3.-..GL. 7..E.q..Q...%.6.,..FU.&..=7..-..#.XIM.<._2E.e.l.{ZC.v.......$.=8...2.+2.....%..5f!F...,.]."....$..hUU5hS8.|.T.G587..L(.O..{;...vE..~.....O.1.Ry.;..a.n...d....X..+1g.,..X..+#.Hk.@.S..f.Ow...."..{...{...........+.dV&..Y.~'.*.....7..)..|.xB..:#l7.....eL<..W.vt........M.~.c.Ow.vWi..C..?..>F.....jL5..c460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\110__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):7.008009996153627
                Encrypted:false
                SSDEEP:
                MD5:F311BE645A5DEABB59AF99F234EA2CFB
                SHA1:4A227F2D7D8A9F0344559727747B9F1EF11CB0CE
                SHA-256:153BFE1DA0DED27028B10CF0210C3A976A36B760924D1FDB2C5D0E8D9A9D6247
                SHA-512:E64E9B357B3E6FE1BBC6F98CCD9B54003F107F5984B3014EC23C3D067B1766E4E8E3A37FF6D253B39B95AE2207A1E19FAC552B3F8CDB89E25AB800E927952D02
                Malicious:false
                Preview:K...}...M<.=.f"R..4-......vk...._+.Q....b.L]\..},..r......}1.'...S.z.H........S.=.....v.z...P..~.<.....X.d.Q+..../...:.C..x...^.Y....n.....`.1.Hxp`.51..x.![..V.O..:....<Q...:.S.D5.....^P...7h'...H...P...V..E1....T+..D...i.z.......3.%b[E...k..TH..../.@...JrW.\.G.Z..*?..Z...r.......k..I..64`..od....x.X..m,...%...k.D6...}F...uL..n...41.{tQl.&v......e{....k.........=..y....,.:.6&.....2. Eb..{@..A.>I.,C..tuE.]S..L..."~..4.j|.pO..}R`..NP.@..?.I3.rU..#.^,.U>.&..7...P..Z?..Ry.o..x.MQ..5.=.<..T@t.oC...e;H..Ce!.(/>+.f}..t...*....]...i.k.....@c..l....O<k...D+.M.qcq.X......m.....M6....C>.:nh.3...,qA._$'.".r..k.&....dfR/.21@....;..JAl4<.......w~P*.XA.%d.|.L_...?.....[....^.4.&......x...V.XiY.{.p.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\111__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):971
                Entropy (8bit):6.475162477335369
                Encrypted:false
                SSDEEP:
                MD5:00BA9A15CAD0F6AD80B04E6EE7CBEE2C
                SHA1:06872778DE4271EE051C18C413FCBD280F048923
                SHA-256:EF229CD00DDAD37AAA95C321F4DD9149772D3BBB568587688CB70816193722CF
                SHA-512:99D02133295B057BA2360F59A856050687658CB9B4B9312E4B94285CFCF0E1DA347BEA5584476A7904685E3D81DAB971342F181DA753860768D21721CD1D3436
                Malicious:false
                Preview:...a:3D\.+.._.w.O:..-....74..a..@0n0..h}5tr<...90e*"U..>.....vK.]...%..a........>.....I..e.Z.3.....m%.X..-:.6.=.Bw.D~..l.\..... ..OG,"EGR.x.u......#.y.d...\.......n.9.M3=n.....5...o....N..?.H..{a`S.~k.t6^.F....3..{4.OO.E...7..T..GT.2Z.....Xt.A.....yg.jc.J.~...5k.1.dXG..o......&z..[.ec]t.'F......[.#XD.....R.P.CP.........c.\......G@.....x./>.bE./..,cE.W..Zz........m...*.)3"....^.F.l....[O......F&.......G..iq.........X.%...c....v9..U..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\112__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2847
                Entropy (8bit):7.709939790662401
                Encrypted:false
                SSDEEP:
                MD5:484D0F1192744914A8D6885F5FC4DA9E
                SHA1:0242730725464CB8A047F595BDCFC41E0779B8AB
                SHA-256:F6D25889C20375CADAE57376513A97C0914319102707D9348E0F62C47764E639
                SHA-512:7CE515317F28F15BE34D707FCACEC3513DE99708DA7301726B355908BDCB637863A3907A56D2A016352833255D1DAC85672A20FB07038FBE4B11EC4DE1143C4B
                Malicious:false
                Preview:ZR:.B...4....A...<]o.|.TpZ....1ls.b.y...0.7.Yy.%0b..4.V....V7| $.....Bb..n.2..O....]..b.Y....65.!..3P3..bo.f,`.6v.v..7.c..:LX..K..q.e}C.."..%.e.#\w.<.:.[.-]...7..?...S.R.z3w..DG.$X.1...PO.A.[.._D.T........K.#@.....R.X..\.O:..".!B'#...n.<..6.y..eX\...T2..Q..).n....f.3....9........j|l...!._p....Rpk.AQ=v.)O..^.Nt..+.K....P..*.}...~.X...`..jH._..]Y..$.S.D.......E.-._.r0.s).;.{...&..#....~..~.....U..aL...4.....x'~3..5.w8..xt...H.......O.@.)w.j..G.tG:[u*g<.+...le[<R6.`B...:.@.O~.t.9j..l T.U..U...q.x..=.F..aH..%=`...\..~;.R..b.#B......Ml].....(4..."..9... >....sk..V. ..5.-I.....r}.._.kG1.s.X...!"j&....:.....N..Z(.g4=>0./...s.@.M`m."..J..t/|.F..+d..}....h.0...kY....uN..m....i._..N.w.L.8...............[GH..E...+s.a..Z...<{.+.|. ...pT|>.71 .L.L0...)..g./.....V..dN.@.(....p...=|1.6}wwHRB.]w..z.-.O..m..T..jG}7Ij..~f_..e.~.j..........M..=...sc......^....(;W'n(..yx#.<)...G.m....1PK....?..'!.>..7$.^...X)^:..\.>.v..!....MP9....S../Y)1.l.d.L8._.+N(1.pg

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\113__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1165
                Entropy (8bit):6.885036327203583
                Encrypted:false
                SSDEEP:
                MD5:8A272A9522D03CE4C1EEA9CB8EB5B239
                SHA1:EB92AD80CAD0C7D8C4A2BF09A8C6D725A44197C3
                SHA-256:E7F9FC162DCB1B4DCEBFF0DC68977336C33BC3CC09BFACA4137F5969951172B1
                SHA-512:D4A2A06865D5A096D3E6E40EACCBCE5A440D7B3849E1545221C2A41B48276112EA7C277315E3D07CAAB0EF687A4F31BDE37A4E8EB6C5EA2D1BB5D66AA6DF9A0B
                Malicious:false
                Preview:...m..@w......s..J$.8..4.vW./?....n.0...].=..K\ ....p....x.ii.F....\L......2.....>..J5{....._Y..C......Q...n.-...} l.._.S.f.va&..E%b.p.Z9.=..W....1.Doc.qmV...jM....TU.?.^g\2...."..}>.#.'f.8f.....#.z..A......L...g.U..B.t...?E../.T....G}$..Z...Gw.$..ob.......^..e.T|.n..}...Ec....$".."...C..4&..V.&S. .<.J].5..>.Q.[..?.)`B.._t..q.......N....G..HQ.......fc..[.P!F..e..^..@..."z...\8....q.ZP....p%...."?.`..=...qI..t.<.&#..>.!*.....M.....S....9.6.U.k.{....R_..66n...Aj.6l$"..w0.E.g...<.>..o...c.....V.E...I.;(.K.Z..=.H:^Ww.Q.[.Y..H.>.r...(y..$..1....Ov....h.0........H.o.^..UU..b.Er.....G....DS..w......?j#t-b..#..vD..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\114__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.9756848313090005
                Encrypted:false
                SSDEEP:
                MD5:707DA6CEA5AE1914E759E9A548EFDA6F
                SHA1:B56EA6F37158DA048A354D1C8DE7754EFB794314
                SHA-256:6F2D48F61C1CC4558554962AC2690DF6B6132D482A0BCD815332620D89A2DEF0
                SHA-512:BD0503E5B17079A7DF057170F5844ADE3CAC1742F75D4EFF0305A2677260E360C8ADDED164CCC8F29A05545AE4DC589FDB835BAB213A93BC6B05B5518BACDEBD
                Malicious:false
                Preview:.z...gp.7.F.i.....b..X....Q....e..4x.1.j.).G(t/......N......n.tWrQGU.P.DmPf.x'.....E.'......Qsg.G.........N{.J.c...q.p.N..j.xm....3..?..;o.I..]....A...^.w..<.mK..%:.O~8...t.BG&!,.Ze...J..j<.\Z..@...z.)..(...4.C..>..w`.....9G.YM.N..jQ(y.....B..>...<...<U...W.....y...u....../v...cq....15.n..T:r.Q~%...y...F.`@.O6.Zv.x!.L=...Vi..w..2E.v..k.~..k.a(.BHF....h.4g.Y.bl.J....1./..e c?."...+....,&cy4i..^.yt.DX....5..hes..Wfbft....V.vY.m).h.q.H;N^..f_{P.................>..(......4...R.A...`...<.<.].'\....Pt..+.m.....m.w.(.......egY.....B.........N+..y`RQ..H...kF.....E..9..K..h....#O.7?...Q...../^#.a.\..-P.t...) .-u.<.o....3....;..k....,...n.....nc.O...3.[........(/.1'.r..7.p.V460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\115__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.814100829572077
                Encrypted:false
                SSDEEP:
                MD5:A60E0B531DCA622FF2112F22FAEE143D
                SHA1:5185DE834A1237C2913B0F3652B47433A0AEDF28
                SHA-256:C1746664926B32BCA84D60B4EF7F981FA9FEC0FABB6F98A01E23571D1FA688E9
                SHA-512:15877FBCB8EBF4AAB72E5A9595FC1F3BA10C4343EA635645072177D80D632916D2A3DEBD681F3A954AD8AA413EE36B926249AD71361F25674359E9DF6CD26C6E
                Malicious:false
                Preview:J\w.......|$"..........+.\.U$.6._.....'a4<.`dc9..l.%[.EZU#..V.5...j.8....4..fZ.C...C"......3.z....o.'..|!...x.UF....~...C.:..v..d.V`'......w5...V{...1&........2NF..b..L...&..:.H.s.2x.L....5G.VC2~3..Tm:..4../...w..Y;....5.4.....@..e.....W.......$.v.}\..Y....,....IAy..}..mlRW.U.A.h.....$..}(Ay...b.=.:T. ;c c....J%:....l...c.@..w....'.m5izD...Q5.\qI}p.(..yG.T.+.8q9..[..Z...N.;.0+.T../F..:f.y.?.....Y.`. sB.p..Q_9.^.f.%..a.]2.'7Z...D..P8...I/.J......N4,/......F.4.../.j.{g.w..[.W.E|..d:9~}[.NIY5.&-.3......z<.V.......R&x.:Oj&.4.Q]N.%8..L.fM.\..y>c...O.@...Gkf0j....C#....JZ.C....:r$Nr!.eE...PF].L`.%`.. ..R:wR.:0....:.")b....].460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\116__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1176
                Entropy (8bit):6.891584682128642
                Encrypted:false
                SSDEEP:
                MD5:3072D161C01103AF44D73C13BA003CE3
                SHA1:091BA54608CF2D4B2EC1B1C54BACC66457F0D027
                SHA-256:4987D50F3BAD94AFB78E341FEDC742B50D36372FC343312D47FC9437731D779B
                SHA-512:736B88B5BAC31854968E29C7FBF29DD19C94FE219B0F56EF6076E8042ADB330F9373AEFE8940179339CAE0F6363A43E817CCC96142E251301F40A2B4D420FCB9
                Malicious:false
                Preview:z...7.~.M2..#.ho.K..l.....|...-......Y.\.5..f..._y..r..}h.....S#.<g....f...u..oTW.:.K6/...L.U.)...Vo.S......\U......W....xf...D.J.[o.....8..)...Z[m......*...i.r_y...*P...R.j..+u..w....n...;.e.b.cjfPP4/..E......T.%.3.6....:.;.................?.........g..Cw.#K.&.C..4t.F.j.2}2..s;.g..x..f..K......s.Q<z........y.....q.t...9.v....C.s}..=...../.....0...6..9...1...a..{J...Gly.7o.1.EdH...9..f......N.X..=.i<.C....&..@...W{..1+5.+Ca.`.%UO..D8.8..y.tK.t..\..lu.Y.m.&.}....&...S.J.:....2.C..v,)W.f?6....u.".^E...%....;.h.....V6j. .&...L..5T..y4j...y{R.@..)>'.......!....\.p:.e.........*.I........6c....P&......!Kc.z..o....Z.+U460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d226463

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\117__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1664
                Entropy (8bit):7.342809364277901
                Encrypted:false
                SSDEEP:
                MD5:1DEFE4026C09FD881C68204793DCEF7C
                SHA1:1743F282EC8B4D80117876CB5CB5674517FF2353
                SHA-256:B51DFA786D0CB73750296F6EEF2CE08F7E2864A07256CB450E9E26172CC5D2E0
                SHA-512:C406D4CCBFD10010B10E2205D27C44BCDAE3C4A55D9FBCB4A3C9DA4B34903131E074A0494CB50193CF3F4A2CCC6BDBB6A9A135730DC9A377CCF0EB5F8B9CF962
                Malicious:false
                Preview:.....l%#..mV.....`MUU.#0...o.m.~..B...u.t}.M.J....`.y.\c.`..P...@...n.7uu3.Z.ul[6././.i..,v..u.|..._...m?x...~.{...+.......L.vq.z..........1.wl.......c..M.,..Y.m3.o9'.......\.A..5..n.]H'.,jc_....O/..V.....|.....B.[e<1.B^uS.V.k.d........?.r.V...Q......q.Lu.]..8...Hz}x....N.p.#x.Cae*.......s..y.Q.eS.c${1`...B>....|Y".^..v.S..~ZZ.[.d.7.a.GL._lu....F'h.Gpj.$..9A......p...@M.t.u....!..F.f.R.._1.~}....E.W..T..Ac...lx..9.F(.&.p`*.v.M..7,...d.:..z. ...+{R.=P.]......~..3$~..}.W..y.G.<.R....67j.*.j';m.._.z}....5!y.{....7...l+_.[wbj.s.r.E....h&..r.`.Zi..*X.VT../G*/.'...h2....B.Z.q.6.x.d....H.C[r..O3U..nJ...Ys...5.........z6.+..6.T..V/.2.<...0.$...B.]_:.....?.._..x....Z(4m........._.'G.."......bj.x....O...w..k...p......m........@X`V`.v..&!)..9/2.q.,.5...S3......9.S}.hC.]..{.i0...~iF...&.@N...~E......>.d..$2E~h....W._._R......N..JC.8...b...h..(.....8#.u%.Ps.L!...|)s...e.w.......$.x{..q.3R.%./...TL.w..k.."3.I.y.\.MY%...|..~..7......\|c5..4y-.Mgk.......

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\118__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1161
                Entropy (8bit):6.884657385409182
                Encrypted:false
                SSDEEP:
                MD5:0681758C812F8FB98032BED50B98DF72
                SHA1:E33F8769FC54C207A93CD132F411A6E359B39B7F
                SHA-256:BE0D6F0BDA66717C484E2B45ADE58FC7B5CB08BCBFF099351238D44428E2E3D5
                SHA-512:168AEEFFCE34B34412441A5E00F3CC104991AE1677A786AC073F2E1F5A5CC2933069D7CC7C576B1F90DD0E1C65584CE51A5935E1B96F68F7833883B46104EF69
                Malicious:false
                Preview:+.....i..?J....u..^.2s$....P+.`...5<.^J..mms......;.....c%..<....)Sn..Qk..9.:..!.*....+.8....G....G;..i.`.....:.&.V.Z.SK\......M..........O.;.8/..x.."{...3..`.P:.L.d*bc..9.)t'.|..L.....i..*L...N2.!>...d..h.O.5.3.X...W='#.....>3...=..F..)...8P..o.@.,=9..i@..?.;.?o ...gn...Ai...nNe.'.v..FBD..R....!/.p.%.P...A.I"...........Ya..J....}W.[.x..O~A.\B...n.}..gd.|J.....T.............|..j.....a............u.....i.K...G..G...%.#.../..*.4.t.8U...W}...st.k....0.mh...\..Z.#f...7]...B.D/X.-.m..r.W.............{%......@.C.t...0....n....+..WB{....#.iM`.o.....X..B>.n....a.8..:..X...@......z.E44.........Q...oA6&.>r7.'460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\119__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1247
                Entropy (8bit):7.030244045015699
                Encrypted:false
                SSDEEP:
                MD5:9521275CD807864C6839327582D7029A
                SHA1:E8EE4A38929C4FE62E84F9BBE1D7D4FAC8A43060
                SHA-256:09E948F4CD302F823CBD30DBD7ADF8A942BE08E1DCE9A109BC24DD978172B613
                SHA-512:3A17425F01FC80B083A17E92B7132B155E75441F93738C9CD1E0E0EB965F2E44C79BF0164CBC20C6FEBBACFC6A63C351E1C249F55F91C0180EEC31BC706D0318
                Malicious:false
                Preview:>.....b9.......@L...u..............]..D.........<I.%.x...N%.....2|....:5^......S1Lp.I........#6....areUA..T..C...C..c=..)...!(..>%.R./..U.a.zc..M.e4..L.s...l.:[..n'.x.J.W<}....=.G^kF..pY..f.Qs~.KF.;...;..B.....(A..{-.V .*...Z.....<..J.}.r.8.0s".T?..-.....KJ..um.....t...`.P <MTM.X.U..X3(].M.j...V....*..9 .......t!........,..<.?FcJ...W....}N..%#~............l.M.W..%.\...B|.....}.Vg.l.%.-k.a&.+.....Y.M...8U....L.[)sY.+.#C..{....*.....l.^....R..h.......O.Yh.^...j..........W>..p4.hm..9+.........._...j<...%.c76...@H.k_..v4..x...w....z.&..%..../C.@....[..v:.......iP.....G%.l<4.......qT./..s.}....#y...}..@.5./.gZd>......D.3.h.....4..#@.N..[...j.......i....mBD-....4Az.^f_.b...HR.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\11__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1790
                Entropy (8bit):7.442567304398706
                Encrypted:false
                SSDEEP:
                MD5:62BE5DC8009E7F515D834006C85FBDD8
                SHA1:1A8C6C966F41973BF0D0E8F28A7D581FBFF3E3AA
                SHA-256:470F68929F636C4D30E2A09A974B975031D5A48A3D30C656355C2D7BDE46AA14
                SHA-512:6440D4D713826AD89AC51A4B1218EBBFBC63B3B96189D70F35B8C20F4AE96D05032B250ABF812B34109846D686BEE85A9CC32908388CFC6EE3C20911B35F63F1
                Malicious:false
                Preview:kI ...............z....Sb.2T..1..:.L..l i.(..v]......N@...OB....,..S.oAp..N]K.../..V.i..-\..../}..!F......>.-.[oK...ot...<.....b...wXU....h)`...[._..i/.T..f..>.m...VI.#.....`1n..MI.....q..b$~..t-:.^9....|.....Q.Q.L...=R2.L....c..E.*l4%|.....a...8..L7:J.0 ...`..*.Y..y..~b...J..Z5...uU..sv..<-M..\..R...;..X..\...W...a.4'.s. ..R...5_h.dZO...09.b..+17.J4.AwBp.rZxX....G.ztL.}.A.l\....7..w.`..w..v7.lA;V%.wIV7.QR....\.:\.H..7&.L.)Y..q.....[\--..:D..;...m..9.s..wZ....l..8...u,...oXm.oy...k..DO+kP>@=...._,D....'..[......&.W.R...z4a*....V...........3Z!$..2....C<]....'.j.."..H)..>.*...K/.Z...1..p..0.#P.T.2.re....s..h.6?.....R...Gy......_.T^.oE..PKM..t..OJ..g.U.........=.g..{....@Ak.}U{.B-B@_.'..........u4t.0..T.O...:......9.!.m.V. ..e..[.hi.W#.{...x.O.. .].c.....r[.`{.!..G.).......I-z....k.2........?.....9.o.[...N....-.\.G.W-U.....x.....A.....y3.B...7.......L.^f*...........w.s.,b.^..[qvv...Z..=h.]3L. ..!-._L'...Z..m6+r.........<fl'2......#..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\120__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.967154110234403
                Encrypted:false
                SSDEEP:
                MD5:EBDFEA108CC47D6CB242C72DF370F8A6
                SHA1:E26EB39AB9E0FBC3ABA3589BBB048B285CFAE014
                SHA-256:7F77B2D42BD246696274AF035962BDFC541EF5F95C300FC848D966E34E7EE47F
                SHA-512:2F56B115D33746AC8EF5DF72F7CCE9A5FB9AE89D1EA3EBCEB7344D02D81D45FEF0A32BB9B1B37F0F0CD2397C66FCD06A3B817C12D8604814DFDCAC7D653A6833
                Malicious:false
                Preview:.md..C..6n..gDi.M...]...XQ8.....\s.M..M....j8..P...P./{..A..Z....Y0+.(..=.$.-.z.y.").........I<y...d..0...|Y.S.}I._.N....h....d...^j......;!..e.T..gV..f....[:W..{."c.9.....1,".!....v5.w...?c..........v....$..C......qV....T.&.....La...|..P....... r?d.W..;.Y.,TU_.....Y .f..Jt......bW..:g....d..k.!H9.....J...;.../..7..Gyc..]O.xS.rB...[c..*u....(..XD0.....sR.n.h.....{%.e&W}HWJ.z9...E.kn@....1....vL_.,.]..".?0...G.D.L.{....O.|....-..#.e.R....Lc...pl...."...'t,.!jh._x..Y...S....M.c..N.;q....|l..f....u....P....+..hw.......06..vn....0.P#5..bg.x.&..9,um....G..a..6;....@.Oa+W...q.nH.._..[I.&...C!{.P.,R..4..yd....(nv.......}f.(Q...&\......`...T..1.U.&.h...2.q...-?z...G.b:2. ..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\121__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.749930942740958
                Encrypted:false
                SSDEEP:
                MD5:96DCBC08F5D2A20986E28856CD84BD0E
                SHA1:515BBC813CBE3CC3DFC12375C5BA21D16ACC5BB5
                SHA-256:2400DEE2B09BD00E34AFFE5C40CD822420F75F718015C3BB3DB89715897F9698
                SHA-512:03B4BDDE9327CBCEDB6CB5E2939824D171D27461CFEE08EBBA49C077E1433B9BC0E545236A76B24447B81675FB16538F0BB786F9FE316B3901C4A9752A9E127D
                Malicious:false
                Preview:..e..2....fAX.]f.Q........b..J...Dc.............D3h..N..@.;[..g..\...=..H..b..Z..^;Bf.<..*;.j.&.y..)E........Ko....xd....@.^.{..!.E?.1....n.....&....&.B7...y..`iXE..i.g..a.2..Ee...`x.\...#..9..h5n.'.......D.....b\G&..E.=9=T..Zp.8.....6h...q.. .../S@}%.=.(.N.8.8[..7t..;..X.B).T.pM........H.u.q.Fm.L............}..Y..$..|...A.ev..9?)sL.fz....T..>cT.....u.>.(.......6.t7.G...V..fk.&..0...'+.5.....F....Br.?.^..!.+.......`I.v..#.....Q3..........V..!i......o2e..]..f.X..w.D....CLW.....!0>7.U.@.*-.XVn.p@\U.....]i.?.T..........y<..Q8..L....s.@....#.qZ460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\122__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6502246729248755
                Encrypted:false
                SSDEEP:
                MD5:19BC15596E9CC5A533E03C3644F5D1EC
                SHA1:7B720C1A152931B332803DAD667E8793A762D6A5
                SHA-256:3C0DEF8E569788F83AA100B0B411F807D995A7420635188B748FDC95E5C79952
                SHA-512:F9CE192A07B670A94DC5253B0EB3C21F77410BEAD0A1756D8E5E133D39BE26380903D3A4568A21C2D4BCEEBFAFE47F4C9690ABA7E7EB09812C9FA14F74EEC606
                Malicious:false
                Preview:.v...`O...<..C.......c&..%.......).....~..*H......-...{.5s\....#.4c..P......<T...h...Dn..P...<:...bU..,..gD5\.Q[Y.9^.........W......"3....7..CS..U.-&......3es..,...\N.R......1F...4..4......t/Vx].h.A._..H9.i..M..........I...Y.>+.D@Sp.C+. .@..s9.....!n.@rY.?...|.._p.V..ZC..17......C..0.aV'........E........U.A=./.~.|9zQ.I......#C.....2...;..F!.[5...2M........$............*...f>..=.:/KU.......6...\Xo.\)).'...]ogN.v.%x.......\s'7..d.fWLE..$.\...7..c..u68...Q..m\...._Q.7..-..V.}..2*.pP..3....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\123__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.4470440598019945
                Encrypted:false
                SSDEEP:
                MD5:A5B72C02DE38AE3578AAA3CBE17DC2FC
                SHA1:0DDC79B950E3EDF922C5D237AB9939BDD763569D
                SHA-256:C98158273ADEEF62BC3921772DE5B1E9BD5D884C66D467017862AAD88FCB140B
                SHA-512:0AFD43C234DA3B2580BBFB53B630BFE047655DAC9CEE76712200ECB70D0D4DDA0DDDF47D184C6F1FCE42725E3C948130DD203250C1B4F1C41F091AC3F1D0E595
                Malicious:false
                Preview:.\A..{c$Jo...`.._..?.{jr...<d?)..Q.\_.:...>..o9_L.1..q.Qrn...K.z..0/.:.K.'o..V!-"..g...P......3b..."....If.....n|..+.Y.j.....bu....`E.y.v...._C8.....m.)r..*~r..<......T.....y..\2...p._u.Q`.b1X..N."._y.%c...b.!t.......U.P.P.e....I8-?...k.5..L#......M._+<.A.3.CM.......m.....].i.(.3.0\iQd.Ey....?3D.n...bA...El.."O.P.%...W.I.*.j./~.E.^.....T?.4..r...Fpm.S..w5.0al../%D.W.>.+..........#.e...:."..>..j.f.y.K.#.U..L..7...mGK.L.#H;.5..|k4460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\124__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1382
                Entropy (8bit):7.1266504393274355
                Encrypted:false
                SSDEEP:
                MD5:94841D43C168452602E63E38F50F42E0
                SHA1:8EA610006214EF88E52276C90FD56A5AA21F80F5
                SHA-256:922C7B8C8087A3DE02F4A6EEC59F5FB7B6D83036D8CF616C360B324B1577E34D
                SHA-512:DDC2EF62DC163457538A4ACE6B9C9B7E5C9E65CAA803E6CCE75283F44F75F13FD68378A7910BA23B895E6D91709894CED39F3392EEAEF09A8D2C596B9EDE53FF
                Malicious:false
                Preview:.}.Io_...,..\........w......G.........s....n,q..+..E.\.X.b.{..^..J.......F...9.s....A#...'.....{....i{:....A..xH.... ..x.....bi.Vx..oA..h.,t.K.@.g....,.y..cP....wH.......n..q...b.X..c.E.d....T.%.{..}.=R>.i.+...`d...X..........13...9.k...~...4..d.........F.(2.Q.;*...H.z.7.N.?.x........g.4.*2...b..W.......S....R[<...X.~?3}..x"*.ywO..@zr!. .......A..x.tB....7.r.2.....Y.%......nn.B.2....9#....Zk.Q..*........@F..}4.I._^...4z.u.M.*.......T~.3(....y.$..4.[:...v...v9.'...../oM...j.#.m......MD..F.......Z6~...E.....rWn....4N.q..6..b.H.a...K.=.@.#...0l.....Z)R....<........|..q....dB\h.%..............S+ji.alB..........qm..G...bXq...].B.8......0@.7.m...r#....D.@..</.."....7.../...B......m..1..<.OF\.. ....{#..b.....~B.n.....b5.G..u_E.<.IWe*.i..d...F.D....w......w..YF.4xZ.......U~..4.#Cf..=.E.bX...a9.b..`B.F...EdtW.*..1.ip[..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\125__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.998573222496638
                Encrypted:false
                SSDEEP:
                MD5:70A438B8F8EF9CB0F5BEDF1265C01C6B
                SHA1:D5DE8A5F4132CA144FCD6BD1AAAF326B4116A5FB
                SHA-256:55435700238F2474D43D9DF9C4B63463D485F94613D2D00FED284B09C047ECE8
                SHA-512:724B33A62AA7CB5E26B8CE64EAA145F7E88AC5D3B0B75122B53D8194C568BF48A96C45411360A0DB327C95700B8226493CCE995EB97C1D9426318AB09B3521B9
                Malicious:false
                Preview:.&.#.....S.Z...X5ON.....(q.1.......w.Y.....<..'q`....>,{..3rnp...t...lib..#.']..cz....u7\..xJ...Y'...)..1".|....j...j]....l.$7.N...1y.q.C..eo..mPlU"R..N.b.}..d..!k..|f.p.G.9G.zw...P^8...#.m.e.....e8..`..&.{...Pj.).....&RR.z.......O..L+......VU\..F..}z...d7..yb..9k..E`.a....G?{4."..h.Ex..!B.Z..r..OE.!.U@...c.w....m)C..^L...'.R.].A..X..E.u.....M.W...}h#.w.y..t+..V.F..(rM....>.Ai(.......@V..!....H.C.q..<...C@....b.....8g..k.....|...W;..R.;.Z.....j.wg.81.n./9... .......2.k.X"4]........O>./D..Tt..4....^4hb........0.G..y.1?.%"N........n...T.8......v............Q......l.t))..^......T.#[.F.."NAx.@.h.X.'0.......[v.......Z.N.H9)..p.2:.2.{..*Q.kb[...p.S.f...:...x.I..%..)..7.H.M}.FVT...x.`..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\126__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1705
                Entropy (8bit):7.399737199685107
                Encrypted:false
                SSDEEP:
                MD5:4B00E30456E239F6C29D9345FA7A57B7
                SHA1:1EB76FBDAFD93534F9053C90B4D21F9DFF141D52
                SHA-256:903D76A648777390469B8C091670C0CD1BFC4E4704347FA8670D63F700E8C199
                SHA-512:1D30300A01406F9ED1C3AE9779F1C2A39709D34DD10B3F719ACCD577413224017396D973161F7922538B29E1A4859EC2BB557EF9759768653B3FEE650D0D7970
                Malicious:false
                Preview:..>;W../...p....&|.Y.#Q.<*....l$...]........e..ts....H....;.,B)[.Q'.l.L.....=;zDc....d..qjr.#.w.......&.}.7.r?S...{......aTG.`';.....:.....@....w\ ...w.G..A..-.]t.... ...~;9.C......5#mEp.4n..6..}..i.J.......>....*.s.p.....2<=..wK.f.....?k.|.....f..........grO0.g.q.*mR.........<hm\\....%.=..{@...P ..zB....:.&...z2.|9*..../_..V(.w..PE.I...}l...L-._.D!.c.......a.Fz.!....'..X..H.v..0K..*z.]%.......(.=...#.`n`..........].{.J..d.s....?."...@@.tDw.a.9....~&LQgo9h2K....`=U4...o.9..c).uV|!6....v.<.$I.....N...[..=."..W........9...3T.........^.e..lh.K..K.n..v..$9U..C...J.*...&Z.a4.Fg.......k...6L.A.............c:...a...K...*.....xi.7...(a...E.....:..0...e..8..._l.X....U(.....\q.....z.!....|....u;N...40_{.&.F.~...=.K.m.T.\.6...g.....$..V....*..........%p.?3..r.).......f.#{Zt%....K.....].....wj.V.O.7.&oGz.L..y.....xL.....h_..^..y.......v....r.#...u....{.C~/6X..|..!c.t. .'m...t&..E8.:....._..........n...pr1..J.g$....9..[+..mii$z1%?c.w.....Q.~.:.....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\127__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1249
                Entropy (8bit):7.011818552687888
                Encrypted:false
                SSDEEP:
                MD5:1B17C68DEB1D9863F96B3DD225D1EF32
                SHA1:6BFA457382AE057FE0220FD63C35786D3B14A4E2
                SHA-256:C1D4DE7630A07228E19CD95AA831072A70C3E97A86F6D0D0485AFFF3F735E900
                SHA-512:1CD885578406AC1BABD42B3A8610B6051AE189D920E5E64C1CCFBB1B159F1D4A32D42F2FADEA4529AC0636F1D8D9D59B6BC836B21B52141121619EB362365B70
                Malicious:false
                Preview:'(.hb...Yj.q74..R..P..uJ..I.~.x.....S....".o.6D)...\...3.......?.j.4.!....&."t.>..y...M.^h..}&.R5.......h../}..s|...m.&3.;..`...u....Z..R.....B..-k75.i..w/.......1..x4,.....K.s...~w..qQ.I..1.|...G....@...'..l.^L.2.N..f.J.-....Gu.B....U.$.:...xW.yluXV...j.d.B.<..'<...xt."..m..Q..8&j.S...<.F|.;.p.Qcjh.}.[g...1...8....D..........V...@...'...A... .........e.....Y......4.......1.30..z./...<.E J..kqn..<.Vg....R... ./p....3....."h{.y$nF...x..q.Qd..%8G... 1.zF..1.>h.....;9.(-4,.......T.o..,s...r....&....*..y.S.....4.2...I.=.[.rZ.%".....0..r..|....:....T.!...%..o:B.o.....|.I[KeM5Y.~.}.P~..t..kw..O....`^.. ..p..._~:9;.1.. v..=Z...8..E............a..B.8..o.J.M.[.......c.r.......9+....3.=+.j...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\128__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1711
                Entropy (8bit):7.379553468561668
                Encrypted:false
                SSDEEP:
                MD5:26DCCA96855A68AD46115D36135D93A7
                SHA1:0739369488412D59D8320DA9D8D0F3457C12F91B
                SHA-256:2567B79FCB3930B3BC0104F22E229F41DB2370D8260DE11933A7C003F7613E29
                SHA-512:091517C5A58BBC482B0A67FE4895DDD693903559FAC8FA97B693103DEE841E1C8A629B7D1C328245E7DEC910C74E159C38A923537746239D5CEA65A4CD45F2AD
                Malicious:false
                Preview:....Z..9y....jz......dFQ`.xF.e.GF.@7L..a.d.Y}..;..k.O../.(MD......0.#.U..0.m.8X~'O.k.+b.Lp.R..|.$iC..."r._G*.H....!........@.....s|..].X..j....}cnAym...Lm.V..l.9.<0..t~h.0N2{.#F.-...A/.!%...>M3P.~...@flF.b..v.`m..e#.\.1.M.v^kM.]....`gc...t.Y\.'.....7.t)....7.&+......".J..9.4....s.w.i.C~...w..C...):"..s.'.@Te..!u..\./._.R..z.XsX. ~0...=%....u.]..kmJ.:.(.P...#....|.g......d5p..5.R.....1a.../.5...?..Z7[.Z.d..=...[-........Oh.H..C.....` ...:.p6...!..K..EU;CL.)qx....V..V..Xl%.X.]Q...O......\..w4.fO...V....z.....[.........1*8.M..H.L.-.....r.A.....{.o...t.A.A%..d..?.....Zq..w.!`..FL?.E.{..m\..o....B.$ ....*99zr..4.V......R.z..uZ_........p.J.kF.....A.#.A..X...)...9..{....`...uq...W.I.jL!##.c.....#..........4..'..?....u/........FJ.'.v.8....HW....)...)x..bx.!..{;.}J...Vn.b.a.....f.........K.p6....C.`...S.8..^.8...(....H........."......jhq..U.+(x.C..2......f.NK.....i...&i.s.b..........e....)._.......};..k|...;vr...<.....A.FTDsG-......Zm4.D....qi~!...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\129__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.792887706417438
                Encrypted:false
                SSDEEP:
                MD5:088ABA3A4CEB921FFE4A0D6442E575A0
                SHA1:8DA3D0FA387F8F151246F7EE0FE6A63FFA63C298
                SHA-256:FF33A74194153FF192408CED86E3FD18158F735BD059750097F9FF426A24651C
                SHA-512:DCEA74EBE2468781C29342ADF583BB6B855E566883276447193F944849A0AB8F47FBCB5DCF612BE6D99D7DCC5313D9D00A0D8AB10B72FE190E03C12E9CBB63CB
                Malicious:false
                Preview:.G2fP{../.bcOML.Q36.6..r....`..{'....._.9.U~..Si...|....x.. ......?.....)...i....;p....j./........,.Y..&/...w.q...>.=..*~..K...`...x^j..C4M..I..'yp..}.. J.&.......h1......|..g.zD.J.Q..m.".............$..1.?l..P..A.L.....y/.%.M.e.Zt..p......+"..l.k...].Y-D.w..(S.?b......UV.:....q\..`.1....]........._......H.m.t&..T^...V......~.o..t."..I\5.O.n..i..x_.G.rT...p.Z..x.:...(.}..g..W.o...z6w5N..._:xPrl..$....+.sC^..0.~,.._.5y.C(.)}.Q.g..[.$.s.........[.:...U\.w.N..@>....*]ba.B..$o....4izN...v{3...'A...5...Q....vac#..]Q..^X........A.R&.vv460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\12__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):984
                Entropy (8bit):6.516513073223581
                Encrypted:false
                SSDEEP:
                MD5:6BAB016EDF73C3F648296A2779863314
                SHA1:60933A385D5A2C1AED09B635D6208A3C87F8412F
                SHA-256:0CE001B110B910F3832515101A8A079B9068A3BBD435CF27CF55E099DB91BECB
                SHA-512:F4C932906456E67A3EC2A50B60DEA2809D14E8151F8EC6839A3AEBF1CC76D0E6789FBA3CCE6D24245485988D9A33248DEF1BA695DD427CF383F9A90210C3152A
                Malicious:false
                Preview:\9(..=.h...+.."......?y.,....>.3D...h..L...B=.EZI.f.f.y.|....)4.....KR...dnQ....K..b....... .F...,fK..4.U.X....R_....b.e.0.c....H...z....&.R(...D.........g....{.F....0X'*....].....4.j..I-#....;...G..6..Z...v..Y..v...".t.y.4..$)..'.....Q....).w...3L*X..q.:....=..t..1.....~.U.F.&....$l...f.........,(;.y.....=./O.|a.]..o(.m@..u...U.....6....V.{.+@D.9.;.,=.!..p.Q..#_q.*..ce...X..m@E.{$U...o..V7...5>.BN...r.L.?..Kd.L..*'x.....5]..~..bQ.S.Mg.P....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\130__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.673373682971205
                Encrypted:false
                SSDEEP:
                MD5:9DC7FEF90BA9F77CC460C0469B783337
                SHA1:B48CF2B1DE48D129359062D5BD9003E57098F053
                SHA-256:F5A6A330CFBA9B107ABD79825AC7EEAD4149AC2FEFADDA32C4FC23FBBD5C23A4
                SHA-512:BDEF5F1AE556C459E967A1DEED3309AC35E52BBF11990152CD2F7241B2BD9ADE3562571B7E0D1CC3E7F191B8AC98AB23D8805A4039078A666DE42953C3CF44D3
                Malicious:false
                Preview:...TXcX.W^]`x.5.s.$....n......c.N.2}...!0{....H.W~3).....Q..K~.....D.........%.V....T..&d.w...?.,...1E....._.Y.D..=.7r..D%..5,..Q#..6i.....Z.`...8:.P.z....nLZ....''..?.j.....0m^..I.(u.|..m..T.5....t#Q.9....6k.w.P.lVJ.h.=.w.v..hT....a...@.br...<...{6.Tj...|....=]6.....U..I;..Wp........,.>q..R...;{..Q.Mz...._.o....2..].....A.@T.j....)._.X.e..l.r.J...U.(].L..q...k<....n`*..^...k....9..f....w.<J.-.A...x>.6.4..).=s.o....D..l...Zn.1.E{.q...gf...1l....=,V..?.Nq.....V..0.Tm.d.(5.:....M.}6.l....'l....i......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\131__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):6.518563552141952
                Encrypted:false
                SSDEEP:
                MD5:1B3C57E5F02CE0D430C30D8AC79D21F3
                SHA1:8659FAB2FD2ABA74EB365FF83398420B221FE423
                SHA-256:FD095DDCAD71F723714C15677E9BA0B184E1763CCE07AA3F972208E8CF925AE4
                SHA-512:7096E43A42D59C240883ECB7086B26A8DC9053F7C455718647065365D0A0FF5927FBD6A4BC66F2EC89EA404C11F67C73193F5DAAA593C48381C719DE52816C7A
                Malicious:false
                Preview:.<.^..<...8....j..I.J.g".....@~&.^l.U....b./[@..H]...J....p,]..<....U'.......}W.<[.J............./.,.JU..].....8R..f...g..P.......E.V..-.z-P{Ki._...z..|C.R...../}......+....C-.*-,.;..E.M...GO..~.o.Mz..3...(...b..[@....v.t!......L@.[.4..G..R|..8X....S..Ya"..|B..h.....Nq....)%...\`o.....R.......F..r;..M..5.H....;.... /.c.L...D@...".{.%C...1lB.P.7XF{....Kk/=.i.x.2..00.q..c#z1..{.-.l..0ii...K..2.1...u. .Q..Z..d.....4<k....Z.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\132__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1235
                Entropy (8bit):7.00932597654549
                Encrypted:false
                SSDEEP:
                MD5:91DE436122943365CE84C6351A049C06
                SHA1:0223354AD84475B24F4F56F6A8453194FBF14530
                SHA-256:8684A4B5C52D7ADE67136581493A929AE6075B2B74C28D7401105FA050ED1E3D
                SHA-512:6C47FC0F3AB26B4550A991D1BB949ABBACF587A9148FE0C4DBEBFC07D5F3E6CE272D87878C87E05D76A53BA15772C8FF9E75AC70D65755224767F62FEDFB2433
                Malicious:false
                Preview:...1.*..V....C.Nk4..jM......D+...!.K.N]....>.2l'.M..hV..G~..w.u.7......Z..%..i:......3C..tQ..f..dr....Y$........H...A.............%..@......m.s.....%...6.V.i..v...@.J..A.>.q...O.......K...K.x.c2e...S}.hU...D....I.*...&.....n<..D.I.[P+/. ......[..u....J...G..M.Pu.S......(...!.B}.#;$..1;....D....o.5......._...{..F.....Mr..X..|.l..)..fEFH...*.. *>....f.Yt]./N.k....?.....~....s..QRE1|.8L'...[.(cN.V...L.lo.a..r.3..._../.<f..3y.?.S.N....=..=OP.`U7..{..<.."x....Q]g9W/.(..'0..#=..Yy...-<./5..R...Q.4.W"....F#q..c_{...a.*..)R...\.q.N_....,.......B...J.c..0i;.u=)%...e5.!....I.._.........#6T\!N.n.....J.._..Z8.;.._..@...~....p9......c.3..s...=j.f.F...V...u.*.Xd.U--.A/....~......!.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2feb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\133__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1702
                Entropy (8bit):7.393613613471589
                Encrypted:false
                SSDEEP:
                MD5:8918C6CBABEEA402FD4C118E51252976
                SHA1:6E450727FE29B910443B32E7ED9AF8E725367606
                SHA-256:B1EB884BED7C84EDA573C540E61F239FEFFF181C3E4D32DC2FFDA702B98B2D9B
                SHA-512:024FFE38952BEE9976F244F857B2A7FE91C2F33100F68ABB0868B05B586CE5058A43C233A263A90CCE10FFEB0F86A9B252E1B6156C5C3DC4DC17C3B55245E979
                Malicious:false
                Preview:b.y.!gp;....!y.;.V-....W..........r"J......e...w/.k._%.[...^.;k.3.; 81f.w..X...i..2h2.MN#^[C`9.L_...o.^..D..$./4@._.5.MN.^....'5.....+G.A.$.....B.`..k>M.*.@.(}.o.jJ.j.u.+c@'.e.%~..4.[..i+w.X.e......c...X.bLA.z.:@...T.W..........."|<...H..@.L.....#D1..2.]y..|3..;c.. H[.....o....K.E.!.D`.ay.-..I.m.XB.-.g.P.-.nmj..u..B.....}.......3Q.....-.vq*W...Zx.,..R.:U).S.....b....-...........CBZ~.].....s..MJ.,.vl...F....?.O. ...#....pbv.r..........A..fF....ZQS.$.pb.$...zb.[.t.a...f3..|-..fa.>.ZE...ZN....e/g..)%u.-fqN...y`V*..!..L/q...3.v.-....k...0........~'s..Z..+.)..n5.~.q..3..H...... .....j..6...K.S^..<.B..O$.*.R...X.>.TMI....s.iHG\.'..[..e...I>$.H...........G....G..[G..;... .4*1...6+\......v#u3...t..h.~..9..`......Y..~..|......4...f.b+Y.&..>....Z..]c.ne............hl..J..^..vY._..HK.I.*...\.....(R...RcxD..rp.......U..w.....]S@m.v....7...%.y........fC"H..tw..HIpY..mJ.).....If.i...G.B.4.Q..e....+...*}...oxm2P.Yan8......A........{..2....MH.q6.O i.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\134__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.716346943868309
                Encrypted:false
                SSDEEP:
                MD5:976F5382B432803302F0CC01220CD2CE
                SHA1:A9E07C53A9F7ABEBAA1D4746C83797D425D65DA8
                SHA-256:5F33A563F7AAAA156E598A4D104F2E8B404ECF2EE8B0B81979962186F65F627B
                SHA-512:C0826197B7EE27644980566F5A0AB900E0D75490CF3B47DEE083D22D5D1ADBC52DACA59CD7B3ADE21B33EFED4BF9BDD9F4F4D4E17A371390F8C37F9B9BF637FF
                Malicious:false
                Preview:dnt..c.....=$....?\.... ...(.Q)..K7.f.Y..O...d.S..O.1>...?..*.R5. 8R..wv...u.X.e.6'~4...h...n5M)Sv...B.j...:.M.Ck....F..@..p..Si...5.\..._TtF'+.....9..&...@.B.p..Z4/.!&U.7..C\.)...t.....I_?.;h..U..T...9.5.E...L..J2s{..m(@V2..rI;.......W.........5........ ..n.v.... .+.!.+.A(..{O.....=.~rY|..=...Fk/..Q.o..b.E..(....U....C....F.I...M..N.....Wie..?...HC.]= ?.]I...fO^Y...U.....xo..6*....8)t...(.....\0?\......g@:...s.,jZ..:o.h.?.~..69{..f...+.S@.......J..vg......*.OM\=..Q...&q.....>@0ri....i...........1...AR../..8.......|n"....0.c...+...jS.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\135__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.661180765586076
                Encrypted:false
                SSDEEP:
                MD5:CA8FDB1030045B47CB7EB3D6C3E763B3
                SHA1:A0B282DD71C2AC3B21769C2F8214A9D411E04B6B
                SHA-256:6EA96BF8BDBDFD52A7DA79B6260884A33FE383071CB9A5F15A43AB04D8D831AB
                SHA-512:748EDC01FB47EFDD290C9EA55EC0E70DC33DC9AC208A8C33529E7AE357A8A10602E0DCAEAC8B6346008EEC8F132B600E9971FDFFF097320AEE0270716B2EA7FF
                Malicious:false
                Preview:..L...|.....&$..B.. ..........q.!.:...<.J..[...........n.(.I..KF..$a.B.vt..9.Fw...DU.:s3q&...'k...1...........zP....<.rE.mh8\B.`.J.8R.j.........A"..4.h.T.d...`\...t..HG.r.&.............v|6....8.<f.,..qp......r.;.p.}>Zh".Hme.U1.,v.E6.{...E,.../E.g.... s.f^m...P...,.ddLOt!..2Q..j.G.............8g..W....[...h.K../.....*...:C....x.iC..D%..v...x.....P"T..W+........t...7..b...>9.....,<..v.>9..4.....L...d..".,....I.eS..()...)...S4....[.h..Is+.y...A.%..@.%L..D...1|.B.?b.....g.id..-V.....k.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\136__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.392488094393706
                Encrypted:false
                SSDEEP:
                MD5:7E32A230A473FF2866714E4AB14745AF
                SHA1:17DFB2CDE2E4D805992475B1E0E1E0323A239756
                SHA-256:2415F9A23A7CD9C827B4B8AD164C17EFACB33EC3356B40E43920F419D7CE81F3
                SHA-512:3DACB43AFA49FE07C3C1F6A66341024F5F3215FB3B4918C407877174730B74911A1299F195955CCC7B284B75AC0E930F4BB06BB534071DF362809F187A269639
                Malicious:false
                Preview:...x.m..\.k..Q....x.... *..C@.L.3*@.<:@..O .d)..C %...`.O.. jh..a+..V.}u.$W...c.b.+#`.....j.W.P<.....d.<j..[.......". :[.^*7"N..hj.=1...<.......5...Uy.A...iC.l....|.s,.Y.x.R...Jn.<...n..==4hQ&..5...c....`VD...P.:ed....C.[9@.s4^.8....../v..&.O.y...g.anRF.0gI9./..!..`s1"...I.V..3.hI...)......y......M..<5.e.q.fQ$...ZT...).....O....f.x....g.,=f.....nD..q..}..(..zT...0%9.....N.......w..M.i...5.*.A.|..a.c..(Y4.V.)...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\137__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1702
                Entropy (8bit):7.361171509980299
                Encrypted:false
                SSDEEP:
                MD5:9E38B048BF87D5AE83BAA800869E7951
                SHA1:A5DF987E19ABF86FF7EA84523E8BEE91501FCAC7
                SHA-256:D2569811C136093705B99AA7AB60FD683DD2DA433C577E02EE72F488DD539C0F
                SHA-512:7802EB53EFCE6EBBE6683391F62E6222473628296FE23CA23D973C2063FC22E01C430D9EFB616345751A0E7BA84EAC46FEF1303AF5574524F3896025473D7139
                Malicious:false
                Preview:..]m..g;(......cr.;..!..Sv.d.]-.f.k..?.l...s.{...\...FE...^....9.2]#\..U..v{.j....Q9.E...m{.P...,........`..4..eg.IcS........H....0.....A..X..dZ..0x..]..M.6..b.......S..Vf.5<{..P{..K.S&BD.4;. 7.eM....[g)...l3?.......T...'U2.....%.U.rS.Q.;..3*...8.9.=L...1j.]4q.p.$[Pb_...=.E?....3.....7..(4s......Y..}.....wgG!.}...yop.X.2A.....r.....|.>Vv~.oV.F.aR.S..Mp...).3B.._G...R......D..=.1.U.O...t]..[..T..7u.cq(<.^.u.:a......sl...M...-..A...-".&3..x..Yj.(i..8..;.\..T......KI^..}...m~.Ol_S>.?"nj'....F;-..Q...q.".Z9.t...L|..F..e..c^2...u.hb..G..K5.=1......+.>Bv96.R..).}".D.s8.&Ho..a.b.......8../s3hf.VB8.\..#..yl.f....{+..J.6.U+..kQ .J.:.V..P.5.[!.:.}........Q....c.x{......3...D......RP..X....?&...........Fs.....#...3...T.#...q.8..{..X....g0...R.Elmw....oR.t....^j....mBr...DU\....9c..!...m8.[../..c..0...A...RD.....!o.c.>...Z..X..n.....5................C.Bl.S&.oC..."-\.wx%......>z..........aK..G#.Ti,FW.....^.Cy..h.A.kfOW..Ji...^.Zp.i..F.n`x.................

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\138__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1646
                Entropy (8bit):7.352177089146681
                Encrypted:false
                SSDEEP:
                MD5:2E82228D710A782BBFD868EB71B820C2
                SHA1:DE4C99CFA87DBB212D5B5558D14989C5B8AA3C2F
                SHA-256:D726692AD312870EB9B178CB6BAF50904CD11EB987CCE1C54F3E7DD7FFE2237B
                SHA-512:207DAD401A326330381866133324BFADF68F06122F6AF5AC02BE61F05DD387685C9F158E7F1AA159904F16AEADE30893517B8DFD18AD126698A4622DE86EBFA0
                Malicious:false
                Preview:....Y..m.M.[Cs........_.A.b.{.3s.4.^\....i...D..~...\z).W.....C..Q.C.Uf......~..!f.TbZ6.K..0...*...r....g.....|.qK.f.XW}..T.......0(....^jV....(~.x..152.@$.....(....I..1g.W....]..2pu.y..3...=.R.*.....h..)H.d.2....uj].....A^.. .1.v......1|.x..a.#.,.|..`..3...m...H..{.......6......v..<...u`..5.@..,.mt.e.......Ai.t..F...k.z...>.2X.._.;..F......d. ...N...8.....M{......o....3.}!.....`..P\...@.}-.<.-B.~.Zv...&.....e..._..%.>(Z.5...3....C.#S.....R.s....D-.......n..;&....[....k.e....7..|..2..O.S~&..q.Ew....m.Ta;...C..US.0vq..T....U_.J.#`H....w..0'..6.?...-..t.... ....~....>.,$8{.x.X.d.~...C]...4........,#..f..R.....Q^.jw...Vh%h{..~}.Tl.$@...cz.D...$.G........j.'.......Z.3..Y.L.....u<..../......PM|....4h.....g..?*. ^...Y-.F.....7.jh..A...zH..t_.....,.p.J.f.q....[...c.......X.?[d.Z-.:$.C..d.....rn....&^....w`.....c4K...m.%...,..6xppl.P#...j.......<D...*...<...ZH.....^-...W.I./.".l...R...y....:}4.yu.,h.NF......i#....l..P...E1......~v.5._.u^.>....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\139__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):6.991398625185553
                Encrypted:false
                SSDEEP:
                MD5:6C42DFE9B611F58BC0B30ADD70AD5193
                SHA1:18129A5196FAEF8293EA2311BD1F93C623DBDB8D
                SHA-256:6CFFC1C25DD9180A430753434DCDC3C460E98BA16F73F8917E7F73AA92EBAD17
                SHA-512:F896F7FE2D21F7DC780AD6D3BC0598A85C2BBAD5FE844520010D6CB13EE369439458190496D7C4850D98976190AF80073A3E06B740E49DB9E6136367007D4CF0
                Malicious:false
                Preview:._L...#..Fq...@.~O.......t..Z......3.y.@.T....?.o..1:>G...D...Am....J..R....}I.C+.3W>.hM....&.o.........E.q.d.a.~g\..=..4....;6....X..7.}C..7p.&..,R ...m.o.n...v|D....GH/..}.k....3.v..n..........d`.78^.........AmJ.+1....!....K....7.@O,...6..#^;'.9..?...]s...n.......R./..t.m..Q.J....5U~.......{Q....{A...H1.D)p....7,...Qr.8.L...\.T...p.,................N.......sl...k.."C.......c..o.....9J..g.g..l..>.8.M.......Y..6.g5`.p."L..P.n....zj....%._.....x.Z...}}h(..BU7... ..\.+..zi{(.....p...q*...Q.........0m;....o.C.$$.v^i.4.m..t....am.+X%...."......M........K....*.W.3..D.:..J.N...=...1v...6.....x.].C.!.h..3.xz7.yx*.........].....z.m..._..T./..J......W.aK..h`h.0./..9.&C...0kd.X.Dz.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\13__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1083
                Entropy (8bit):6.74016333793397
                Encrypted:false
                SSDEEP:
                MD5:98D5C36954EC833F138B598611B23985
                SHA1:278E9D1C40D6E57D66A6CD8FD066E921477F174E
                SHA-256:22859EE15FA5A3164F9155C8F6DACE1E93334B7BBE5BFC574B1DE4DC4DF528D9
                SHA-512:ECE4DC0D044915540669832A8A81B6DC488383E94B474D9F7FD5DCDDE85EA65882D9CBDE43FA64F993A0AAB67B792D40E61940A200C12652C499AA0F72FCE646
                Malicious:false
                Preview:..qqZ...+.k.r&..d.Ax]D.....b..lr..@.....($f.........E.(3.........A... .[...4..W)1T$........@....-... ..a..8H.W..~..&k.S....b....#_\....[zS..R.eG...I......t.h.n........ ..(5..P.K..(.....Y%Oc.-...YVK.i..<.{L4.!....d...S!.!..E..y."}..}...a.E `@E...y..C.)pP...Q.f......(O6.....z.v......g..|..*. .Y.X..PM.[...vk..Gp[.|t....n.2/.>.0/..rd...(....i..T.c-e..,j..^xH~......A..0.=.H.Q;5...@.5o5.;.(..Om.I..g..Q3...s..leN.....m.a..J....Q5..).a....I.LgyP..K...l.C./..iO.4.a..3?tl..H..@........k........])..%.*..=..*..........2a.JI...\.v.`6...].X.S.....>.L.9Y.[460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\140__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1222
                Entropy (8bit):6.95828443306218
                Encrypted:false
                SSDEEP:
                MD5:0C6D2286953247EEDC36693F92AAD275
                SHA1:B97942576620C3C505804FBB0E835F73EDD6B62E
                SHA-256:DD7A8B569C46639690765E75E3CBB41AB99BB788E4FFBAA0384E13AE3A1E025D
                SHA-512:AD7921540DCC6CFB15F14EA21210714F2476F4D0431502FF2C0ABF26A57FD7C7394613E7762A76D5B7B5DF9E1B0E1CE8DE9157E3D7E0BC0F9855BA0E9AA96A73
                Malicious:false
                Preview:...D..l.. ).(.x..k...Y.3.!..;.*..y...9~..R...r.4...t..5j-.[,....* <.......1..6w].._.........u.#.......p..A..d.V.Q}X.x0FN...+...Mz.:fZ.=..hZ..._..!...R.u^...H.#.p.fn.w..=c........b.I!uA....3....DI.J....zc.Ga.CQ.~...FE .e.1s F..Y>......j...mN..'dfSST!.^qt?.'..$&.G.....g}wj..M4...n...W.K....!j.T....4..m..).Q....t.....V...!..h?A>.,...#!. as+f....L.{mz9C.|.N*.R..HLcj+cBD......n..v{..[...9..|:>G.W.....p1;......?....0..x...M^.~N.@<7V[l.z..Y@e..g."b.........Eq2... ..G...Cf.^.K....f.;w...........D%..7..*.qD".jw.$.........|..V....F.T..N...../Q..".$..4....VJ^~....;..bq....1... e.0m.\W.....}9.......l...t3..i..;}...PL!..Z....2.....f...\SdZ/.v..q..kH.h..sz..+.uh...M..z:.....VU..D...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\141__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.680544743778694
                Encrypted:false
                SSDEEP:
                MD5:EA9252E19763FE0B8F4CF6F0F0109B38
                SHA1:C6FF9A9EDC0184EC897AF08DEE900F9A584C0F8F
                SHA-256:040D6D39E04F4187FAB4652715753093650FED73D2579AA96F009D80AF7DA207
                SHA-512:B6A6AFD4F533AE1F22BC6BFC7DFA118A713078BCA40240F765F234C5B14906279DB4543F6BA1A2878A48D784ED875A21B308D554FCD32732CD7C997E8534DCB3
                Malicious:false
                Preview:,e.=F..{=.f.).(..4...A...N..g...[.d........3 ..`...=....Y...T.@.<h..)...<.3E....w...YY}..KS3......x..x.3...q..2.b.....W...5f..sv'.xW..j.{k..Y.t.cG!"..[...s7~.;.-.>....8.>1...Z...-..h/c.A..o..g..m...K&.&..J.d_..........I.Z..*.4v.gn4...V.<...`.h,....4H.*.B.G...c.2....8..:..I.&vZ7oM6V...$..cq.6..x...@S..J.@.m8..a.w..`VJ...b~..f...=.90... .(..!..RWv.....6...^?P......Ij.@......2.......9bY4[..a.;Nb.x@n...8l...[.S.......^zH..../.....kcu[~..g....M.....Ap..%0.....}.)K.w...Z2.N....$........Y...cWW/s....m.IE_..B.>mAx..*.5..d5.....F.....h.=.1.H.h.m..h...y460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\142__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.662989984676817
                Encrypted:false
                SSDEEP:
                MD5:3A1FE3743F241E066F79898F35ACC35A
                SHA1:DBDB934CA89BA336161F4A6A69D5F075354CA4FA
                SHA-256:CEB0E791E221A6013B175B5F70929A8A49678206FF5F5B3C4B3CACD15C293C63
                SHA-512:2AE0A156970F0DD3E5C315698DFE63C285C82E1B05513B401913F8E2FC0581B09B22F5BE69386AAA35A93AD9EFD28306579E52B68CE8C332F3A6757F7F4234F9
                Malicious:false
                Preview:.Xa..3..<3.x.....C.8O...n..,..NA.HZP...y_L*.... \.[.}j.%.tu.-Q..~6....?;s>.7....c....w.......*..^..U..L.R...j/.c?s..m.,..G..@.O\..x<g\uw..ND-0......v.O.M.<.B.-o.M"r_..Y.O..H.&...0.[g.....m.f....p..-.|W3U..5.n6...,$J.A4...P..+.l.._....F...U.....b...!...Rr)...P..Rj.f..?.m..2..+.56...BUD...N.R..d)Z^.....,..'vg.1..^.#..U...K../...+.U..%...............F...d9.o-(..TQ........h)..2.j.....9.E.+.M$...i.?,z)........e_...]q8if....G/@c.4?Ll..&.M.`....!X.%..y;..0..~..."...6.|_.)R....:N.1.G.:L..|..P...I.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\143__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):6.473433534236373
                Encrypted:false
                SSDEEP:
                MD5:E75C94B670332A8F713AC0D93D8D7E8D
                SHA1:498C10FA89B1CB0F1052FA3112DA14556F3CD25B
                SHA-256:95AE0354559C997F109004824B14A89A7DB7BBB41A47490B70E509369A47E1B2
                SHA-512:63E59BF114BA1BC44F428618057136C1C243B3C6C27F20C7D65DCF1AC90977D860BAC00D73F5451E8010072FCF372D2D4655B57F5AE3AB325D49AE78AD090F25
                Malicious:false
                Preview:..b....ZE.2.j..*..n6.N.g...`...i6...2...D.tI...J.?...-.%.{^......k.D..u."....!..Em.ga.......5....M.qm"Hc.D.RH&..v..w.xc....*....>....r=.D..C..#P6.n..n..R.5....kc.R.V..... ../q..moGe...*e.'>...|..95..qX..o......}..`?.%..+...xye.S....+.2R..a...2:!pF.9..$a....}....z.LR...C.D.Q...M .*cT;....*.8K..M#.Y_`...[.....l.'.@..........B.5.....,.9.r\Z...._...`....Y..a.ARBJ..0sxW.&..c-.2saf.....O0K...b,.o...&.2.....E.H~{..r1.g..mY?....}.i.!...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\144__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1806
                Entropy (8bit):7.423698120404503
                Encrypted:false
                SSDEEP:
                MD5:6B3DFEC1781A847A4FD2D59636F8BFEE
                SHA1:3D26533FF73B0C9D225BD33A8B8855B65B2ED315
                SHA-256:90875F08C2B8F7ADED9027D63211EC8221F6670ED9E3F2A37CE32CC58237540A
                SHA-512:6A8741E13CEAA61EB944309C2E6700264268C3420BC60F2F3898675B10853CB6F722E02CF531A4BCD2BC11B6589E614BE78F8E6A876190DFDFB9B875C5D67EB3
                Malicious:false
                Preview:S.3.H.....0~5..QV....N.. B.8...c...o./.i..X...kL..T...$C.=.u_.K,..rCrk. ....y.....%I.7.`...7..0.4.a..?.>.er.)..|..0.J.=.....d.e....njm..O_B.....(.^G:.....b7.....}0.I......Toj.O=".Xj.S...r.....EU..Av....R.=...Bja.{D............9_w.O..`.U..E7|Vg#ZfnH2.5-JoJ.......X.. ......:..D..1.W#8....,....t;..!...Aw.H....6w.#..J....T."1.?.4W..Z.pn.X...X.p..".:..5p...:.4=.C.m...u\n.h|+.H'......dT..2..qK.Us........fi.xM.O.......\\.G...Zx..8.[.y...J.........C...s...&.......'/3....l./.K=..."....A..h..W......1..b.*.3O.x.bh..Bns..~*...*..K.....v..[.rM4D....Z.f.@.vX5...Z..S)....UO......%%.. .$...........Hr.T;^.C.N M..9..7.%...V5.3z,.XC.?.>.)...k.....e...%./....G.$.Pr..^....]V".0.3..........GF...]...&..$.o+#o.^..B..t...].~~.....^M:.....C?.O.4J.........%.>bB.........M<.w.?.G...f.4..7.3He.,L.+Z...js...Nf..0Q...Q..w9....q.X.k.n..R..\......,...tm.Q^....5.2h.....?.....J./,.>Sk..2..9.s..B..U..u..Y..gs.m....]...>.....Y.q..Z=/.>wQ+.K..X.l.L.4........../.a.$K....."....bzq.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\145__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1736
                Entropy (8bit):7.380756224163811
                Encrypted:false
                SSDEEP:
                MD5:E574AE850D52AE4DC9615AFC16BBC50E
                SHA1:432BF70C36634AD12E2CB3BCFEB8D75C6FA8ACD6
                SHA-256:C34FC33AA4546CCE8DB349D88C2170ED76ECD4B568046F436178D309C98595F5
                SHA-512:9EFD0A39E238943D6ABFF80B3156043E884662AE0053C4FCC4C354E0F5B7C691A1484B66A4C9B6857816DBE18550B3AB0F8AB51176AD962CA37896DC835E3AC7
                Malicious:false
                Preview:.......Y.e6s...A.....I..M.=.l.Y.R6.3[..&.....t..E8..Q....I.1%0I........].....dg.... Yk.F<...T.u..e....s.T.Sz....4..dC....A......6......a.,...O......!&..?9.F... *..-......~.j.Gf.=8.L.FiX.H*..R.9.o...5D...Z+G.F.+Yg...Ec{u..2....8+...ZP....&...|..&A...&..~WJ.W......;....g.....r..D.8.z.{|.#..1........,.|...!.....CF.i.....b.F.:.....{78...O........:P.e.......?. .....F..4<.`..a'.>.!.j.......RQe.........d..0F.j....BSH.;R..B.[.3.m..,.[..p......V...E..h.....F..LZL...w.Q|fPw5n....,.LS.&7......m.X.fs..q})...F.......U.oA.?..>.....v...;..E...........}G.3..}T..y.TA..S.....Ci..w......W.*..)^.....R....$'.4..."...+.Wa..E....t.........1da......V....+8N...%%u..L.2....h~Re>e.......t.?.|..u..0.2M1Q.s..V.P_.4....Ew.=`.Z..b......>r.j._=[.G.D_.h.Y.....(.7....L...I.j..h.................U.2..c'.b...H..s..O........q.$vA>8.S]:'X3........I.3e.t.;.........c.D...j..6.Af.....=..1.....e"...U.I..F.{.\8&]VY.a....p`....0{i.{bB..NP.4/.).-..>...z..!...q....>..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\146__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1157
                Entropy (8bit):6.891378020983192
                Encrypted:false
                SSDEEP:
                MD5:CC262268FAF6D1B7004EBFE18DAF02A4
                SHA1:7B5E24E32CF56B34DC28DA59CDAA2B8DF08DCCC4
                SHA-256:847E1A58DCE98B6CCA967A9F0720B4CDCAACB96478921412E25B78AD2EA01E46
                SHA-512:83B9BE39BC31F734429230B1F40EA584ABD7182DAC2175BBC610952DF5E70FD4E4719B0487A4AB3114CD2F4672CD54F4A43B6414E2CA29589B031A75936B81A8
                Malicious:false
                Preview:.!a>...........L*@c..i$.v...a.iVomO.....k! .......O..p.;.A.-..v)..........Mr.@..`..iu.?3{..C.mi0.gu.(.H}.)..w.B...w/S*.&.A@..].."....6.._.q..[{.C.Q.!.. ._T....*..j..Ho..9/.~.....G...p.l;d...o.t){...h..$.B..0......Us..]..u3%...7G.BO.. j..q......8...M......g.}..o..t_.S.{..}Cm,.Kx..i"..AXN8.A....2L...eI.1P..;.(../li.....}.Z.Ox./......'.M...W..zA... ..9....~..`...R.......ME.Y.........O....^N.].::.6..:.#.|...CEc.p..'...P......hU:..WU{...gt....l.8..{..}.(..7>.p....9.j...p....u.].q{.Za...~.D+.K_.G.NJH..u.......H....#....m..h..~..9....Xo.5....aN......u.Ja|t...%'.r.0.pm.A..{2.....\,.t.;....#.....6...fSm..Q.M2460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\147__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.7175900205044154
                Encrypted:false
                SSDEEP:
                MD5:59653A8F87007F6E226342207FA61DC2
                SHA1:16B07F05BE6EE697133E188869C6EBE9A8944A47
                SHA-256:38C4470490D0CB301BBF4B81AE5B520F141D54D44BCABECEE82AEFB60C6E1568
                SHA-512:410521E6E58F143A97CD57D7650BB7C9501E5612BC0665B3208522F78A3F21148AA63221216E1E6CB6641F031DA5D75BDA0482879231B985FD599976933245ED
                Malicious:false
                Preview:...N..\.z.5X....mr.G..../....u..O.k..(|..b........_....0.T.S....$..'(j..f.....Y_...oX.qj..C..^..t....D../......L..c..=)...o.b..>*.K.\Y..Mx..{m.f..\p..../...w.J..$....6...<.....S..Z&....zNZ3e(..W.....K..aHz.*....w.KP.....:<...|....<.5..%....w.."..w.}...S,E+?.pey;.k.RQ>+.lu...k.DF.o..x....4.b.A:.#..(H..L.U...lL.aW&0...n.4u#..rc.2=|.}h.*.......Z.M......0.e.ha.n..v.._......k. a....E0.....K..J....~.`...v.\jKa.P.....|t.F...]'.dd(&2.|.-F!..ufZ..[.0........_.p.-o3G{..E....k./\..a&d..C4..).{.6.3.d].o._..^J...QH....9."....^Rg.;o..K..6.!..r.H.WPGa-....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\148__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.664998349713624
                Encrypted:false
                SSDEEP:
                MD5:71E13DFDA2BC1806352EF387AFC1EEA7
                SHA1:042B32248DEAF6D4191471748608159C801D1266
                SHA-256:3463FD87F82348923A14496C3530AFAB010E6AC8048482F791D86D6E48D015F9
                SHA-512:9E74CA76F977185214B659F430BD1C1EA43C7521B2A51BEECD7A03D9368E7E7B26B8DFBB35A1B75C8A8B17965F3CAF331784778A82A5DDC708E2456884D7194D
                Malicious:false
                Preview:.. K.ko......(.JV.jkm.S.4(.....h.&!........oy........."|a.y..v:&...z.x..i......Y..Wc.0.X.PC.t.W..).=o...|}..:_....F|....Ww.Uo.0.e..8i.l..~..U`...CE.M.z.cE.\3.T..........Z....n..T.r...T $1G<._d..u...v...E!_.....Tb#.pf...+8..<.9.+.........)|...$..X.;9.k..H...s...$..G.K.........Ya`m..'.\W..,P.j..../....-...K.0.n......|..N...@`bO.{8...l..c.iBb.P4.A>......,.U.....`to.T.o.v.1..g.P...a....k.-....P..B...o.{).[..+.y..5....._h./^...U.Bc..l..9.D=9N..=R. ..6k....S)...".LyIq........[...w...j.&...R....t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\149__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:big endian ispell hash file (?),
                Category:dropped
                Size (bytes):953
                Entropy (8bit):6.452857994383336
                Encrypted:false
                SSDEEP:
                MD5:937E9A78814DFE7C575D8199AD31A9F2
                SHA1:0E02D78051006A9E805711C3015050051EE74801
                SHA-256:90D51E2295275F9115207EE0C9D857D041462668CB149085C29E65B6B364A25E
                SHA-512:0E85A9C603658C4CE1B998E84F85637198C18BB01DBDD3CC65915789344088A75BCA758E775B9330AFEBDD5464521B0C6A913BF1B6C8D2AA176239A5AFF1EAE1
                Malicious:false
                Preview:.....d.f...-.ok.j.$n...w}...j..6...G%F.,.xj.......8)}S)k.c..1%3.9.:Yv.ysC.H..%u.-8|.R>..k$|T.FY.O\.}.....-c.4.....x.'......h.6.N.h.`7Z.o"..........K......V..s.s...P.!.ry.....P....8.B...&5rZ......*..(..v...c.....=.....].<.'..0..u(./L_.n<`..2.J..I...H.d.'`..i...<...>..]0j.@..d....%..Z....~..G..u..;....M^i.....4.........o1][>.'....]T.9...:fv2.\.........$.2\.9...A.ME........4V9.<.@u.`....|-...KGX<[X.ae...J....T.O..J..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\14__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.635994125320114
                Encrypted:false
                SSDEEP:
                MD5:A8AE8428E3180A626281AB046542CDA2
                SHA1:C36060E3D331F93142923EC0A0B2F63B715CDA78
                SHA-256:148DC3298A727EAA146A9CA28CA2184C2105C96013BAA0C2DCC710DD2FE23DFA
                SHA-512:F1A24FA2AE7162E058B29BA7B9059DBD4207E2A893BA37DC297F2E7DA411CF709818645C65CBC43A3D3AAEFFD269D4E191F56900F9849C5450B3A6048A6CA4A9
                Malicious:false
                Preview:ib.p.Gwus.P<!.}r..s.T............dS..<B.o.5}...3....V.!...a...cBr...O..3w.....-.:....#.Q....k.{.jxF...e}..,...'s..7..0hZ'. .;.L<z1...k...d..b.L..~..@k......7.@.}.....b9....f.I0Lq....|8.2.. 2_...T.ir.|..=.....R...G,..m,.`c....~.hK...!.;?....9...O.'.........k{>.^...Y_.n_...La.i.mX{.......RBY.tg%F...r<.....5..f."z....".o.u....Td>'J^.!{..8..... .......m.n....y.........)b..(F...}...O..:........:..vyy(.3 zMoJ0..E4..Nh....h,...Z......;~/..Q......r?Z...a.%....3........#..}..i.c..G..H..B..@....Q.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\150__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.948104875125633
                Encrypted:false
                SSDEEP:
                MD5:AD96288A3F010A49E91E882B662FDECD
                SHA1:428E3E7462E6832DB5B7940390BD75A5F02EBBE3
                SHA-256:2B4E904162138FE534FF13107A9B90B750CCA90C5ECDF2C8DBDF3CFA6135BFFD
                SHA-512:40455FFAB835F326087A8C67C683699B6F001E8867EDE3838E260DED68A38923B831F7633BF61855F26B779854778FB97CDD2686C03AF2566CEA197DA267184F
                Malicious:false
                Preview:.p.s.r..a.v......0.M.y.A..J.`....Uf.,.1f........g{........xcpt..1....1l...._6.I..|..... _.........Y.*.....P.....>.y~....'....%.4...g|...s...O..h".)......w.......6.......m.F:.CEj..5.........gl.t.P#..D.).{.......~U...9.V....h...-..q.~...Y.N`.3..J..P....o.T...$.m.l.v.....R.2d..M....,P.y...$..2.O.....<'.n...Ky.+l.$eIW.9..~.....f1....i.O..I.L...`C{d.7..&X.M.s?:....wl.R.}...K.Wn..........L.m9...........nf.e...a.x=....={k.}..k....76.V'..WHz...0..2H..'.'V..f.&9......>5y...K..i:..R...*V..;.0......p.7...R..>g...H..DJ.....8,WY...V.i.E7.o.....i.....'......2.W.=..?.2p+..&5x.u.|cG.w..'`....Aj.vh....9=..d..U<=....:..o|...x`....38...42K......S&zGQU_..s..L=$9_..T.u..I...........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\151__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1678
                Entropy (8bit):7.308959469946902
                Encrypted:false
                SSDEEP:
                MD5:88BA38DD01F3D6751B1EB641797BBA8E
                SHA1:30469143C6C25697301C7BB0544824C1267FAE72
                SHA-256:12F86B2C793DDAC03E82E94932149E20DF8A236D3A4897AA163481441B45788B
                SHA-512:1D1491E58A69BE3D4A8403EB45ACD4CF4E4E5AABA4E86C424216BE05486885EACE303E1E727161CBADB90C95A09C574654B8CC0D9877E01914E699E774B1FAC1
                Malicious:false
                Preview:......~...Ay.v.7.^.*O\.a.....YF.....j..T........L....p.bW..I2....'....!2.2.....<...k....N.T..6@+v..3L..O.=M...4]..\.!..Y.[..y..T..$..d.X....{....|.%c.ML..i.AlJ.....#i6.....d....'L.H.1.,...E...u.....%.......J...U.j....o.:.s..Z.jw..NL.9L..<.V.A.........36.9jP%........I(.b...rb./~..cW`..M..:.XM...2....}7....R_.....Ll.....iG...8]@aZtl.X.F"}HAC..L.k.7}.)h.tX....&.Z....?.>.1F..:R.GnkT...3...W.x].yG.P9..W.eH.Az...U.........K.&..y/.8.G....7,.....#b...6..%.^.3X...t.4...*.A.w$..O2.".k.P...0...t.@.ZbcqWb/....KM......@& .b..O!.f..(.....?..5.H.r.V...H.l...+..|G.*...x.I.IH..9.&..(...C@?.+|.<..\.............`........Q.n6..r%~.5....|...Y..#&..s...^L.......W.z.....!.......1.../.a..K.C..5t...y.$^..T\$&.F.....63..-u.c.l.B..l.n...-..9\ZZ._..8If........aFm.~N...6.>.VPx.<qTwn.....T..AP...q.z...K].......t.Q..r.".5...4c.L..bt......8.#...d......y.>P.03.>E.z..72D....'....By...y...2].O..33..cV..5...A....c.......9B.c.....b.o...3...*...YI...y....z.-..7^.8.z.....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\152__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1178
                Entropy (8bit):6.86595078962294
                Encrypted:false
                SSDEEP:
                MD5:D6DF3E49BBA5E648294D946747598DA6
                SHA1:5AFE22BFA57BF1A31DFF5DA6CDDD2D17802B1BDF
                SHA-256:F774F544913039DFFBB699BC76E10434608397B8F69A06962181EE5BAFC63E20
                SHA-512:03ECAB9D9762C4C0023F2ED1FF9FA114C86D6AF572532FA1B14F501D1BBC45EAD7F097BAD730EB8FEDC34A2CBC6DE57EDFA17876FDCF06B9D5B80CAE57E836C9
                Malicious:false
                Preview:.........k.)L...9..._.;|.J.M\.o.[..S.......*.=....-..N...be..U.......d...l;GR]y.z.-.`.<.@1..^.{%Z......d./.3.l..H..p.......<U.H.2.w...N.v,.'.46..].).\..V./....}p....,..T.0..^.$1..~..T...W:r....E.........R......:>.4.?..w$...~7W.......F....>>y~.*n{j.@.....n.861...H...{.|.......9.J3....xf9S...4.34.-.ki$=ts.v)...<......A......Oz.....Ft......&G.WJ..<...0I....f.=.g........O.s..n..K..[..(.3.c..e.....2..+.(.q...N..\..6.^..K.........6.,. ...GZn....E.+..f.{.M.{3 LB.R...U....)F7....O.e7A...h.?5..aq.}.y&.i......jS.9..\=....a.`e}..#.O.U..d.g..`A..W..W.....].aq...y...q.....`...C;.a..=<R..jy....D.iC.....-..iL....z..S5D.{.OD..gZD...<=P...e&460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\153__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):6.901509610182625
                Encrypted:false
                SSDEEP:
                MD5:9CA7891E2CB64C5C5AF76E82BE8F4751
                SHA1:3778E23A72F982680951073FA30120A885BBF174
                SHA-256:8EDEFAA46E785118AB3A4F950273C912D952A9DDEC7302EFBF2E934908BB2B3E
                SHA-512:24EE26E38ECA903C3728C709D1333D59F92A7DF104CA8FA1FD414D862564E350FAB6482CD6D2B301CBBBDCD98107A8C7F31CE26FBFFBD0F11510780E3EF7941E
                Malicious:false
                Preview:..Q\U.j...:..........p.rd.......~J5*3+..1.....D.W.c.2.g[gt.b.\H...q.}j.i....<.... .s.....t.1...X..{../.......N...~xt.R..`N.M.....F%.b.o.4.2...^..=.r`..k.jJ.K.....m7...?-..3.3P,.n.X{Y_.."......n,..KF.....b.<>4......<.......I\x.-v.p~....I.Y........?..p./........T..[....~4..M!.|..dwz!....O..........t6..[...;....g..9.2........E......S.....20O.mmg.kB.Ks..:.NK[:H..B...%.&I..Z)f.H.I.$}6...6.S...F....<.]..2&.~..ej....+=*#.i.5.m..#.......!J.W3............x..|a....CP..V.........4...kG...+..i\/......:.....x.t....<.t.MM...k<.Y.Y.XE... .$\......&....[A......!.....k..:....c.a..H.W...@.....R.Vh.=......../gYu.<h.j460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\154__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.8839647237610455
                Encrypted:false
                SSDEEP:
                MD5:998FDF244ADA0FD8DAC29D55F70A354C
                SHA1:AC11FBC09DEB4B61483968CD102A3AF39E3A5258
                SHA-256:21493DA6E8D411E926A8B3521F6CBE98723CF9647B1A1632A9413E77A9B1A56F
                SHA-512:14B8D42F11110CFB346B26E7B503EAB1E105F1FC0DFF11E872E57B8957A6267CD6843B4EFE2719CEA4AEAE1C01FAB5EF096F9438630DD95315B459612AB07D86
                Malicious:false
                Preview:...Wx........T......2.+j.,.`.$.xER...'.9O.._^M<..,.v..%.,.....8.Y.]t...y....[h,.9'.R#'.e.`..D{P5^.....IpP.d..1......B..4..Bf...~^.f.wU.,.vzf...r.Z....|<r...W.....w.v.c..6&/Q...R....a._.k..<.z...j.s.sH..b..^."..........\9vL.4..>..7.9.t...O...E.S0RX....:6e..;...._.....x....'.\.#.....+...}J<.h.z..N.-1nc......s.....^..;...3.......4..!f$..n.."......_..k.......5<;.A...t......'3..>Jp......l....Q....AE.S.Y.h..td...nDZ.q.h.......X._K.=%.a*..~AD.aoH..'....:.......S.!.b.O.!....O.......'......y...@.8_...ov.U.....3..Qv.8..k...b.xr.q.b.V..O...'8.G...b....:V..'..;tC]..M.(`..&....".b.P..g...[Z..-...W...-.*..\.7...{8......K..E....F..zaN460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\155__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7432280344842805
                Encrypted:false
                SSDEEP:
                MD5:39428EA24F516E1353B99C3C1D355946
                SHA1:D9B56F1A306D6014A6F3ADDFDDB2E8868554190F
                SHA-256:2343728E1A19AEBF0F3D7043FD9EBB93E05394C003D68532C6C908A4943A34BB
                SHA-512:AC36637027DEC822FD78AF1AB80909890F3CF15C7D5D12B289B8DAA2F0B2298C5C3334B7A58A2235C77E2D3A864CAF6227F08ED2B9F6D5B6239A57DC905D7F47
                Malicious:false
                Preview:.t`X..S.X.7..F.@...I.d.,.....$.U^..Ww....j..rU....p.dK..),.?...:...iv...w...o.O..>6.K..<.\....F.gBc.....o...Y......1........^...\\$.k1.uf."+.}.?&..r....$b....@.L_...8.....65....3..HB~.^O.3.R.....y7.sB.mm.-....aky....j..#......W..Di..'....-l.#.......#.zW(~85.V...........u. ...Qg..#(.mJ..J..L..(E..+S.x.oHK45..b4. ....H..us...|w....>*.....m.KSM#..&A5EU..D..z. .a.T}.F.....|.D....B~0/..;z.,........I..o...D(..t.R....W.^.6..^V.{.J.j..GYZ.~_Y)Q...X..V[..)I(.v_....n^..f..go...c..d..v.............u......g..g6...?A..N...o.....>.7...F..&M.7...V...1..).A&.)Q..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\156__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.574880407806995
                Encrypted:false
                SSDEEP:
                MD5:36ED5A0D97B7669A9FC83863E22DEF74
                SHA1:1A9515798088D8BE2DD04AC2EA1D9AF5A04B52B8
                SHA-256:827C26BBCE6CBE3BD58A6F851CF082F84F0639C6542A18EFD04930FC53E6DF70
                SHA-512:541A6081A8A8F3D00F9477F4A51003B81DE461FBC294855147AEB1D772129C2F2B549D13CAE7ACB3C4597425E7C1357F68C92475D7CA5D2283C06C4D8AB8771E
                Malicious:false
                Preview:..hp..!x..2G.y.8j...J0...X.Qx.P...5X..<.J..o.X..(e.....=....H4x'.;.d^.#j..m....i....m.E,...1/.oy......Y..>.WU9?.E....&..G.c....+.x.".nd..9.c..)..!.....h.UQ....D.3C7z....Q.n.*vd..#......r`.?4.s.W.c.d.!.j.f.i.'.p2..1n#m......wmP.....e..?..s...=.{.W.9.?.5.o!7.5 0!.qr..I...;.r.V.@n0...9.;...I.\.0.......0.e..m[.....s.......}.....j.....3ALqXirC|.....L+b#ic....-~.{..]......,..B.m`v4.,`Ws2o........6%....c...;Ql..B'yD!MG.c!<...]..l.;.>..n0.>.._.yt....n.w#.g.F.H..ee..|...|...e.`...wm..^..D...2..T..@s9T....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\157__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):964
                Entropy (8bit):6.508918295087265
                Encrypted:false
                SSDEEP:
                MD5:AA53DC4899BA944F9AA9E0BABF9C6A74
                SHA1:957D44BF9DB1EFE522727D39026AB2F10E1FA296
                SHA-256:86D9DBF4AC3982FFE448EBEB9B56CD16E1BEB1F375F7D46ED28D66B835B42955
                SHA-512:C5E7FBEF68E068C6839DC23C4C2698BFB4B5353AB5DDB838B9F342CA41B064BC0B18FEEDFC0010619187ABD964AE62D0E912DE31A35E082F10D38FEB940A8D68
                Malicious:false
                Preview:.....?.........n....Z.2..Z....}..St.~gJ'......v'Y....fa......N&A..&.P.m..w@..`"ip.t'G....._.D..U...s9F.z.....[....I|.@%..w...~.Fk..!mJ....N.!....8].z..[...i-...m.O...I?{nh.}z..........cs.....:.D.X.....R..C..9...`.....V.H..b3~X.?W".}I'.z).;h..w.....c..R......4;....-e..D.g....#....1.lc[B..b...t.I<I..j..`...P..y.....JP..?M.o..[..1/...q.....9...9. ....t.Dr2..U.K..!]....1..0.a8...R.G.:.v..O..`...%8......n...XN.]@... .460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\158__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1784
                Entropy (8bit):7.433385276439879
                Encrypted:false
                SSDEEP:
                MD5:8A682B0FD44FBC8C5F19CC7A08D8FBCF
                SHA1:9C40C9FAE214776A4D154303DF59587B88B64457
                SHA-256:695F15493D4C7194C230BAD66AA30DAD43F7FA124ABFFF213D0E9F17282A5876
                SHA-512:2916CC65C63B0EF29FAD2A8103D6B358472D12BDD4E12C6B7525D37E6F6A895830FA85AFE8236E05B164DFC6F65F5E70DD5179E9D9DC0BC15C2079CCCC3EF686
                Malicious:false
                Preview:B..~.?..1.>...5..O,y.;M...V...\c...j2p.."6.]..9J-..E. 1].Z-*.6K.p;=-..:T. ...}.9.,...<.j... ...E..=..Z.A.\/......33YW....c.I.,..+2...u....JNOf..d..Q....x...en.U.u...{.......e\..sl51...V.S....=..T_"Z.P...i2?w..G&B;N....A...G.jWOg........s5...Q..).....Q...q.(%..`.j....f...b...A.....q..%.\G...e..7gFkL.B.pq. .;(...=.g........;...a%.-E....@....t.....}:f.~...l]..<...SH;.S.L..tL..F.u.I.+.S.|J...y.P...*.,%...p.l.".{NrJQ...:.H. . S....kDF.Y.4.8.y.o..C.]4Hux...L.W..z'\......e.....D..$.U...7...v.*.n...;.....\. .H.......A...;.........r|.x.Y.t".H.H'hP.imi..?63........u.h..8.`...~P..._.....X..g.w..{~..i..............T.P(..].$..-...%"..IY}.#-....1w....7.e.hdts.Z...-...]}....%..s..!.SJ....H.$....k.......tf."....xt.......O....<...l{S.N.....]x..`(..:......X........#...z.l..-o.;e.... 5....<.]. ..:.Xr..H..Ht..-.!..U0a..};...W..vy.;....... ....g@;......G....u...<.6..../.+..r..?.w+VT.......r.e\...84~..T.Q...4eL3.jK.~...D.$f...@M....o\...k...H?>.|O..j.!...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\159__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1226
                Entropy (8bit):6.995724952687839
                Encrypted:false
                SSDEEP:
                MD5:C00C1E5A27F5541F5F99097E227513B4
                SHA1:F3406960C39CE0ED0AB70AAD2B6460038C53E91B
                SHA-256:DAD40712798710E4A033D2968BBB8D8F85952832F425635A3F561D4E20A9C2D1
                SHA-512:AFE55690BC26FF7DF9649832AB16EC87AA80BB3D125E4D3DD3DE150A759DFC03E49BE6E391B328B37BCFB170CB465D9A0306CF57B83E1044F8F7579D39E8C249
                Malicious:false
                Preview:NV....^...l........f.[..K....8.K.|<..9w..6S..q......17.]!.....6...a.X..w.&a:..r.@.S.N.-./p(....y).=/.....J.~[vl.B........~.K....(q_.9xw......sy....,...#.M........e`[)...'x..+....>..J.....}..FW.{..........E.....:..V..8.j.Z.%.K*..I...^+..AO.....A.x)..8...%.{]..g....}`..K_..M......=>.......Z..C...-)..F...-"A....<..!.D.l!.Pf....^...n..&v.1........m!b.........X..u.D....G..G.].f.........J.5..:.#d.\[..,}...`....>.......q.5}a/.6UGF..>eZ..%.K0.F.M.J+|.@W..*2.. ....9.....1...I.....:b...'....q.o..;i..mqp..'=,.G.BYj.e.q.z.O.~b.h...ief7..).. ..$.........k....}......$..L..j.S.-^!.KB.V.......$Q.~..r.p[....V#=.5....D....5.q"y.~..{.t..K..g..E......$.q...B.}w.&CW..i....4&...U6#...q.N_460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\15__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):957
                Entropy (8bit):6.468038112878216
                Encrypted:false
                SSDEEP:
                MD5:D46875B40AC0FBAC3AB17E8ABAE1E6BA
                SHA1:E4D2ABD96E2E261553F3D14259B24A6FE6375674
                SHA-256:643AFFBE92B7F9C02A075E8063BC07C9CBC11B5CF305301673074E4999A20F9F
                SHA-512:247475850472BD4B30C200433EAAC51578360754058C1204D11AB4488906EBAA6DDEC6739C024C9C4DE59918826DEAA2219EC57762F662B9CEA67B71604E84C4
                Malicious:false
                Preview:...l."+.^.Gq....).........e....(o)...ok.g5.k.u...7...W...~...i.......Ui..B`....)R....A1i<'0...g}jx....KR.9n....Y.,u.......-".B...`&........D3.)Z...........9W..F..h.k..$..gL....csq.8.........J.p...AW..sH....3<k....%....B.i...i.u.JB..WN.\.WV.5@...9.../z{|.{.....c#-...s..i.e'...1.}.x..Pb2\...t.W~%&~..$.CL.%...x...l^.W6.....i..].!.+.c#G.xtG.K.>..p.....0.'..M..n..e.]...b&af%).............{.4..6(....|.....6..|p..."X...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\160__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2145
                Entropy (8bit):7.56825530093258
                Encrypted:false
                SSDEEP:
                MD5:20285AB45464948362F2C215268A6DDB
                SHA1:6338D07D4E338639F35333C57F8E37958626AD5A
                SHA-256:166DBF3FAA9D34ED5BDB7CE276B7C608575ED12D4CB8DA4153FF7A7B3D6049ED
                SHA-512:E0E18088D0FC46FC306F6E4B487AB40377F12C950699B235EF2948C93FE1FAA07207B10C335A8BC28881AC79CB777FB01FA8533E95EC7D525F2D738A7764FCCA
                Malicious:false
                Preview:...|.8...y.....l.G........d>...D....-.....Z..57a..,R...@>R.D..}..../.......I..h.....'..@..SK...T.V....TS.n...s.r..~.R....A`......E.h...~...).F.......3.A.-........t`.m.r.r....h.....'.H..&X.d...I.q.O...K[.......c.B..|S.'..x/.G2..l}&.fMCf........b.G..t-......e..w....,....).#.-.i.T..OG.....R.!U.2.\x..q.(^..=.Y.u*...8_..4..x~w..m.l......5...Bd..z........c....z|..EH.t...S.$..Q........\..$.A#HWt#...."..Jc..F..Hrd.Y.iu.w .O..J..-I...e...X..?.[~h.xy\.N....z.'..?rX..(.03G....B3.....W..|....y[...v.ofA.@rF.n...k..-i.(..4,G...N.1....>.KoK&.(.,w......U....]..z.b.q.n{...5...*....3.G.og.....Y...6.8 .....D.".z.....v....k~~d.....V..c..e.#..Jf..c...#uU..d.b...]7.^.d..P.o;>f....i.y.*bk..l..4E.S..Y.n.?...2._a,yWB@......$...9.%E.n.J...df........r.S......(8.L.E......0!b..;...<..dQ.l.5.l>)..f5'.3...;..GI.).....I../I.!s`.._../..;..s}.a...+....%@..q..k|..}..-.Z.JA.2Nk$)...D.Q^...I@.B;..hl5w.|i....p$...i...4....2..]Pf.`.....P~...........'..wPkzI...?g%...1pZ....<..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\161__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.743986314231795
                Encrypted:false
                SSDEEP:
                MD5:A992ECCF24D5A90928A7C6DFC9DA8FDC
                SHA1:77D85800DCF7A59185F10C707FEF765FCEA8AA7A
                SHA-256:A43916F0FEC5C1C725EA1AF61FAFE0526289B7C0CBB7F334389381511DDB5992
                SHA-512:D166CAE1AFE858386F872F4C23A196DA1E0845487A74CB44E28E0746BCDCA7187B2B5A8B60CA94B21ADEBE38CEC7176553F1F518B1058FE2B01CA33FCF3CB248
                Malicious:false
                Preview:..S...if....S.;....-.q..X......\..\ ..e..cs<F..E.3Zqu.g.w..M.~...bOG`.#.6.j..u..O....h~J..>..i....Kk.X.%/.$..2@}w.E..?...=..o..Fwn.e.....b......;...Zn0..{?Qn...bk4T.I".y.&Yd3.5s.u...u..C.{..3...p.[;.<D...K.3..t.N.TC]t......0.C....%.....\J5H.<...RW...rO"AZ...@.HV(u4. c........2.Q....?.Im..v^..N...h.."@......e.,........U..q..%Wr...*+=#og..M......_!...].$Ga....9....{..1.z..........a..M..o'l..K.......\N.?:..o.\.5......."G..Uq...H.e7.$..R.g.Y.X.!.g..H3aw..XXJK..}{q#V..y.t....L?...Dt...Q.q....q\...z.P.10........J`....\.A.J.?..G.k...J.B..I=?W4460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\162__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.653383233586378
                Encrypted:false
                SSDEEP:
                MD5:59D58F79ED471C715AE91E0A0F96EE1B
                SHA1:6C2C565CD6E69D074FCA0CD81E3FB2D8FF6EC564
                SHA-256:AE0BD6F366F49F91F0D5B7ACA5DB521C451E810E0931697B5BD09D89DFD005BC
                SHA-512:14C06CC0E281E6C3DACAB783EF0B00D898458DD4D5DA3F22FD350E3335CB068D84C06A7E002D339F73E7C1F0D64E8054CD3B5A73DAD656211F2D1108F0CDC346
                Malicious:false
                Preview:\...a?.R.c.N@.r.....Z..Q.D$wN.(...[...,.q.........?.nY. )J.K%....`fl..6JF9.d...........wq;..(..t...<Kvx....m.......9@..c.f5.T.y.h{R...........C%R(l...{&.Z.x..P....&..$.C^..h..:.@......Y.&.`o.....W.....j....p.r`..q..c...m..q....5<.`../#s.5.t.....U.s&...k/....................".`1m...:;..%.,.%x....I.|...0.KN0V...fkW...NP....Kh8...aqzPi.z....Rk..a.B<.P>.4.|.jw.....Q..J..;9.H.....jP.i.\....).+..?..{gc..Xv:....../.w.?l..M....q....0..P....O..~i.....$N&.I.!.m...+S ..BC..Tf{..j..[ky0.3...5..L{Dkd|~O.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\163__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.481708803678382
                Encrypted:false
                SSDEEP:
                MD5:5ABFDAF9CA75B8E4D7490D0787A34F67
                SHA1:71F23C57ED82F0F262958DCF232BBC683D660A2D
                SHA-256:37A60173FAFF827B8CF08D4C7045FB19FC1C071AE248C5FF17BB3A532F5D7DD3
                SHA-512:372CBECBEC13C3EE7F9FCC33219A2C4DE0043FCE2F5516F2F0B4360E466539E4495A9332B9F7F715D0850EB336671FBAAE57BF81E5DC12AE815C18F29A2EB584
                Malicious:false
                Preview:....;.>..0:&J../....^...[2....d..[D.mIc..z.!.....b..y...%A..5.....8.A.!..3...y7'...c..$...N?.kNJ9..E.*.u.m.e.#...SN{a..:..W.E.h..|..k.hk....t..#..."P.[..v.....T.I=X~ u.,Y...!...q_u..<a..(j+..ns...t.s..........n[w4.x.'....Of@.Q.o..=.(..T....2&41.f./o.0d.P..B.Q..A..... .+.O).....?..........=..I......b....:I&%..X.gE..J.#...r.^.v.sEA..q.....`;j...oMY.O...........*.....2..$.M..C.m.c...)P..e.U..k..N(.{.^v..;...6..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\164__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2832
                Entropy (8bit):7.727597291456052
                Encrypted:false
                SSDEEP:
                MD5:1EB5A823201125E02D5E9C923954C0D2
                SHA1:3717A26774A2FFCB49CCCCD7FDC459DF125E286B
                SHA-256:AA8D64FE7F77CD822F620225A78C91A618A66D8194758DE89834D90E4CAC6D9C
                SHA-512:2BC118146BAE52C1D09E131F62B89B61D8DF8ABBCF20AD0F82C815DB9D1DEBE2D1F8A9CB343F7164AE0AEEDEA31AB7B85414A8A6CE6C8A017141D34D972AC91C
                Malicious:false
                Preview:a..^......%K6.........;.....*e.*..rjN.q....Z../.(.r....b...jt.....ZG.y.[...<.^..Pj.0..EX.h.n2.+....D.@R..%..Hl.syQ;c..2.=~..V.....j..e.6.H.d"..!...}....H."......AS.QP..+d..s..WInU.*.... .-........&.m...C.....\..j.9...A..~..=....f...MN..D...&U.&..J5k.... ..+t#.d.q`.9.8.;....Q...VG.k...@..j7.i7/......q..M........"|.....!.E{~....mm.I..o=.G)k.A........}...}.n.!..=$.......<..g..7;Z.........$..mc..9....r.D..~..Ge.o\...%...XF..a].!..Jch-..../:X$DW.0.W..^..*_..x..............`c.^.....6m}......}G.R..K./6pG.A.\.....|..L......]....}.i.I..Y..w....g......r.......S$...}...:;o..8]..u.:0..kA...;.D5O.......2..B.7].._..f.e.c..uyk.q&..qI'..Y...:3z....(.j....?2..ze..R.q.\.....B.^.......K..w..M.Hn.0....!F.b.......I.^Z...3.U,.....).....)..k.5.Y.;.Q..}Rw..~.I..V...=.Y...S...B.....I......,.-.x.rg..&s...]{l...6....s'...&.S...rA.xDCe..............7..1{....D.wF......X...j`..s......9...,HQ.@Xa.*3.x.o...f[a.d..........V..;A.G....N?....]..9.0..}.e....E.h..$?.4{..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\165__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.496005390179327
                Encrypted:false
                SSDEEP:
                MD5:3C16C0329E2C7CA7EE5C4225B702C5B2
                SHA1:A164AECAA27585F0B4EEBDA1954273289CE8A63D
                SHA-256:C461E41C07254EE8F2B847B4C233D94D5D4A1BA4C4C6AEDA4C168B07F652C9FD
                SHA-512:072877F43784BF659E85D7CA32A8CF92B42A711D3052CF3DDA0FB0F11DDD3ED2B268373A24E9A5E2A034A9D0B2BF87A1F956EA6F0D4C92BFB54AE8FBF33004F9
                Malicious:false
                Preview:....v{*d...j?....I...S._..:..t.%HN._.M......rR..Y+K......G..F..D\L....(}.....~@..W.G.O.(;.N..=.G....t.o..y."6.:vfP.#. w..H......V...i.f.K.V2..a...$..L...@^13..G......z.~....t...L..3...(`.v.'..7..4...8...........%e...N4.0..2.|.0.6...M...}... R[Y.7<b..k5...:..f.j.q..;..K...#..y.+r..O....F......}.}.7}..../.$../.q.Gz....".T.\.n}i..Q..z.%....HJ......<..y.....8V.7.......j.A\....j...v...83.W.....^....V..OU.+.f......U.....w.?cb..|..Y.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\166__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1299
                Entropy (8bit):7.076998622429419
                Encrypted:false
                SSDEEP:
                MD5:A1FFF57A8DA711A3BC1564D13CCB548C
                SHA1:59447FB891D96AA572CD796480BA542F12269F2D
                SHA-256:8FF36FEF17636C6F204DFB53CFEC3EA0DC5C186F49CEF6776A590C19175D0028
                SHA-512:2DD4319DF522523AE526C4A5479112981B0262D9BE8D5D588CCE7856D3EEB9B4F3D525C729CBB9A1338817DB1488E0EB610447F3882999256422541225D21E16
                Malicious:false
                Preview:%q.[G[%^......6..2.<w<.#..;..).d....../U3....v1.[s...oqK_.G.gp...~.ue:....f..]..b[B..m5.....F.{....=.......k..{...)4.....Om.`..9..\.P|.g...+c.........J...o..A=.,.& ....N@..k...z..iGXw.$.Jt{.:.{...v..sJ"HQ!.h.^{t...5.f .....(.ry.y.+=F5..O...~.RG.. ....8k.......0(.s...S..=-9.l.1..;....8{....,../......>..(..b..{F.g.F.....v.A.]g.|......&....!...f........;h......t\K.S.!sr:.......Jf...o.P...z].........o.u..2w.u...lW8i..I0...`x.7.1.T.....".].,2q..:_...p.D.S..R..........(.N$I..T.7-.d+....0._.v..+=n=.w..'..Hp.....3.c.hJ.9.. ...9.&.......A1..=..\T..i....<*....`$.[l.....$......P....u.$tB...B"..D..b..N...",t..j....h..v...L5.X(LK>.....s<>.......d......d.y5.H..O^...!m..?D..[......Ti.ig.]....{..!.s..h...03..(.....*..3;.7...g.2Q..GaU...u.....S..T.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfcc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\167__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.91886414196598
                Encrypted:false
                SSDEEP:
                MD5:EAEC891C81EE7BCDD89EFFC3B7B069B5
                SHA1:DB5EBEC4068A357B959A2EC9DBEEFE4534D6D302
                SHA-256:6DF976DC8103A26F6FC05BA57D44F9B69B71150FD8D97F14C421C2322A51F35E
                SHA-512:C8BBEEDA6446F92FD34F17322791EB0BD7143F62DE18682EB1729CCAFDCF9F6F89901B192E478E878E33BF61A992A8D1DB1816F648CB8E5F73F84BC1F4A32FB6
                Malicious:false
                Preview:f!....[.Cd2.v.8..5.........iTC....v.. .].J....3h.E8.....2.k=..r*.!.6^....s.R..r.`.....j... ..^.5.. ..Zm..S...3...hM..C.7.Dw.....GM{b.. ..v..a.h..7w.G._..S.....g-..K ...9q...#..0@..."...P....1..5..b`.Y.y........0.....L...QP6..V5...u[*....#..E7.N.4..?..bf..U..-._.m..}.2....i6#L^..yh../..P*..>.]^..[......f:w.E>0Z.S...6.....wb.....z.Z.1/......[.*.<K.&M.1m..@>3Q....e...s}]e..........).`.....5...lA1~)....a....*.. cE...(...L.Q...-8/w...{...t@CM.....[.M..C)..|..j...l...)...S...L.....D|..V|d^.5c.H..-.@.H..;.h.)*...(N.Q.....j@"K..".....o..D.x.....f...~.|.Y..`m....R..R.GE.....g...M.Uu......b..q.kh..x.r....&...A.,...w...b..tZ..0........qA..M.7n.1p..K.)o.W!......knLKA....C...9f..I.D...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\168__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1223
                Entropy (8bit):6.944674151413503
                Encrypted:false
                SSDEEP:
                MD5:83A776A2DFAFC787F20E00E189468BCC
                SHA1:FC13B82E8A44135AA4C9C7B28035409929838FF0
                SHA-256:54AD0476A896CD2BE8D1CE168461AAB81F45D16D311611B8D71FF78E5BF8D0C9
                SHA-512:8D40AFD77992E495C0207A5B748A7F2D655BCAF5E66386E9B1387597A5FAC6EEBEDD2E80BD4BEB9FFB97588C2EC325E05EAF5F58F01064035D42A387759B1BF6
                Malicious:false
                Preview:.K......c.....~:.'... ^|9..H.O+.7.j.;..[..7.O......e.N.)*.y.r............I_i...a.....J<e..l.!k.B...=......r...B.`4.....0i..!q...`-.n..?.~..[.....4N..C0..y/..,.a..t.6`dYr..c!\Z..L......=gJ.. ..1.....E....`...U[..w.8.8.h......w.[EF......T..4d/...Q.{...6..T...=..t..C6|:R.z...........9...p#4..a.'S@.....,".kQ@..DDI\..y.J.7.7 M..+...CJ2...9.....,&S".|)\o..Wx...].{.6.J.-.*2...q...o....j..........x..S ...Ru=...P........<...xx ....& ....+I.3...,6...\3_.K0Eq.l..x.(...VNA.X. .?J...f.p.m.p..lC..8x..WY.u.............7=......a........]..Y...+.[..(x.1.&t.....{.....<..G..`,...Iz~...z\..nr..&:..z.......fBh.S .`m.....0....b...v~. .-.....,9...6..$.+..c=s.Eg...a..A..kW.....eL.4C..b;460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba360

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\169__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.9820558591817345
                Encrypted:false
                SSDEEP:
                MD5:0B5675E3F64870B467D8B6C3DB4422ED
                SHA1:699473CA7D1D72538DC1FFB127DF83F86FE43C6D
                SHA-256:FB546EFE6B9556A86B8F9EC1DABACE494142679D0E49E3382BB736BB8E1E4CF2
                SHA-512:7F5981FA14C3510227A72FF72FCC7B25332B1958146A1CA46298C9902C0BA6AF13D2C91A7B3523FD33409329E9AD48757D84EBB3D0D702579ACFEF8B6822E647
                Malicious:false
                Preview:8q8..h.',...Xv.....-..i........#........Z..H8......./.1......Kp.F......]...S..T....R..'..*G.HXSG&......jA. .Gav....e.P..c.R~....|%L...s\......8.......X.l%...L..@.9.XK~dU%..5.n.WH.k5.\..N./p.+L..V.I..|....y(...Jk.6`!6n{N.Z`..s.h.=O.X..0..jcv......[....+.-f./.<.......9..G.M\....6..(.d...d.*.... . ..m....H.g."......$ ~.-.......["..(..c.!..........U...0..j..-W..{.L.# C....|....po..L./.......X.H.3....l..L.$.s.7..M.V..)#.3.......tl..'o.^S.<}Y...gU=MO>....._....e.Y.+.?a..~..Q6i+..1\...F..ctM;.qg....I(.%.->....n...&L#..N.......ef.C........eO.^.^.B..K..j......V$/h2....Pg..!T;I....s....m4......y..xj.....F...@..c.a.Wp...w...N....|C;1......{p.G.e[.....*...L....LA.X.9}mZy....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\16__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):5573
                Entropy (8bit):7.888543550547297
                Encrypted:false
                SSDEEP:
                MD5:A03E40970FF4F76752AD3D3E6975419A
                SHA1:492AF16AA7EAA02D938779661F38A989E283A352
                SHA-256:2DDD5BAFB0F2D5C7CAA17E3834CC0C91083C7B3DA6F31CA9CD62EA428A782345
                SHA-512:F981CD268C61911BA024A0828122511B1E504020F35B095850F1FDF6924F2D703C03745F3E662F5BA8922EEBF7E5E3520A684D431AF0F30954488D3A7245827A
                Malicious:false
                Preview:u.c.T..I...#.znC.....1rH...7.oH.....0a.4...x...6l...w.g..a.q..[.N..?.M.9....*.t1.a..dd2.X.......@..a.u..u:P.Uy.4H.T.c.x...k..c.Z.P.9|..M..Xe..gK%.,e~>.....t,........Ev.. n#....0J.I..p........0.i.....G1..nl..;L....&.r^......x...W...._..@........V.f#.....q.s..~V....5$..F.......4..uJ...=......w..@....hC... w.u..8....;..P].m.....z.?..+.34u`v...~M."mU.../..8_t.FY44.Z.>..`...R.E.5.{.....PZ.[....i7qC$...... .*.3G....f.V7YE/..../tA.....l.......p.N....k!co......5..$/zx....9Ln.....i<p.&.6.G>..Z.....Y...g.).6..}.yGJ..3.BR.s..qi......fP.o..;.m.Se..Y..q..."...\).K...b.q.r..W.w...}.......D!.JGd>.JN[z..0m.i....?E....G.6b4.I.b....B..r3.|..."yf.zM...Pk.....VY..Ne.pk.7Rt........3.#..E..%..~...2......k....;...+.4n..?n...j....z......R.9...P|'...I..6......B......o...C..H].K..h.}w@...Gb.N.....F..Q....A.@...\.B.%(.w.)s....k^..69..p|...*..D..Nc.i......A.Cr..|(.....6..%S...Ed.939f...v.......L.../X3.c>.... .T...W..A...&.....y..M@bp........;f.....P.g.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\170__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1227
                Entropy (8bit):6.96627809869776
                Encrypted:false
                SSDEEP:
                MD5:31A4A52E7C0B853FA230EDCB9719CEF0
                SHA1:565E91549DE142F572C87EEB2703BBDED6BACD62
                SHA-256:505E9AE796DD810B783F9CC67EBA1C023D4A8EE8D705A6219E92DED4E8FA1A51
                SHA-512:56C1146C4768267EFF2B3DA0BD53EED7FF847AB5B0E1ABD82222063717AB91EC369D6EB8BDD3C132F4840E52DDA9FF71794D78AFC802174A75550A8ABE49E5E3
                Malicious:false
                Preview:}qM|`..5.k.......k..W?~o.k.w.<..@..8..v2.u...)*...3..s.qa.P{4....h..0.......c...\.`...!./qb./S..'x.MF..D..aD..uP..:.?.9.E.D........<p..<.k.g...s..h..i.@^..Q(.P.a.e..ti.j..n...o....]PM_.S...&.[...b*.. 9k..&....{2._1..F*4...,...-.O.].qI..5Qd..(......c.vNv&Q.../.^..'.T..0..*.#E.....(s.p.fN.......q...K`...aC..P..H......#...G.M./q..H.......uN..!.8..g";.....-...i.k..L#b_..8.......}.*........h...........H.....+Kb.u....Q..c....K.Ju...'.z.w.........4.(I..|.;.........?C.^5E......7iz.b..5%.h...+.g........R.?..6..oD...=.qw../.A.)...Z.......{../ ..j...]CFnD..~Z........7.m.}.:..A.T.U.l>...6...{.....U........\.+n9.x.-Q.p..'.7$.$T.e......O.a.2.>......f...i.1..$y.Y\.......#.G..v..Ylz..6v.W460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\171__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1381
                Entropy (8bit):7.101888767987767
                Encrypted:false
                SSDEEP:
                MD5:8B96F60664D5233E4B1A66AA78A38695
                SHA1:C9FD6621FD7356F2BF4F27199FDAB9A7F851CE67
                SHA-256:13699860C494EB2CE7EF092B9F5A345CBA035AA7EA426347FA28761397F10D07
                SHA-512:5DE74AB812429E71ADD518D19CAC0DA4F6C78BD5C38FD0A50D5CA9BCB026BE9877BF14A94A612AD254808819F7939B758925C9141E4B3C500E6F0A5F0CAB67F5
                Malicious:false
                Preview:.H0.9...$....ej..@.d.>....`..>}].4.'...d..<.".\.H.B...+.tq.tL.U.r..S...h.^...T..?..V......j}.(.-.*.H..@j^....#.%".D.N(W....O.....p..4....;.._.7..Q.j..j..L...o..l 1..F.....>.2.:.w....j*.>,....=..C@|l^..'K/|..o....|.t8h....P.2..VX...*...?cT.3.j.f..gv.W.9..s..`.wI~...].L..2z..Y..O..M`S.vs.....)=...".}....&0bs.G.b.f>.[..kj5...5...{..#.q._d.th.y....>.A.y..f..@.^f6br.2....<Q.9T..O..|......V{.aYv.S...L].:V`U.b6.....:........K.......).N..="..@,2<.a.......B..."v.....@Ws.PP.....o.h..>....a..5..?..4...#..hG..2j2r...9. T..fY6.g.b..?.~w_.q..jsi.{.z.uJ..c^B...V!.*.1.U.j.'...k..(.......Y."..b.."O.......V..a.4j.q...<....]....Z.C......d.g...ae;.hG.s.R8.../..,.WtQw|.%w.Vtq..*..}..6..\..PQ.]o...T..iV^q.p..;.8:$C...R.$..Rk...9......!.3.m}.cY....e.l.$..0W.HOaV%....T..!..&3D.9......p.....G7>.I....D.....R#.5...*\.E..9K...E.C.c+5m..Y=....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\172__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.68952426286794
                Encrypted:false
                SSDEEP:
                MD5:03CBA02E4A0CC016F9C532DD4AB6B350
                SHA1:8B3DC3A0B73D6AD5036AD51695CB868A1E1F386F
                SHA-256:D8E43530F31DA35A5D99ED490CFBF4E894EEDFB1C9AC064545D71DD0AAA0BF30
                SHA-512:C1E4BBBCAF0CAA4D072FF8023150769B7AEDA6DE8953CF3661EFB2142040E62E87E9E158B496453773F05EBA1215940BB657608E89ECAD18BC757658FF610BA1
                Malicious:false
                Preview:.y.l|...n.5..|ak..c..cr..F1./9B?......5....'`3].....Bq.aW..........o..?\i~v.W.J.....u....@..........&..x.ee.k...?..yU.7.B2'.{.....T.{..7W..eRg..KZ..^./7...E.x.$.$E..7T..OU...n.t.E..o.....r.c.....?....D.3A._Rz.`y0F..?........1.0_W.7\=..0.\v..0...L.e...(r......b.e....v.J...L>/{..f?...6..n....7d....54.[.G.......~.....L..[.......>d....$.M.9...$.+g.....Cj.v.{...........n74ix...6.z..Y!..`.P..b._..;......f....x%.3<......)..X..3V.d.h]...E(P...nbO.V"/j.[...._so...s.'.6..t.}.....R..RE.\..u Tp..k....;....7T.htCq.....|....8..."l....H.%.2p.o..:s460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\173__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6483278068697285
                Encrypted:false
                SSDEEP:
                MD5:4C442810115A38090A6738CBB55BC4A0
                SHA1:77258E9D943AAA0428F9C2CB326114A394D8A0DA
                SHA-256:BDF4626BDAAAFA6A40E552DCD6E5B747277F4BECC20BD481A7B94132ACAF1173
                SHA-512:3F734C81F4E50750FD322CEA5A94E828D9D3A20662A58837DF39F9C4C6069C211245849B856516D68D037C0ECF6BEEA035E5AECB9CAA42B17226D85F3F599150
                Malicious:false
                Preview:....^.C!..c@.5.b.....<..H..P.a........?..q*00..T...K\.m0b..OP.G..2.O.....:t..0...)YI...z.....6n*....Yd.IS.=..+..8..P..Z.>P......n.....D......'e.....7..aB6...S..i....NS/+..Q...#0qU......B..8J..a......?.N.....%.0.3..v.["....=.jFQ.P....^.........M.o#:%+yn.kb)....j...jL.y...".%z..3i.)2.G..P...@4w.....KrC..$.%.....@%....ei...p....H....-.!.@.........`..S.......t..>.`.$....i...))"f%..w9.y.....z..Lu......F....._...'{...;..T.....rI..........t#....~.B.=?S.h/.h.5..=.F;01}].j.7....w..... m..I....,..euXN....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\174__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.537566789659491
                Encrypted:false
                SSDEEP:
                MD5:4430528EA599E55FB260ECB9C6AEF868
                SHA1:6F89BAEE7F909017538FBF606392F4CE1983B7F1
                SHA-256:5DD5418A7F6C6679ECDCB71434BE56EE1E8363FBE4A683C597B11EF987129943
                SHA-512:54F5D22D78758095E5ADBBFE45BC27179DE9FB7890725771AD74489951D7E811AA6121FD4B721C3110A87B26760DBF7C4E0B48F93B34E8A09D5AFF61CC42D31F
                Malicious:false
                Preview:..Sn.....[|...Z...f..?.I..f.LT..'.\:.;CPL..PZ?d.:.f....q."..ko.w.$..kr{...CP%.&(.....((...%I......2.....AE"))...\...T..$.U'.,..ln.2.+..9..6....).fx..D.>.....Oy.]..........t..L.....>O.....sa..@._......B^}"1(.{+.O..o..F%..R.5.b..K.s'._.q.B.;.X`D.........]...08.y)....P..G.Ej..i.(....D#1P.....&Ue=.NV..c..O_.W@...K.........)bG.C.s.....u...........lD...^#.&. ...LSB.......j......2.ik+\..&...!J....'..]....I...;. ...v..}Y.g&A,.@460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\175__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1796
                Entropy (8bit):7.428746121956728
                Encrypted:false
                SSDEEP:
                MD5:3A346AD55D292F27C348312988720F0B
                SHA1:9704689498F0BD54EE446BE6CDC0C23B4475E921
                SHA-256:D831320814B7DC34FBC734514B316FBA027522796B24F75E0F45325712869E05
                SHA-512:0554B3D49C092ACA8F4BC33C171BC00BBA749DEB6E705D6994909C4ECA675BA5D0AD92B219BD89EE97BD2A02E152F100947E0C1B3DABFFA8A6DF85C729652006
                Malicious:false
                Preview:..4....U):....a.KP..1.a........$h..$'D. ...\.t..6.#..n.1k..eB(.0.;vQ..".....>1O..=.8mtpS*A.....g.7\{.6..(.=...#.......r.3h....s.........UG.F.p.....}.,,.B...y.....R........1...?;[.V..z.c./.|.U.h.....9.e<?..:2.E...B?";@..].....n.../........T....@......E9|.r......V.#...Pn...{]n...A.3....|..4...z.g@..z.@].\PwsV._.zCz..O[.......F..+ .E.V.. .....A........I.Y?..#Y.!..F.....)!.x..h..}L.9).......]\iJ.....aF..nn7..[...n?.......l.....(X1.S..0.9.........K.g.V...Z..+.^....V........~...w......^..(C*.D..{d..6..t....vuu...M..B..?...c.'..H...\D.lu.....V$@.....B.wCs].'.....y.......[..`...........0J)....=R.....]...p..x..~...iG..3..`b..,hg...^......C...u.s..8....o.....0....[.........T.$.........iQy.0.0.&G...`..72.m..dMP...x7.}.'.`./...`.T.6.......6....b.U`..#y'.....W.Q.......70....+.j...W.3B...b..Zi?.ZD...LW...U}.#>.vD..hd-1x..!.../.x)..>\K4....t....vI....!.D...0..J..&.TW.65..u..pwVg..V..*.;0.J.?1)<.....T.....1.<j.......ah_..n..EPht...B......

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\176__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.745228624583423
                Encrypted:false
                SSDEEP:
                MD5:0072BD2F32E505C59DC78D64FA97F587
                SHA1:1E115AEC176E2F1DB7544139C815797757A4AAFD
                SHA-256:77F7AEE7954C8D9B8B9C0E8E36512B3E2C7763D60D136EF0F9CFD3DACCE71AFC
                SHA-512:859DF92BB60EB1F4657DE315719DFF4A2F7CA5C769E171D8BE6182E48739AFDCF44155F893BC240EB39B69888630E922F00FF5A465151E87CCFF37D93C0ABEC3
                Malicious:false
                Preview:\<.|.8v...!W. ...!.......L.&...t.HM..\....'.?o{un.V1.L..u.h.....M."I.!.h..!)%..:..]&.R..I....<D..Y..b......DdC.g...Y...y.....s[|M .8K....H.G...}G.."&.3..r.t....t.$.#I......XBgf.bUp..A]....)<..=...\..xtu<Z..H....(.....XI8....5.w2.....&..Ws`.{.U8$G....).E:.`G._..(q.2.e...a8y.[..}>H...\...5..}^...TA.....u.3.(.`...(_..o*T7..q9.B(..L.i..N}.>.&3m........Pqt..=.M/...?BU..l}...;..s.U<./1....5zh2<b8y8H........m..h...4.OO*v..4d..L;...\..SS.XS.[.~...7c..m.(...M..\.T...(.8..2.D(.....~K..p...`1...~&T..&v.V.z.....!]..,.\^}...P[..%._S{...]-...hZ$.5..t..//.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\177__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.66692788762564
                Encrypted:false
                SSDEEP:
                MD5:4239F49DF552BD1C5168C197454C0ECE
                SHA1:2A16B6BCB7C940C2F832A5A42981EF1905C8955E
                SHA-256:40B09B01BBFD07FB07AF4236779E33471BCB40DADD1C204D4D4ED6B1699BFDDD
                SHA-512:36EBAFAE992AAEFDBA4618DA649F6C1CC7C189BF7E7A403ED5886D805B65F9F0A13C107FF8467FD475CD06E29FCADA58CE40D291654F492548A17944C6F77078
                Malicious:false
                Preview:.t....]..m.....8w..!Z..I..l.T....N]G.J.,...x...x.y.g.M^3.+.J....|...E..x`.0.nW%.T.d........t..{..k..d..b...:|.;..}?.W[..&]4sj...Z#37/@-.F.h.l....g.p...........+.?8..&........Y..:w..KHX...':...E..|<....E...1y..e..c.w&...".r......T..!$...T,....z...s....nAOcVIzC.......{..^H0.....[.P...0YG....Z.......4.#.........v.(...5...)..?.Bn.RG.'.3.X..<{l.,OK.+.g.+..s[...b27.<E.q...Re.;.3.vp."+....t.^.mHs....x.t.R."..g+.PX>.T....^N.jS......zw.63.Lk. .;@.+..e......v.f..X.k.p....'..2j..'(..P.>....S.....o....+460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\178__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.439556416694731
                Encrypted:false
                SSDEEP:
                MD5:96259AAA6DF2486A17A12B03A8D349C1
                SHA1:6BDCCBCA67A55BAAF091A103BF7A43C8EF97E955
                SHA-256:65E52DBFFF4E7180F0DFF6D7ECBC9BFEA30FF04C14C335D5056DFAD7C7747B83
                SHA-512:AF86114163462AF2133E48ED76BBA4962ABAC46B492547B6C7CB7D876F8AACFFB651F00AE760D939EC6B0B66F7F2D27F3DEE12BDFE0A1490A3A2D3EFDCBD9CB2
                Malicious:false
                Preview:...R.d.GcZ.,O..A........`...H.?..B..1.b.76..K...*.^U\....UC.H.........2._2E_.i%7.d_#e.....~._R.....e.b..J.E.@....u.W....+.zGbD.q.!"....1.3....8.N..Jt1...&I.s.u-.........._.0..^:u. ..~..2..n.x.P...../..j..-..=H..._.E...@VjZ......e..m.).hJv..5.>.+.G4_.j....!.dA....1.,...7.`.1J.......H...3T........~G..2f...o.|t..U;;J.E.U......GE.#.@.l."-...X."4...g...iq..-8`.x.%1..)NYg+S).W.Ad.AC....c...dVJ5..4K..d..@o.`.r.......q...1<l...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\179__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.974709412073029
                Encrypted:false
                SSDEEP:
                MD5:26FDD1D08027748BA9ADE156C0783D39
                SHA1:658E183FC96214CD399364B4FBF9B25AA0695796
                SHA-256:23358B779E2745BD7FA10C7D67DE3DE8EA673EBFC9543469D955984A3B7E5428
                SHA-512:BB2260C467FC4A4D35166696ADDFFEC896BD2E47A8D623729F4FA1C7047148CB0A0F62398ADC0687A459595B6FFAB881EEF1B2671F327F3E775509028EC22E34
                Malicious:false
                Preview:7.Db....G;...CU.q).....M...#9.\ .s...U.38.y...:.!p..\RAsO.@.ie3zS?(l./.uM-Q..u......R.O.'..h....H.)......_F.....&...H..3...ge.W.I.....D..b.J>..P..Q.l..p..a..N.......AF.eY...k....t.0&......_o/....5.D....J....].....:.U].O$.,.U\h..K.{.,...}......v_Sc7.^.\..3.N...z.l... htok...#...g./r.c.Fd.(."......TB...o+J.+.x*..ZX.. .)..*......G:t.5/...X..y..rw..M.]....QY.k..A.,V........).q..3.;...cf,&.+>.#.*........`...Q)=8...7<_x3.:2..U..`Y..4.+X.N=..AN.D..F.w.P....=&{...;..i;.."..>.......=......R..9.k....\^.'...(.t.M..B<..q.{KU...)C..d..V.CJF.......&..b-l.8n.Z...p.ws....\....v..x...x.~..F`..3..A...Mhs#.........)_.M...]...{.4YF.n..@.m..H.>..U.bx...%.....#c.H.xcCa.......lA.%..........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\17__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1236
                Entropy (8bit):6.973649054215481
                Encrypted:false
                SSDEEP:
                MD5:4F9570C432C7E8E107012CB74EF656BA
                SHA1:E70A07D228960650E6A9AAE2EF83EF191A6816D1
                SHA-256:351C586CD940926655D83296AA98CABE62137692E6D739C17B7AE6F26E12440D
                SHA-512:B8E9A615C076E924BD7A93CB8DA85D9C2EBD73D987DBAACAF0631DE073180096B816B791DCB6892FF179387542933388BBDB33895837217F8EB57F3126901A82
                Malicious:false
                Preview:uf....G......|....^..........@..^.Y1d..e.7..R..5z)(...Z.(AWC.......>..--_*.^sd5z...j|...<W..w....k..vs...U...b^.F;t%..uO.....O0...2rq.K...F.....b.U.6t.b.?.8.}..*f.n...qa3..A...NH6....2O!x.^^.f4$..j......(..C./.<.i......+v.&........q.`v{.I..../3@.nl.Y..d...-..K..V.B.8d.....-..5..Zf.'p.....w;..\..T../..T}....zt*.r...5.R...!.'.x..~..`(.e~..i-.lF6gK.....}....\.......A)u".ka../.!.ng.d~.ep].fT.}WJ..B.F...fs...U.....ko.U...h....P..,V.....L..8^...V.Y.....FB@.[.....u. 1GZ.T;..O...m.Gn6].^P.{.p...L?.m3l..C..V....?.h.< G.,...a.@~........(...J.=.1&.t...1....|.o.Z).n...8w.....S....;.5Z.:......#.n....m.M.CG}. .(L.........PFa..g..Y.K_.....<...cr.....5rE.....x.....q$....r(9..`(>-G4..,.#..G.#.Q.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2fe

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\180__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):6.973733516619745
                Encrypted:false
                SSDEEP:
                MD5:2B70712CF2E8267AF74D7024C30903C0
                SHA1:77C250C3009522B33591845AAB3AF10DA6930E2B
                SHA-256:D59CBA9282AF8F15649528005EF0884CB1D455DB1781688345F8967D82A2DB18
                SHA-512:93D924327D073406E90E35EBAB7BFD70C854585F7887AE3655183C6CD3D83B887F04249F00AB5EAEA8FA665A98BB4B8929D2E7D003E2513E9B33AEEE0DC54545
                Malicious:false
                Preview:}..H..A..........KMK..\<u.3!7)(.2.b..\..J..]..9.0.!k..0.X.z...\.l....k(...wq.%..Y.3.+..\.Y_.aS.S....3.!>.+.'....4.K.A.l.^..N.p..Jh..H.R..|....i....1...v.@...toJB....Z;...Nr~.y..v.T..i?=.X-.......=V[.J..U.J..eH.J."Y.|q.&.h.Z.E..........Y..j2....H...H..z.....af.<X........s...~..9..).....@......S...&..#....%.......m.....yfZ...M^l....... ..X..c.H..2o..i...q.........s.......%...8.[.@...8q..C.q.G..a[...N.UWi..%...A...=B.n..}j...a.V.y0.+.[..zG!.._^.u..&...@..@S...1..0..E..*...W.........<...0.G'Q$.\.....Jy.c$....V...@<......J.g...=:...3..iz..h C.....M.5P$...6C.m3zo....fy...........k..g..3......X.....Pk09.>.....p..$K.........;l0.=..C6.8..f!2Y....N.~=.Rl.Ol..V.....Wf...v..&..9.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\181__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1162
                Entropy (8bit):6.813139143210605
                Encrypted:false
                SSDEEP:
                MD5:91C2F81371825CA3CC106006CEE9EFFA
                SHA1:EEBAAD136898B4FAF672F2CB99FA6337A40A5673
                SHA-256:8AC9D5833158229D4C828A7A33C36D7EA09C667E3CB7D6028038D287ABE52419
                SHA-512:5B3FF3CD03E9C88644DEB9DFBFB0933B03DCD9630699040E2573A6906074A21C45C5851A65F14014A07863390524CAB2CF21821628F856C715978871988D4E4A
                Malicious:false
                Preview:/8a..o...?8.r.l....~X.j..w..!..M.&.....f....x........O...$.+..f..e....v...hX.Q%.A.J...c.F...R..4....m6.DN.+..0.F'B_.U....=_... Y.........F3:e.4v..].Y..f[O..F...=.#.FnG....{..mh...;.xG.*.|#~..y........h.. . ).=..'.|..v.&..T..^T8....';...S.X..6...4.,.....{....B.L.7.k..=Y..[.Zi>.G2..?..z.X....u..=..Xu J= B..R..B.bz.@...{743?..)4.....*6.?...=......=../S0....?_..m'_..'Q..>.~b.i..xZ:N....@.....k...X....H..l.x.w..x..6Y?.f.@.:...;._%.D......8.kb............\..Y....a.|).u...8a5..?.:..+!..`..U9.p.+..#.....K\....7~.cv..1g.(Fr].I. e..K.".Te2.c..Q.......Z.R....~XT.....JL.Zq...!...J.....J...N.cU...?.=2.x.N..T..Vfb.9.h.\..y."aG.c.P.slx460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\182__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1786
                Entropy (8bit):7.442937925778449
                Encrypted:false
                SSDEEP:
                MD5:7237D8A40420068880B618D122D93EE7
                SHA1:DD60CC3CF5BAD52A493A34A179596630C05651F2
                SHA-256:3D50F7D66D1BF27593D792C2D93E0B7A4C990D1A3FE661803541EE71374361D5
                SHA-512:E4B1889A83041B8C36C4E7795DF47FCC69EAD80C47707444266F38FA061E13D28FA9EEFB25D069EFBA918F445DE07F2349506C2B57131FF9F5BBE70AB2E04B14
                Malicious:false
                Preview:Z|...T.[..R.. \:1...`..x...i~.[.d/...x...6..{...y...1...^.a.\OU.........7......Q..pfY."vnx...Vf..B.>>>..).?.B.t......O.S...g...?.$^rT....4..;~.H....<&.<...|.o.Z....;...W.=...xb...w(..k....W.|4]&?..^V;......0..1...>...|..h....H....%X...P..~@.8Xm....u...X..;.#.6k...S.&.cm.gd...Tb..a..F.c..5@.&.Ly.).>+.....d.'.H.?...?...u....G)/.'..ZZO...&.)#W.\5...w.vH...."..D....4.C...r.R7.....{.Yt.42.\...C._.g.7v...N.OY.$it....#.2r.Z.&.Q.1....S........x.....m.Av.;..G.<../D.bX...!...g.........`.....2.|.3f.h.<.2....0.....W*}U.c..!. ...;..H+...tM.Z.p.~.V=R...%.}..ZkoV..hjT5. ...XE:..Q@..!K.....^...:...m..SY...J.x"............./..0..8..bl....b.}{..>..J...r..k1_..+[....&...I..kK0..?...KH..T*...........m..l.Z.'.h.4p9...{..<1i....m...v. .Zz.....2%.L.{.. .] IV.`.>..ID.......ne.F..._.O...].ly.th.e}.3..F[.!...O.....,..52...}_!A..d"CL..`..H"......)...YM...*.B...OqZ+....../3.+.....x..._pJ.F)1.&*\....y..(.....|...rJ...aD......h..u; .z..U....F..m....bh....S@y9....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\183__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.728602000296186
                Encrypted:false
                SSDEEP:
                MD5:AC0FB026D8087C0D73D653A906042E62
                SHA1:2C7183F0C43DDF6CFF9DC20AAB73CCBE13CA1C63
                SHA-256:EB5B1F8AB83073523BC0AA9336BB1A6A802EA77E2DA6F7149E8D88F139ECCABB
                SHA-512:A01D96E770BEBB4B15B766C743FF416EEB2BC77DF6D3BFA652451516274D8B6B6F9E195CBF154052F55F269EB585406B9374676EF063029625459208CEC18E43
                Malicious:false
                Preview:.k~...0..J.\[d.N.]...v..kV.g.&..G...].O.z.V..*..6.d...?!.X.C26.E?.e..|f..M..p.69:{.!.......l.Q.O$...;.p.q..$...>.L......{.#5..L.v.k?...!..L..L. ...5.+..09m)........S[vl.. .!..y....o....`.f...c.Q.I..,...2].b...A..y.t~...o2..ba.}W.KT.Gea!.VX.%H..`zjz.v.`...l......X;..?.TK.^..>..sg.....7...$.-....W ..wXr`r..T........../g.RoU......y...B.,.2..X.hKd..f>..*..q.X............/....)!)...+.w....)S.7.:...M.W..m.....oJ.kM..K.+.\\.\.6A.)<#.o..K./..O..C1?q...... .5cO$.Xc./.f:..Zj.izp.U.5.U......}$.....z7X&....u.S....N.B.......0&)....~.^6(....l+....w....B..f*.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\184__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.643070001670121
                Encrypted:false
                SSDEEP:
                MD5:D61FBB964D33CA5A8BBB630FADDB80C2
                SHA1:7C462907CFAE9458199CA7B5323E4AB4DB475BDC
                SHA-256:9103572FBB7C4D6E89378098B8C4110AC222D9A5A3901215610860E186EF0057
                SHA-512:10C0BC2C217008818F8135C2A05587FCC58578C522CB79A8293CC2D3A265EE9EF31902426F9D2BCC937999FC9D3266FCB5B87BDD1625A5317B901ECC0E9344D1
                Malicious:false
                Preview:H&.2..J..|..spt., vh:...s.U..eQ...^P.0.m....c01..y.Jtd..ik.'.}....I.A8..1u......%T..Ny....R....._M..a6:...D9}......EV.d.......A..Y.v.../.|...oY..R!Cz..-..[cG.k.U.%.i5..'...f.....(zI.J...l. .R.]y..cn/......74..[..=L.a..l....'.`&\#h.....|........c..@om\M.D4.9b.R&.*LI.X6Y...e....2H..^...\~.;.$.>.2w2|J.}.8.5.>e#jR...Y..C..#T...h$y.6..:G...57St...j]...H>.MQ.3..x.v.WsED+d...K.....E.z..>..f...e...?....Z..{@.~...~.*Y[fq..;c .f.R....?....@.O.GHC(....p.DK..I......*...`I..K..F-.....Q...**...?.|..I.......:|....<.s7.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\185__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.501227732413883
                Encrypted:false
                SSDEEP:
                MD5:60BA660102DC7BF91DEDFD6138755BCD
                SHA1:C7C49B873103F846D67437D40594A050F3A0179C
                SHA-256:43FD266A6C0C206F7BA1053BA42A82A85F8CF0184AD291DC14CAD249E4ED82C0
                SHA-512:F594B813FC0CE3ADA97E5A1D5837B4F99A66BBB7A028BADCA905115972090F0C8CF0C6399C07DB0DB4BF9401724561DBC7CADC7118226FAE70FF15DDBF9A7564
                Malicious:false
                Preview:..ZM..ax.O.N..|D.Z..'mu=.".< ..9...c"..>pRY....8..t)..V..u..#...U.j..s.d.......=.`.x0a1e.L.........[E.%..).u..i.T......y......0...\..In...u......l.t.~..^.Rq.Q......]#..?4?.V.....tov9.s...p.EZM....(..q.aCL.\BT...P_.....~wBj.O.&.I.....l.2.gQ....-._KLU...L.s......U.+.a.P.".6.....O.r..+.M.t.....1:..@7...N.5."y..jJp..&X.\r..r..R.O.j,t.|s2.)*..9.8&.p.L.$.(..H..w.z@...........|>U...ol..{.."~.4..j........3.2.i...S...Z.T.q.....?..!.q.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\186__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1809
                Entropy (8bit):7.447002943738931
                Encrypted:false
                SSDEEP:
                MD5:8E46727A8A513AA1CE79B0A56C962E1F
                SHA1:337C5667ACAD4B98036C0422CFD84FB0C349229C
                SHA-256:32B5D8AB4F0181D2540CA4949B30FE18CCCF3F1BD42D8929A1EA40F3A2E7C400
                SHA-512:912ECAB569FBFDF7E329FCBC641B5D2CE0EF0583881BA40EF5213804704038D94BAB850EB1D4B0B6C5F931CC915AF905D26CEDE20FB5C6B5EAA262F56B84EC0A
                Malicious:false
                Preview:.HE...[..n.... V.....H.a.bU.....f......X.P..:..<d....o.%.a....B..Id.WH..o...Ty....}0.`.ke!....m..2o.-.0.'.o...../...A.....{.J..(.m7.O..+.[TO.A.._0E.L..-V6...rf.L..`.t.c.........1.|.>^R..b.&..,..J:..s....zB..b!oj...O......S..F!.mu.D..T....n....Xd<....XO...R.(ln9kV...#.0..f......l)..5.c<...p...K.....>.Q .C.1zdzH..C....z......../...qn.q.i..........b..$.#..zi...;..U#R\N}.6Te[.....^....`....i%w.....E..d..q.r...=.i.|E..~.8/../.A>\.!03gR.......s.lPj.p/.a.{.. .....g(.[.P...<.P...I/..j.u..F...)..N6.).....J..[./.^.Os.L........e.......`...sZ%.=.......B.RA.......L...}....*..E.C.......x.....Dck.....f\^.R.8..sfZU.'[>..p..O..S.....H....V.Y..O.....2...gvTu...f.......|...~4I..e...i.=.|..o....g.&.g)...bu..j.!...#......~.....F..$.=^+.q^.... .-..t..:b..}.) _Cnq&4.v.b.....\.|..S...u.:.X.bv.D7....HW.....2...o!...$....mZz?..Vz.h....N.7....).......h...Q.C=...?p"U./....Z{....w....-w.["....Y.t(Q...mr...=.\..{.,../...aQ....r\....E.y.:.T..sr.wGv..s7..T.j..\E..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\187__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.040017224523239
                Encrypted:false
                SSDEEP:
                MD5:EE4026A64948779F8B5BE23BC1B6C519
                SHA1:C01C8441AECB0E1D7B13FAE089606A27011A9F7E
                SHA-256:3F2A24D668BC19AB0C80CD0160260302CCF5A4E8039481C52AE2A2CF0C490A50
                SHA-512:8ECC5D652E0FDBE59611F2A7906F43AA1C50FF434D00A534091CD6C6FAF0196C199410DE2D437AE2D1FF503F7D092B36B4F1065F18524033E07A1E1A1E81C5F0
                Malicious:false
                Preview:......@^..N..l.......3I^.n..Y}..)V..^.#..*..K.kd.2.;.....3.O.......-01/I&.3...'..lf.6.p......R.sJvx..&,..!W......,.k.h....K.Y../%G....T.B..2........1.F,...H.Z.&Tj|.R.....>7.WP7.....D.2.Q.#K3]..T...e._A..0k.....*....hqo]..:....2<.".b..g.X..&........1......6,|t....r..bh/E....n~|...n.>|O460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\188__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1369
                Entropy (8bit):7.124977432302435
                Encrypted:false
                SSDEEP:
                MD5:D5ED355012836B3A018095EF613D444E
                SHA1:B5B0B06064D974199EF9F8C6331C98A290DE122F
                SHA-256:99D79AF00FEC9E7D847C2C5F73CF89FBF4A5A78EB60E13E922093007500B4F51
                SHA-512:3B34BA814F34A4FC8518A3D4DBE373A0D441B24E9AF64765170000A5A77C428E62A0736B482132B74E0A47EE3852F5C9D31037659B99EFC15BFF0A8D115A4444
                Malicious:false
                Preview:........U.,...j.....%...z../UU.[.*K..6.~........Q...SZ.n..'......5.P.....d......#...r.........Z.L..t.=,..W"......5.|.k.y./..Aq..u.....R....=qQpz`..u[.q...6..c.5....q..d.......3......W..!$wA..s.*<p^.E..xr?.M..|..6h...4..,..._....$.9|p.X.RsVd.....-...u..R.G."J....].%@.](e...3.......p.`....|.MB.(|...@.mg..:........i...'....n..1|H...*.cm.....w'w..3=9 .!..K....rv".....{...Bt...9|..-j#.~.S.D..u..o:.\Z2.V.9.V...Pk.P.O...y....k... y.....t.4..Fs..p..j#......{....YZR.....&.a....)...MjH>.j...u.4.H....\&PBff.<O.we.d..Q...d/K..U.B...O....._$...k~....W...MEj.48......^...W=..0c.....p.5.k=...Y.......GJ..v..d+)M.....q)F.q.8.2.../s...esp....p\....@....(B.l@.;F.oZW..pp>..bU..GG..R....k..T..*6G..r..@~...As..o."..u_...=..9..`vE..7...|..h4#N.|.j....G).:.b22.{...U..+p.,..+eE...A......|L..).`...]8*..0k.P.w..gi...Z.0?...qc...|_.R..|..z.)O)...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd02

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\189__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1701
                Entropy (8bit):7.415982014583895
                Encrypted:false
                SSDEEP:
                MD5:2F9E995981B015EA126B7A97AA78461A
                SHA1:5F31126DDF5C51184CC9F121287D618B524225FF
                SHA-256:CBAC54111543737F9D3F5776374D5DBCDA3BE384A23173B292FDB0AF690A4A61
                SHA-512:0901CF557743E06E8BA8676E1AC1A611C6A9DA8289B7F14E57FF2B3FC50BBC316473BFFA7D3BD02D37A83B3033C550C381BA91A90706A117A99C2AEE9A154368
                Malicious:false
                Preview:.I. .=..;.7.m.....gGc.cX.Y....).`...~RD5,..^.|...zr........Z.&.q.V...u...{^55..Tc.%.....E...H4...s?.......:..V\.M}.x.J.fD...&n.fV.\..K.j.U...t@.H/.BXx..D$.N.o.v..gv.JEhU.y.5..v<}.%.......%aI.+....Q..c`zP..IV<....)./.?&..#.O..~W...)\1x.i....FY..Y.YqS..+.t..5.N..lV..s...;h.9...E$?U.....k..A...._..vi.E.)"...7.r...N.u.Z.[...t[.P.J....;......<=.q.....f"..do..DC..:...q..i.)#=\.f...s.y..J.....b.).I..RqZ......Q....e.T..yO.3....G6Ys[.wg....i,..d..xS..".T.......H..B.h. ...E.,E...%.........pKh....=}.....,.p.z[.......^..-.=.c...H..3.Z...U...J?...#.a'c..1.}.s..'.U..,.2w..C?.:k.SIaY.^...cC..I>B.h..<F.).@.....)Kf....`.t.R..:...4]E&_..s?./n].i.q.B.....l.$6.......9.....v#Z..>.......m..X)..b.....`.XMm."...z......Y..i...n..x.........6...H>(6l.p..#.V.'.!./.......L..^.....Zk.G..:..A..7$ .C%3..>)..60...&.C|....c..;...?.l..t.....v......._.j,..._.Y.........}...g.&h.$..)..|...4..h....\..r.!c.d.`.p..d..y..U#..m:K...E...2.J...X..l._....P,/...!'s...j..k...Q.1aEO..+.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\18__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.978782331581287
                Encrypted:false
                SSDEEP:
                MD5:25EA40DD1D7F0CB2C8B8AC1DFFC020C2
                SHA1:864C9344CA8BBCB9AB39F656F0CD9788233EEC7A
                SHA-256:76FC164BF2E8DB43D99F4D9D00185E710039D7FBA1816DEC9D21FB88AEA18022
                SHA-512:D4456E2EBBA8CB57DC19A254F2A583B11EA2F7EDD8C8D19EE13DFF9282ADE767611506AB14B881A32150FF3C3BB447CF51C4C6AE849AAA9CC4E667C0188C1D29
                Malicious:false
                Preview:4.6..S..V..<..{.=..'..A.,.U....(.:..y...<..5.2...6.f5.h........K .z.T.m........Ay..1.%.`I...(.,v.QB.8.....6...KN...aC..5.....!....../D[nZ....,.8u.r%i.).L.w.yi..<.\...'}y.o............B].<..%..x]..8T...7..t.!Z%X.j..p9X&..J..1.%..C`.....XK..!..C=..T.G.-.*...&'L.7.r'..`.k.X.u...o_a.&.`.s..j..>..Km.`#C..3.R....K.%X...$.......g......r......W6.p'l..mM......,;.....V<~.....>w.6......6.#.njM5.J....u._..J...JcE.%(.,..oT.W../......A...S.P.i....By0..........F:...^..4..jO.</*^.,......#.;..p.P..Z..,.pP.20.U.'.)...5...(..&.X.(L...3i.2.|.!.<\M~.F...0.0..M...N0.b.H.....T.=....s..G......!..+.fE*...6.w2.K.....#.u.*@}.>/......K..E..|.U~......$.x.K.WX...Y.5|.Z_...e.e$.N..x..-.E..C..Bm.8460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\190__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1247
                Entropy (8bit):6.974874886735338
                Encrypted:false
                SSDEEP:
                MD5:F724775A9E3B94D7D6FC96ACD15A57CF
                SHA1:C5358981E2ED01EC45FF5DC2261BB03A95032DD9
                SHA-256:44DFEC7E871C6D877A866C6DF73D6126F008920D1070F5496AADB5EAC9D8ABCE
                SHA-512:C318F97A82EC852C0FDB2F4A0D591656DA649E07934F2320CEA8BD49BE55BF8D64FD4B5BD400D8D7999EF0F464BE3B2F2FA10AF56788BC2C93945AA3D7E62D3C
                Malicious:false
                Preview:.B.FVW........l7H....O.<......i.........'\....'B.8.(J..8.j.....[.F..A...~....6.>...},#.]..o.O..%....(.}....3X..S../..Q...S..(.a^^<.E}.z'..U....$.._....j600.<B..8Xt,...=.......U......2...+{6CF....~]:V.z.NzB.Q.....o..".F!..-.Nr.....XX?...]...".9..L;..<..Ip........n.!.B.1@...{t...8.K.......{....5.t.pn..ud.+K....;#....x......Zd.....;.}...Xo-...Q....d.@..N.,..>..?w..]&:J.....R..cBc.z#g.m._.=3.... ......#../.f.1.|."...d.Q.jGK}.....|..,....8..r......:,..j....@.....-.\;.B.q..b.b.....<...^..A.D...s.+..\9...,..^6:x.f.1.)..t...U.`......=_...k<.........%....&^.8.*.p.J%s.@P.'..d...U^..O...6...l=.g...u..!.z..z.VA.].~...b..".?......1*....v1}........(q..Mm...0........[...`...BY..$..3,.'.c.]..p..ab.J5...C460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\191__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1645
                Entropy (8bit):7.35298691801486
                Encrypted:false
                SSDEEP:
                MD5:5045DAC124BC815C1E4373E420CCDF35
                SHA1:35D4F050933CFBCE1988F1CC967B80A8525325B6
                SHA-256:0C8F2F339536CD6D37E98E2E50EB6E41CB4B63062D0F3DCE9AE18691D0187B23
                SHA-512:6B7D05A937D2755EFD72378A5323531BAC8C6A09E6550E8DB3CB984DC8F193D6D26F6C4D92C3223310819ACFD309CD86D94BC4C7223C9974C90CA5571722C2E2
                Malicious:false
                Preview:.m}/.+*....acE...~WQ.......H/"...h..O...y..jtd.z.Aq..M....'....?..e.j5'.o!1uq......3.?..Z.K.F......"&..`.K..S.r^.....v.-.J...GJ...;zc-..)...,..$-.(.o.,W....D.a.k...n..M..q...}...as....]._p..?N.......]..l."a1...mWm-8s.......9..c.*.{@..]..C....C.p..7.oT...So...$k....?....^...s.taXO...G.x.....S..@.T...d.v..%..........|.....K..d4.~.iB.......=n1.b(J1\...6i....'..h.Z;.Zf<Q....Y.6...G....-..qf..e..*2*.v..L2..C..q.-..~.O.>R....)..6,.&Xy6.. .......B.....O...&...]....&..`w0..F.F......Z..a...~?..?..$....y.....1. ....c%.[...d=1vNj.v.......x.../......G....!.,A;YD....{.......y.eY..B....VL........*r...a..JfJ.H.Y...l....|..:........._$....^N.BL...>~....+....f....[Ia.2...,.X...p.."...9_...>.y......>.N.%....u...vn.A~?. ..C.a...,U..q.bx...w...G....W.+*U.'.....#.De........|_&.R7h...A...s. 4.)..v-DP..2....Y\01kb......?ZR....r.}..c.....].....C.h.k<.......,...K.iW.Q.p9..|.^U.BE(Z.].<8..{.j.5+a...p.....^..b/Q..4...Or....]...d....+1~C....,.Gp..K.J.D+...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\192__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1763
                Entropy (8bit):7.413188916942188
                Encrypted:false
                SSDEEP:
                MD5:CFC87BEA019C9F6A7F870873F33F6473
                SHA1:513DCA5739D16174C9CE1D13553E67EFF55AC554
                SHA-256:7EFE954FA2D10B0160C097AD6A54C318B44ABAD42FC028A47FA541719B96DEF3
                SHA-512:851CCBCB54156D6044D6693A3291FB9392D69705D360036D207380A0B17A5840FF9629B7CAF79EE120A0A634F022B11F45FF67159A00BDE17C0F8D3FC4206C95
                Malicious:false
                Preview:.>.I.......i~...,..t2.\.!|.BX..Z.. k.0.....w.....Z..w.m.7W..9....y.....O.2.....8.....$k. L'.`.....S..c?D..a..S..^......,,.~c.S..SR2./........>.......cQ..Ld..t.=...coe..L_E5..J.V=.....l{V...(S.(...k=.........m N..!g..v.b......4.Q.V.X..Q0..UkG$.....i......6.f..S...t~Vw."T..q...~*Y-...?....O......g.3.~f....%......J/..?......V.h.....I.7g.g..jd...%....'.sJ..p.^...*.."..D.Y.....X.....j.j.68..+=...A..m..F.V~....m/..P..78....(...s....U..pB......Dni..l....6oq....+G.Zwm%...W=..}..m.PIj$;.T...t.MH.T. l.|....S...LJ....].'..~..op..1.............Q....9]b...d.M..F...tB.~cf....O....R.N..+w..+*E..'...]L.p.A.TcQ.-..4.g..../@..06....D.(!aE....7;./.G..............VB.`...p$.A.I.:X.#.8Q..y.....G|.i...b...\A.I@#...l..tr..5...H..G@...."HR\..[.F..}..(....."..Z.]... ..r./n......$.T....K..nV.P...M....3_.....3.6[....$..Sy.i.z.+W.]..f,...X@`..=..<.[.C...dQ.....7&...B.(...c..._.px+.8j.h..m.!..~.'....G...........h._m..G.6.M.C#T.*=...7.(e.]..3.....8............V}

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\193__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1643
                Entropy (8bit):7.3252326391122
                Encrypted:false
                SSDEEP:
                MD5:9526C5F31D7C51AF06E7108147F4FFEA
                SHA1:01CA892303F282877EA8EF715E7448434389F24E
                SHA-256:426D23D430755272982752922B9E327E38B7E4329AAE1B13E85C90B61F70525F
                SHA-512:1207B2C281E30854F570E0AB7BA08A99962AA04AE9387B12C113FD4494B0008B8950BB26B4BC99609D7E8D41143BE1812EFE4B8CA6424275B936F8AD2AAF3375
                Malicious:false
                Preview:..H.Gi.;.k8e...?2../..@.....6z...Wx.\.U$.(&a.3.ck....[.(.......&w....6.....P.{Lq,+O......>.q.5.,.....KCx.?...... _...9.}{.#5....;.G..`..j........N.0..E....._3..Q.......k|9.U..=..R7.;;n...xTa4../O.f..c.(..I.d.7..d..*.|2I..a*4.}b..g.<...%...(.....0F...*.f..+.`..:p..o.....3...>...-.(..Z.h..<..2I..M.JB_.c.oj...N..c..V.....9.v!.S.g.......L......H.:.B........L.0p...,..J..$.-.d....7V.%Y....".T7......=..X4 .......Z.....Q^J.x.$.)..M;?I..(......>..[.h....[.5.V....Ir_.wc....1U.".y....L:.*....:/........4.....3J. .._t63..?^asm.+&.K..N.R;.:...|d..?z.."6.....!...5.4.E.....N.Y.`R5....b..A......(..2.......0b.Zf.h...]...%..B."<..l.."...+...R~..N1.DVR/.C].!.r./...#)2..F.......I.*.6.y.."|.../...FV......Z...I....H~...|I>....e...&|...6F...O.$/...{..sL@.Q..H{........ 86*..i-z..&m....L.W...J.p.]...(...Q....pK...Jt.U...'...x(.5".-.h.)P..v.:v..Jx.2.9.wK.W.t.q....w...x...6Ylb..].G. ..[R.&b.O.x.4..Z:Jx.R..)p..|...8e...%..s..)._M......N.k$F...i.3....8....Q:.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\194__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):6.88527751651387
                Encrypted:false
                SSDEEP:
                MD5:4833B766EE9798E3C2CA97E9CDB39B48
                SHA1:4CBA4489AD65E111000F7905458B00757EEB985E
                SHA-256:64CC9F44FB7913F9CEBEAEEC777DE3CF4DF8652E2AB5DBFE342892A017824B39
                SHA-512:0618B40B19BB9D234643C8CFC4073394694D3EC7E0357471D7C655F3C25F148982280742959F9148D7D0BED7E95A9512357A952885B7CCF21D6D67B77E05AB17
                Malicious:false
                Preview:Z....F...7.O..m.n..WN..t3.....6..E..W..w.kLn`h.KY..K.P2G...!......K ;.....>....%<.~.]_...K..:....Xr./).ds.....7t.5l.v..`.B...8.7.@..{...R.A....j.7.....A8.U............;+.1M.....kz...m.:..^HV....k!..x...[.7`D.3.9..4...Z.........~.Z..X ..a.&...,.....~#.{...B.b9X......XI.;...k.rRI.....c.l....".E.O[..K.I..I.C.]803.hN...l9........p.b...}.k.Q0.Y..Q..0+GC=...,?..q.S.X.......G_+.K....H.b..v..~.~={.L}..p.O..E.....P&.lh.G.e..O.._h..V...K9....._..r<.gJXE....<....c.:..9Z..|......`.Q..(..j.r6..m\.2p..zw<}...J"3.2.h.G^..].O...>#..v.T.r;..$`x'....S2)..Y.v&..S.i5!..j.Q.f........B$..q2....K.mH.}.>.=XA..-/...."'5p.S5QWX.i.=..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\195__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3992
                Entropy (8bit):7.839591567356895
                Encrypted:false
                SSDEEP:
                MD5:ED6DEA9C74E9D87A054976D2EBACEDA6
                SHA1:E54ADFA90F96AC74E26EC3758198FAE21D3C14C9
                SHA-256:1EF3E9730748C77D817C2705371A4B446554BD46EF682DC52FBDB05AD986F5E0
                SHA-512:8849C529082CAE9AEE738CADC977B380C8837B499834672DDE5F06CA7FEBB804F0153369D3D8CF7229614E7D94DC0387C17191CB7B0440A05C2548818A8261BF
                Malicious:false
                Preview:'..")An..b.h....#za@...<b.%.o*0.I.6C..6.D6#3Y..?..9...(....M..(.........9....VTjo..fX.......K..r<.:Q.a..A...V%.M..<.Tq..n.V;...F......4.4ZW..N...e...D.s?v....FuUT.[."+..UJ...M&.....<.>..4.........JM...I`.S.......I...,...7.K2rT..w..t..\).6.T.....T.\rQGAN.{.M.Z.P.m.h{..Ya8.H..jZ.5a....MKZsE..5.O..Z.<..v#.6&.Z..n.pJb..&.^.`q,..P.k.....8.....(..9.#.).(.Q.O.."qk..Q..[..d'&"us/sv.w.8C..)... .w.%RQ~9{..A..B}.1.Sa.........a.g.....L!c(.e.B.....{)....$i.>.-..z........c.^..+:..Qp.j.....1@VJ....t0...=..A...m...K.)...(..cr.......T.~(...]h....7(.....gP.s6..YJDCZ.|.Zr...2.p.p. ..O*o...Z...-...a.........4....-....m.@..7....A.}K=.ab"....Q+.M.<.....;......y.7.e.(`....X.......... ..d..P.9..C....7.f.{7b.%^.....{g.O.....] v.Ac...\........A,\.eQ.....$z8R.......p1l=....Y......l.Z;W...pV.. .E^..F...t..C".wZ..X....<....'/.6S..J..D......*.3taD.w....DU...X.....rb.C......,M....5....O.A.*...:.....N.......\2..J...1,5wE ....O/z...5...t,.|.O....6..K&......#p.>

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\196__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.994108881883954
                Encrypted:false
                SSDEEP:
                MD5:A8F59709324E0AF73AE9B4C47FF4183C
                SHA1:40A781D94C8931640F39F6E2C95AE1FA166ADBD0
                SHA-256:DC284E2ABBB53FCEE16765364B2C24B81008776356E3858E856A6B0E95D1F8EB
                SHA-512:7E4F54A3E7B20FD2B2F9B347BDE4B86A9723D2B42911A943FA8ACB435468BE73E46CBE6BC293FC25B98FFB32D66FA294958BC3340FCC71C9D160BACDF8CF3452
                Malicious:false
                Preview:Ux.I..N.Q.N.l..@m.m...#?.>.......1D'G.>....i...._..P.....].M.>.:..r......qT..`..?..a..G....M.&.t.E...OB{..x....b.....i+%.Em..r6^..R[..xb.ThH..Un..dc...,...o.E.A..(.c$.6.M.........e....o....-...<U.i......d.../..".aT.m....^..RM"5F...O{...8...."...SMMN}.!...l......U..\3........Z"\Ek.Z...aO!a.......'.vd.....dq..m.....d...5..MI.]n..W.k1=..:Kg......(.r..?......H..q.........\.j>.l....I.(..q....*..N......CX.,.1#.......-...(D..s.,..hI_|.:S5.Ja.T...H..nv..R.)p..V.J..q.Y.\tH}......1.....p.7....vR...f.l..y..z..vgu..4.G.=:....;%......M..3.W.f........V.I....~X.:<.zh.'..%G....G....T.4.......[{I.R.k.... .;.U...J...p..[.~..T...%.\BI.u....-K....]....xR.4:.a~...o$sAvtc....?.X&w460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\197__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1164
                Entropy (8bit):6.927240614596446
                Encrypted:false
                SSDEEP:
                MD5:D5DB9F194030422E3C5A6647C2CF5C2C
                SHA1:7AE98058CABF1328F9752685BBF7E85B7B4C9C12
                SHA-256:432601C258F4B70FEC2AC50C4BE9E0D9BFA4757E15106342ED3C3DF5004D6F55
                SHA-512:64715F8E89FF862B329EF886578065D8F69DF2E396521A432F80E589DB07DAD3F00C0A99BD5021F704FAE27E7845C2732E294635E1E680EEBE4EDDA683489C6E
                Malicious:false
                Preview:=.f(...`..UG.`o..*.nin..Kz.Z.n...KX..<.T`D..w.c}...y|n.!......a.g...U`+.F.!..W...M.8....?(.......Y$..BGi..,.$...o..H..s.w...>..i0..s..Nv.A]....v.....a...UZi...`)U.N...,.x........2x(...c(...}...H.....Ag..D..-......../..0f...C9%C=........TIK`)...nf.7...*yW;Oo..yy.T.B...%....G...n..o......^..P....[...6........V.$....|....W..........P..W..M"KB...Y....f.m...4..l.j.{..k.A?Z0..-6]@..h.!....o../}.k"~+.U.....{.;..}..D%G..>kmyr.......4...{"..n.....R...r.=-.....6.\>5...%.J....v-.8jC........W..n..FZ4....!Zl\|B..m-NV.....`.dY.:gP.X.z..x..q).P..>...vY......Q..<m..G.L.'tsJ.x.......df..........."....8(.~./OJ*.^....L.1.ws....%460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\198__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1160
                Entropy (8bit):6.887495011002914
                Encrypted:false
                SSDEEP:
                MD5:B68CBAE56F0A06A821CF340226892FB2
                SHA1:A5567DDE97D20F71BAC4BE61B961F72D51350EF7
                SHA-256:964BC8C51F805B67BD7C0AE238E2EC158170480F410FFFDF3C235492AF11425D
                SHA-512:19983AF05ECF821691F3DB2F3DDEB3322C83B5E8B874712AB8A47B8BAFA243C8E2F74D10B1FF620B8503A8960AC02F41BEB97548EF142DF4EE4C1D6E34FCD422
                Malicious:false
                Preview:....TU...`F..,.d...n.......n..E+....XN.....<.{h1........=......o..P...)H...~'..s.n........\J.YMq.'...Q....E......&...h..E..L.....1..JV.H.).....#h/..i@8u........+<|.0.t...A..=._.. .m..6.h..e......d...[.Kyl.iE..8`.l...8{Z......t..Oq.M...*..3.T.Z.\.l.R.....@Q.4..n.3q....\.z..\k..Z..g.(B.......g0..n`._........fG..{....;\.3.p..{.x.xHy...-u.~.84R........=.c0wm...). ........y..Ik.%$.I... ..L..Z~W....W...[E#...... ?..W....\U*.4.._..v ..H...K...:/O..pt....q....P.#......^q.7..&4.....S.^k....m.9.^..*LQ.N..........7-.:UB[.1e.4.!..9..O..1..Z..-......S..`....)O.T..%UR......zxy....`.].h7d..".T..5.....5.a....D...V+./..<4P.YY..4.x460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\199__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1249
                Entropy (8bit):6.992573335878894
                Encrypted:false
                SSDEEP:
                MD5:599037884730EFDE4700F32B6FBA32F6
                SHA1:BB516A6C485AF506D3BB8544CE7163F8AD05D9E3
                SHA-256:FD518E8DC6D7289F9740766127BB266B2C5F6D67616C44680F434CE28C17C456
                SHA-512:24E745BF501F389647B2F2C63F6FCA3BD46AF7239BC5A7DA63F3EB10F0C2B5428344B1F1EC65D2DB90830E6A506939635E3305920DC7F21231B4A29115C69B94
                Malicious:false
                Preview:,.Q.iU..a.$..yO[C..M....?..+|=..z.........l.P.....M....<Pn..eg.8RvU.C.yt....y........=.....v.v/x."...w...6..g..Y.s4.<.9..j:........T...]. ......o..@......n.\.jd.:.........h..&!..U[..B..9~U.&.5w..V7..5../r^.`.TA.]g'[.u...?.HD.(k9....-...7O.B`..^../.^..K..8......t...N.A%e?.z$.t#R...i.06.B..aKL%cT.0.4....;....0(....]....p.FZa.....u....WuO.....usGR...w&....v.B..gi...y.....Q.B.3..kk=.[....Z3 ....(....0..3...h....:..X...B...HSO.+..h..9.e2I...........R..?..?1...i.......In...6}c.B;=....Y..=...c......j.,....U.......s.....`r.1y$...^.I....P..D.0Z.....J.+.?f>.Hn...[.2....}...2.l...H~.x...J.....4.|....c.Vj.9....1.[.. D.+.........)R>.3.....F.....3D|...O'..A..YnMp^A.h..|..$?N&H..}.N..B..(.W...z...{.s...c._...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\19__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1242
                Entropy (8bit):6.971035185708505
                Encrypted:false
                SSDEEP:
                MD5:E92C15784A0C033DBA5847EF66FDD30C
                SHA1:1A347DCF32B1EF8B6241B1CE54E9301CD3FDA345
                SHA-256:1C4881E94A7161735C4DDDD15EAFAE07334C2B8666FB04F414EF55CFA6EC6CE1
                SHA-512:F2DFDF8158C732F6974B46FB9D95FF0A7B2E12F0748CDA8186A00D2CF7031CD9091F8D3A07C66A50016C1583EB66FB199EADF61904F9FB1DE9A3854DBBAC5677
                Malicious:false
                Preview:0.R..]...RM.-W.).Ue6'.m.k._.o....w0...g.a.G.0....i.S.:..y...6.j'A...<..a..J.........*(g...3..P.........."....Y'...B$F.?FU......,....p....m...m.x...t.e.j..m^. .'.\.Z.rr.G..v...}..~...v..l..X........R...S(...z.?.x..........$..C.z.{%.b.e.;....HR.....*..V..........u..u...p..T....`%...C...V.il....K..C...k6.fp.].0GO..........a......:.A.....4E S..(.'8E..o.d..l...v....>."L.Z!.;C....1...}8d..~..%..9.W*..e.8...2w.1&....C..S..M...f...b.t......}..;).b..YC......Vz..D.T.C.G.e>...0p05..6.F_"..km....2...B...g....U....NJ.."..yd..@U....K..H-Z......f.qv....TG.g.k.............R 'FZc...rU....`.g.O.*f...7.k.(.Q|....T..O.*..u.9.PE..c..*fR...Ez..UO_.M._.x..+...p..T....7LD.....L.4.....L..g0C*..8.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f66

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\1__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1251
                Entropy (8bit):6.993344707422012
                Encrypted:false
                SSDEEP:
                MD5:9CB8430537F19DDE99672E87AE2F0221
                SHA1:E9DEAC285069BE5FB25B1A95EA0DE20E3FF779BA
                SHA-256:6E2D8D818EB891613BA58884C90C667178E706F2720275D0225B4A3DAB340386
                SHA-512:2BF67337BB76D26E1B20204984BE25008A8CED7507C3CE19DF954D8FB30D3922EA9FF1DF4EDDB4F86DC8034C85BF2C7317840FA7BE0DB40FCDFA374A216129C5
                Malicious:false
                Preview:T.r..]B..1|......0..$..u....09._f%.s|./....h..3.,...=\).B....,qS`!......Au.C.t.H}....J.N[..=....+[gk......#.Dl..x......l^nYt....4.Z....d.q.A..a..^8..f...._.-.....G.P...#9^.....U..../...~..b.m......nx.TeA.3.s...WL...F.....a<Z.KB.. l.....BT<\q.....o.u...p8.%.V5Y.M..y."p..\....[%l.w%n.....c.q_Z...^....~r...I.!P......."{..o.x.A........O...p.U.}.\.6.2x..5.L['.#..i.......T/.Eo>+=Yy1....i<p>q.hL.....1..7...rK.......K..%...{..s.5..]....x....N,+A=..i..^..Dna......m...$..6..;... ....g......;..Z.`M............&.+.fu3.R.![8*8.BT..k...3MR.%a.._..7....{..>2#.f..4..F.$.BX.....Oa..O.y<..B.Y..$.......m..+5...>..H'..R...w.2...7C.L....^....Y-...?...G...o..|q...........y....;.L.)K.....-U!.,.".....[.e3<t~...U.h.y..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\200__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1164
                Entropy (8bit):6.891089400451657
                Encrypted:false
                SSDEEP:
                MD5:E58FF8E127A7FB5FD791EC47C15A41E5
                SHA1:429432142A58F12739513E767510BC2E5F781299
                SHA-256:A8692B3BCD87028F1C22525A3561DD31448C2F32449861EAD08EA7454107C1BF
                SHA-512:78E1FCCD656932A8CF3236AEECA33C36A4FEF512C583903775EC1D6C4082EE95C971A7605021C7CA07BFE82BA92174DF6D8BC9DC2ECC8F99476306933DB84FCE
                Malicious:false
                Preview:.....N^....N............\@....f..Yw...8...su/...`.x......0.YO....]....r~...D.[.0.fV..E............B....>..R.)Wi..".#..N.......~.h.(....h.f.Os$I..h.....Y~......m...QD&..A..(m...........0L~r<9.ts....T....Z...../.Qe..hKM..n....f.V.....(.`.uy.%^..6}......\Q...-...sC.#.v#|k.l.5.ji...z.*.0.N1e..^.m..H..o-...a...S.&9....AT..Q".%....x..}7...b.4?...Ls.y......I,.^..&:L.+..-q.[b......g..@O.x....G.& 'y....6'.K%..O.<..)..i.k.Rw4..d.J.D.K...M....U....:A..../=.0. ....n.rR.....5o.......|.7...A.T.:H.I...........e.oK.Ee.6"Y...y...,....U..:..pc....m..R...... ....r..?<4...ZL.o.}.e.S..^=&I<...b...TO.b.*...`..2....+Y....^..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\201__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1245
                Entropy (8bit):7.008576198248062
                Encrypted:false
                SSDEEP:
                MD5:6743A5792F4C31365CA08C385B4E7283
                SHA1:A44A23A8B37D7040BB43BA7DF82D8F195D016F27
                SHA-256:7A499C7E481F88B927E58DCB103C25671282D92EB5A5150990AA0DCEF9B79267
                SHA-512:4FE74CC7736B1319F4FBF0D6B06BC6B81ADE8962C505A056A8B9288D2B1F77078EE7B6A2FF8E4793EB21F21E59B30A92321165C774FF51BE3A03EBDED637A4C0
                Malicious:false
                Preview:.vH....#aS...).j..'..{..\..)....K....y../+.[-....}...Q......Y6'JY.bt.H.M..>1...*^.......q.._..z...Y).<.....W.~.h.8C.w.....$.. Kn..1.R.+...1....c...C...KC.5.E$..{...>.;r8u?B......>*...r1X....8O.j...+....>...,.E.N.&.5"cb._.C...Y..f.%.A.)..P./...~s.v...W.._|m.<.l>...s..@...H`. C.zT..l.....<.#...P}.....R.}N........ae.FW...H..\mG_./s.......c.EX..%H..PZ..M.5...Ud.{]e........a...o..!*..a.$*`.5.Om>4RE.....*O.....HTT0..)={|....k4........._....@ZJ(..]...ga.u......K.=..i.Z.(=.3/s..:...N......d....x....]..[.v...UG.j.a....^.e................p.......(."_.H..7.5!..,..L>L.H..h..`.!..t..S..#.....V,V....d....j.p.6`..o..3M>N..n.}.I..E7..c....`N.{.+....JK.........O.Bg..i3E;..Vyu.X...w..OI.9S.G..q2460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\202__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.698507790145238
                Encrypted:false
                SSDEEP:
                MD5:97A762CD3E6E3E801613CFFB1D2915DD
                SHA1:1147E22C2264599AB34561F00EE91D17CE4C6103
                SHA-256:18196937C4D961E652AADBB86EF4F81CA10A87EBB881A791E03C9C20BBF56028
                SHA-512:5D377506E655640F8DEDB2EA81D016F6AAE2863D6FFAF8A114D0F59FB6B09C3724691F7B168FBA9859CCB792087BE3645C77360DCFCA265ECFFED6F7C32A4FF4
                Malicious:false
                Preview:4............*;._<..............."....7..J.P..CF.7t.....I1.(f.....KIj.>..j..g.xB..aX.X....6.v..a.R.z*9.....!.Up...3..1....?...1.f....0e..&R...~.c..._...6v.........jiMW..y...9...A.....Mc.K1_.:.*\....s.kq&.......D.....z..+~rx..?.*..,.......blJ.Cyye.Av....J,.f.3.].....`L...x.r>..T].7.7D.69.7[....d.#=..VVp.?.t."R..x.i.iX..|..........xb)...GK.t.XL8U.J[0@^.A.A?.(i.'..@..\..W.....6+.]..x....bH.rlo..e(....C.+.u..di.'..i.....8..U.s.\..=...b.m...$..q2A...p%.7....>....l.[...<.@z.$.....r.bb...(...,Z.]..aP..]./E*.k.3..FW...m/v!l..g.U2.A/EH.._n...Ob..{.j.,460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\203__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.677512886589437
                Encrypted:false
                SSDEEP:
                MD5:5B6BB85A4A9F393A40DC60D8EC46DE77
                SHA1:E95F95F30AC1F48D4A6239F66F6DC3573E4497D1
                SHA-256:136DB69007CB268DA2853822674000CD0382EB58EFF8811EB5C3E3659D31D726
                SHA-512:C3EE0A35173A6C9DF02235FCCD8D1EA4EC62B8741D2FE61729A350DB3DC0ECC2B9DAFDC7D68F44D08F37C11A207AB86A8CF2A088EC43E23B7E11919B2F747989
                Malicious:false
                Preview:...X........}..w.k.d.L...Om...rG<.....v..-..l..|.....................a.`.m,xDe.TI...V.....R......ggR.w../..N.[....}.=.`D.b$f.......Q.....{..E2*...W&.l.....E...Q....p.@..f...}....98h..*.T.$..8".&..D..rc*..5.....xc..Gx6.x......0-....d.\v*.O..O .O....hob.s7.mUF*........A.P...F3..I.-..`.Q..d.;.{..Cb.wU...Q..,.i.~....2.paR.w...8....#.;JFH..+..~A.Vf.U...V.|K../.]........b,..Mb...I...Q...l%...>.....$.....3.|M..B.... ..a.n........+....?.h...NJ)...j.....*5.=..... ..-D.O5.X...u3[.X.{M ..I.P...O)..^..[%/.p....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\204__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.47742164828556
                Encrypted:false
                SSDEEP:
                MD5:D60927F34A06097A662DA089B772E856
                SHA1:CD1E0A1BBBB0E4424DE191A551CE70B1D484AE0A
                SHA-256:20C830800920ADA2B7DD07DEC1CECE1DA0ADDEAE31961816950DE7B50917FE14
                SHA-512:43FD8CBBDAE6C5BC555EC3CDED5A1DDA04B96CB4965151AB7D27293686244A72D854A8CB464B5B93E1557079997EC56AC259DD37389D1AAEBFBBF047ECFE4EB8
                Malicious:false
                Preview:.;..-....!.. v...|.i...>.]7.....o.....fT.u....._.\.8{.B....{.........s..b.-.....SS.It._L....n.f]`).572K.o.4C.L....b.....".T....^.3...h*7.Odj4.......Fc@..Z.:....0..(....Xk.......D....2S.ni.G..^..........[oy..Y..A.d}(..$`.*?5...X..5,.5....H.Mc.,lQ}.r@Q .\....L..Q2......]..............9_.D..i..2.....D...l.=".35..B~H.!.....N..se%...F..Q>.\..Y..._.y.-.R.,...#.5.xKz3K..-.49-.....1'/>=..5...;.*..g..3...'.......!..i...K....&{460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\205__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1814
                Entropy (8bit):7.429407187578893
                Encrypted:false
                SSDEEP:
                MD5:A3F26E56C43736A562DB39AD127A7619
                SHA1:FAA182137A76C37776C5969B463553E28150A706
                SHA-256:9C28BAECF2DE602538FF8941EE74720AF64019DB484E96B90021B9A01A2C4206
                SHA-512:0E8AC42A27F0AF15DBD3E35BBFCA8C80639419D960F60A814F83268253208C2A5FB36249025092018C97C950ED3CF55E11390F5B6204AC1C08F676F49D0A3873
                Malicious:false
                Preview:..6..{..r....K....H.@.............z.,..$.tZ..?.qS...C8....k..g...Ya.U..d...N...{.i.eZ\(/.....Fv......,...w.&5-..!T..Y.h[P.......`......$..T}9{)....(......Z.K)B...}Y.w.r..E`hQ..M...e./.B.B....#H*}..........y....Dp.'x...G..o.D .<.B.LIC..$....&..x..C.'....E...`..s.fpf....../YE.xQ...(n.b...k-..).h..qH.Uq.7..x?...:..f..n.5.C.Vc.5.......PA......7.p..3h.~I ..q\.X..aT..S....*....p.B.......$.'.O#4&.....c^:.K.B..mv..7q.p.HU`.E....q.5.wID......D.?D.#..t..c......(vg.....C.B5Y..T..-.h....>...F:I..>........F...Kh2*.p.B..H........z..j...4. ...wU.J.......-.l..6^..?B.25......1$j..xW.qN.A.D@W...u..L.?r.}i..u>.0.......D..5./`....... ..!.e...%...........|M...^#...|..:."*z@...x...i .kF.....6.!Z....Zar.S.....e....o..(Q..k....)..K..MhD..[0..z..a=J.......a.?...e..QM..si;.Jd..0.5(?..`...CQD.<.....~.......Q./....1K../...$...H1..3..).pL.:....P.Bm2..jw....f\4.6%|.m.`.0.jh3F.PftW.5.. .....-......i...8.>>.....-.g.........G#.A.T.,.)PWT'6.......)ja.qd[j.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\206__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.094887793160828
                Encrypted:false
                SSDEEP:
                MD5:CA9C7B2F3DF8699AD450D683F0DFEBE8
                SHA1:A97132A2FBF098EB190F16EEA41C7E94AA964B86
                SHA-256:AAD2A4806374FED3C59695E6346CEA4CF21B3127CFEE1678E7C9DF2C575AF190
                SHA-512:E384034E51A18A88997707B1CA6B6C423428D5433F4E674418737A25D990F9CF17ACA0159679677DCD5524731428F22D37404B552263F038996A2A07BA39C95B
                Malicious:false
                Preview:..Ddp..o..........!*q..!..wM([.....>..n;..O.W....(.J;|.\......._'}..M.{%H..}.|.w}..I.f_S.pE..Z{.I~...w..f.~M..g...W.......J.k1........U.)O.o...=~....\...j...W.8.%Fi.!.(G..D.\T..... ]...i...h:C.~'.7.e..W...?...AT.....G......q9P...C_.c]sD)..C.7X.-.Fj..BWq.%....3..g?....XQ.;,....R$..K.2C..c.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\207__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.893641268727512
                Encrypted:false
                SSDEEP:
                MD5:5DB491E986DB149BAF635814F552A522
                SHA1:587B745ECD303F5973CAFD198C3C1BAFD9B20C56
                SHA-256:D69755D90CA46E01BB66BB94FE8920C7040C541EFD5A1D4C4B607144F37EAECA
                SHA-512:16E4577C298894C72271EC79580E123119DF2551854ADF822367FF2B8E2ADD0D0FF5BB3A4A2BD73EE897A267A6D9578C0C3256579524D525E4E22D6FA9B6C248
                Malicious:false
                Preview:.W........=i.s.EC.>....g...n..Q.....IK...u4...l.....+F...GA...$"..hu..!`s..>z!./..7..[..w..K....dL.0YM...N..E...Mz..Q.6......}.r.`..#!i.Uk.R........tc...J......;B.<7_.r.Uu.Q)..@`..o.x....R.....,5T1s..ix....8.!. ..23.y4gz....I.../..&A..U.[/ bB.z..o.1\wm....B..:T..S(Q...m9Gzoe]4.\E..k..0...f.E...W..S.a.j'X..x...&P...|-..Q..x..x...G.%."F...+...Sg."a$...W....}.v......}=...6..../M.....W.....N.:.....~.2x....:6r...#.._.cG.8..E........t.*...Pv.M|)..7.u.W.....Z,....;.........6....bB.......H3........q...<s.[.....N..M;d../5;.........Kb.....uN..O:nc..&....=...>.Cv.+.&:...7......d9...H..D....!...o.}.....S|..%..4v.i.F]q....$.Gn.z..}.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\208__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.751960443546093
                Encrypted:false
                SSDEEP:
                MD5:3A19C72FD52AC64E7C2AA45F1AAB0A8D
                SHA1:94F8C5B65EE2945B92125576873C330930575939
                SHA-256:1F6D4AF00F392BCD624DA6ACB321E8CA11F5BC8A518054F8CC65B24148EE48F6
                SHA-512:8CD3BF5DAC4648E279565AA7294001538223D5B76DDD320C9ACF3AEC2FE0627F811444DD84560411D4CA168A5E30EBA3189856834448AC046ACCEDD31CB80643
                Malicious:false
                Preview:.....;.^X>.....?'=L....Q$.O....s.tA.,*He......C.-..g.2.O.......K...~m ew.v..y)".g.M.,6..O....c.,.r..x..S....99...Z.I.5..t.iV....!.)&.,r.).x....*b.).%.i.%..M.v..A.....96..>......*..c?.b)...1.g.P..r"IX..Xj.z..F.k..sA.t.Z..7..E..h|e.ac....6.Q4........}7.....p.....%=Y...(..<.f.RG.;c.=....rt".)..M.....*.4q.o?.O..{...w...B.....$...Q~.e..@.'.)p)uX.D...l..<WO(.M;....I.Y.H......wF.T....j.....O.3....>._....?w..=....>w.V|...k..r.,'..WJv,..v-...6E.p...P.1.....F+r.}.{=...Ou...&?Oc*...mj.Sg...........>.t....K.K......(./mB.W[B.%.Q..G...|...u.4..]18.v{.y.}460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\209__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.633167765912341
                Encrypted:false
                SSDEEP:
                MD5:04709E83BFD34DDAA8165AB66506664A
                SHA1:5F75243B5C6857AF5319220311A42C430B1F5429
                SHA-256:B6DA53915EAA4BBE2EB3C073D6EDC82C09471641F5B5D48508DFA9E2F958128D
                SHA-512:8B818D00DA1B9B08BDAE59572A982497BD4C205D0083A3B318C4A0B655513F3F454A31FDE3B88FDF99CDA91C5855E262E792D1C9556A721F088F7E691A9BB0B7
                Malicious:false
                Preview:..\L.@..v....Zs...zsl q...j(.K...5...Y..y`.......~.6...0.E....G8..#)...c....'6A.7....E....H%.C.R..w.......k.....P.....f.W.@.tN...4B.=z.0-.T.--....5...yh...QT.M....QY.j....f.(3.W_.-}[...r.c/.7F..6.1r.Y.E6F....y.e....^.B.,FW..T..b..1%....8.u....i....j..X....<....V....2....&.x-.Z...S.%...c...4.L..7:...kj...w.%Gz.g-Jw..j.......P,.~...G.S...}.o.X.....;<..Sg.jPi;......'.Fj....y...&b..(..m6......ASxH.94..!t.!...5z2!.1a....>...........V....8.%...........f.>.....x...J....ZH...s$..W2..=*..<XFR....].)..z.(.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\20__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):7.010467066116248
                Encrypted:false
                SSDEEP:
                MD5:314755F91EE994B65873A082EE741558
                SHA1:C797A8EA542AF1F074BF4286CE63159785869567
                SHA-256:31B9CC09CE3F2C212EBF39A323E50A39597035D9BC56CD81315C8E28C01AD508
                SHA-512:C81DB77F579EDE784F3759EAE7D2B571129812B9A62C1F37EDDC6AA521E39736545C4DFCA00F31C1810240DE4269DE974B7B81FB47A3794BB54B1887756350E7
                Malicious:false
                Preview:G....K.of...X'.#[{.W...u.,.J..pu..i..B.a_..z-.M...UmC...n.0.x....M.VS.Z..$]..D....?k.CW..G....8K*..1...j`...LV..+.T.......P......3W....M.7...........A..m.oJ.fn...jL...f..<.....^.e.._P.@.5.B.(.....1.._..8.(.....b.5.JHBH..q......Jb~>....<.o...N.N..d...EO0...h..w?....}b<..i...h[.71.IF....5.L.{..Q...].;...../.(....N....z.}..*..d.@=Z...j....R......F".^ ..t'E1hG...@.).......N.C.yO.n.klF=z.]....1.u:^...C...p.v$.:G...=...^-q..91+Xq$.&......_...u...$\......o..q$p.$.T<.Jzh.Qe..~{..|anQ.RTEt.m.Y...?...!\.......i.2.4.....M...M.....a..?..(.XJ..x..3.....2...|..p....U..t....u....&n9b.f.p..6....._..t..gj.d..G+.....v...E}......tiY..3.#,..]Vo......F..).& ...im.LF..|...;_L.J.\...N....m......(J.|./460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\210__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):964
                Entropy (8bit):6.463248060568738
                Encrypted:false
                SSDEEP:
                MD5:FB3AB345130813CEC0E9ED1A5839F269
                SHA1:16768FD75948EF1A92B17876F613D1554B08CDBE
                SHA-256:65875258794664788A12D36708887EB104FCAFDD9632EE2FD486AC0E9F178332
                SHA-512:AABD56BFD779A91CBC9A1A03EABF21642BBAFF5CA589D322697EDC500A81AEE31A0E19838A60539C9DCD16B869BE6E0231869692C388CDA912A57B88A3254F02
                Malicious:false
                Preview:X.;..U.m.g.*,r.d.(.t......;.p......z..9....l9^..4..T..N.!...n_]Q k7.'....4...U...>..e......n%bW.r.zu(.u..F.B'....p..w....p_........;.Y..Lm..B..t.......>I.....a.ZD.!C..,F...6..^d17...t......X.4...Yj....H=.$?4.{8...._....o.&.Q]..~...7f. ..2~p......O*&.ay....?&p.6.K..b.y.i..Z....]S{x.?.$}.%.*..S...8...m.mZ...T..<.x .9A.1....L.......5.$=;..>..p...%.....^....y.)...w....!.^mZF+C.0.\s.S!..&}..j.\b..^6..o+.h|y.....N.......aZ.7...(pY.W..E460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\211__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):6.98484072411984
                Encrypted:false
                SSDEEP:
                MD5:53BD3AB7A31043D1B049514F92D2F9AA
                SHA1:F852B8DACA9A5343320B09FF17C6475DA3BFB7A3
                SHA-256:0259649018E64A38F84095DCE8E8BE6BCC4FC715D800814C25BB9C8F29DD603B
                SHA-512:8A37D5C9B56BEBE812F1EC919E2DABEDB6364CB1A97276ADED139F7279E636316F9D7F03AC45B86622EB2DB62B3E00889073169EB98DABE73FFEB430EF33D6A2
                Malicious:false
                Preview:..]......k.O.>..._.%.s....4.XM.y..c...x...v.......@.w.........h1..7...:...^$.a..p..E...K.zGe:..%..U.....'^\.,[_..K...../.5..V....-...jZ...#8....0.2...V..:..d}Y...7.!R..|.[...T..b.<,...6...<.*...C..i..JZ.hG..'.H..U+O......n2.,...>.Jt.`p. ....Yj..E.-UF..i_..W.n.......'..r...K.aK.f..I..bfE..[...~6..A. ....?......3....1.B.z..,...~.o.>.....9r....b.I/.=.........eM.z."08. 4*cMu@.)z....!..D.(.l....U.t...._.T9Ob1.\......g.`.G"....r_..{..7.Z.....r...x.).S.n....[.ix..@ xd.z].1.'M....J...L....8.I5.N}Bn.x....H...C5J%...Y.`.M..s.....<G.z..k.$.LM..7.M..(.RY......U...1..p.".J.b7.X..5.|o..~...5....g,.v.s\.-.Q'...4N(GT.o..,...2..0tQ}.~.k...ph...(...\.}y..U?.&A..F....UM:N.....3>p.G..'...3.....z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\212__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.935898018052872
                Encrypted:false
                SSDEEP:
                MD5:57B4730854640D7CFE5B0910BB97538F
                SHA1:B823FD4E1BE09DF190B1A7490167B6AEEEF457A9
                SHA-256:36EA56889AAF11008460E4EA82994CB799382C44867E68AF9F894A2905FBE7D8
                SHA-512:FB41971E7167A722C4F56BB6C9C05D5CC65B9605A9CB97CDF2B349945385A9688C30E9819D4EC9A7D770E1CD3E929D517212D52AACB4A773435BBA8A1649DE52
                Malicious:false
                Preview:?.l.0>.F...+.U.T.RF../.9m.5.....P..!Mu.u3..).9w.J{..wR{..0q3Z..C:..s...8~7....+.\.U8.T.8.QB5.L.Z."./..M.@.....e.7..3.^..[.4...U..`n..a.../@.DM....U&..~I..B4..#N.jCZ..-..Nr...V0....%x{.:..a.xl....=i...4.k..@q.[.@.5...'s.7..Z.Hd.....zt.gJ.~..gx...Wm.I%.[<Q.........|9..e.?NMl_#<..}..T...n.....0..P+.|.3W....q9.....Ts<!Fc..>....[...z0.."l.|..3F.(Dh.w'.|......e.*X..._....kJ......._.h..vn.Z...U."%...r?..m....<*."b.&..g.!.T.-.*:..C.Eo...s9.*.x..=...CR.....Z...|..t~.z..m. ....ts...c6!3S.......B..z.j........{v..S.T...g....T...K.6{XCN.XhgI..Z.#.kE. .[.0<...`....Q...Q....(X......b;../n..x^.....EEQN.(G...3D`....%cD..n.m...+]..| ..E....~.'q......K....u.g.........L.n..e..).460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\213__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.71983032572332
                Encrypted:false
                SSDEEP:
                MD5:C127D74D33DB16739FCB2745C56D4C0D
                SHA1:451F57B5002672A8E29004B4B52BAAAFE385CBFF
                SHA-256:AC41233697690CE7EC113E68AACFED1367EBCBEBFF36C5D6F46CC8B006177519
                SHA-512:1FA932B480EC6E077C2E1252781584EDC5F93E92EA192FA69E6E321F27EAA38C7A9EA53C60407A54ED67DFAE3DBB55D7310BEA03F6C1C1AB479ACBCACE5E5E9E
                Malicious:false
                Preview:.G.. .^r7G2I...,.N..&f./ZP..,....B.9...qw4..h7..4....LA%....O...........AD....nH...RX.(....R.$R....7dYz.C;.....,J.9*..W....h...W....g.F[FP..&ouV.G......Z.v...K#..L_.&..KKI...Xm... [.1P...9..+..U...S.~.]..ub.5.X(.s.j.....`.......f.....c........o.BZ....t,$S.16.U....N.'G.T.-.`....H+...........b4i9...&&......0..;.....Zy...m.H*...J._y....Jj...vR3.......J.Z~ .)..?..E.#tQ2`7eXV.~....I..r.r.Z.`....?"....:=.9.. ......0..B.*x.7..<..F[...TG.....N.G.....9.v..?>.Q..R.....s...LG./..0...&r m~B..?5.+.........a..f.4`QAE.Q&}MysP.&[p|.c..M..l..A..W...D...N_.q.).460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\214__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.658479884948102
                Encrypted:false
                SSDEEP:
                MD5:0EAD37B947AF887AB45770EB7CA3EB38
                SHA1:54516FBE6DF97B744C9EF28821710A66CA4D453E
                SHA-256:24D42FD87577D19DF8D2594774A2D6FB80C3A28CD029F09C189F54C48F9E3B3C
                SHA-512:44B4E0B337DCCB56F8884407B9619E7B5AE16A81322C1F4944C5CEBC35DAE5EA3CB9158C9B7C314FC5A6A97DD69337AE9E990C3AF4DA3359D4E8E6C89067E54F
                Malicious:false
                Preview:c.J..sv...s"1...Zw.7.DX..9s.R..".v8o...d....QJ.#..&.A..S.........7..#0..n.[.....l...[.2.L^....`...C.mt&......n.V7.."d%...~.o^..w...@N..5......nI.,T...*..)...0.*q..*.k7W....l.@.,%.S....*J.h. #....w.........l.u.:,om\.[..P@..B.....<.... .aL[K.Y.O...0q.....t>c..O..+|......yP..e.....e.....].1v...&T9...._...h~2.....m..3.qx....W[.C...%.....=tq?{..|..h......^H..j/..>s.P..Td.N0W?......126.,R..k .I....Tmj..i.2.A...v..4<.T../.U.R.y.V+.3l...^.|t.YCE....Q|.N.]...q.:...e.E....29.o?.....J...M%..#..U.|...C......H.N.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\215__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):957
                Entropy (8bit):6.447345421506519
                Encrypted:false
                SSDEEP:
                MD5:98E8BF335FFBA9C657EB12E0C30AC52C
                SHA1:B8F977BD75B409EEAC3BAC1FAF6FC0F2A6C5FC31
                SHA-256:603EFD1D2C50606AB1BA581F17A0D2E74E547A92B8BB130C5FE71314896E0363
                SHA-512:3C138E288F570D54799D86BB724863400AAAE04ADDCED06B1118A0CDF89216FA040B3ADC3399F440D3233188A285AFA9C9DE8314C91C011F75C689357F9E6D24
                Malicious:false
                Preview:...+......;....q......6z.....q0'..K..C.....f...C?v..%...5.../.....D.........'"r....J.....j.+f;......N1*.......NM:3o..1...-o.e.2.|.R2x...Wb.;. .?`.dDs.>.V.%.....w....3.....9.Z...k.p..3x..iG..........z.C.?.....8.......Y..bv...oO.Q9.'..%.W...~.=....4h.0.......;...\..P_....N..vWZ.eyNT..OQ.X..>.........>.8.H..@K...U)~..n....R.1w.._XDG`...+yv..:.m....;F!i6...nh.|v.h.P.hI..'...25I...\..V............r.. `.W...R._B.aC.M..{Q.E8,o.$460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\216__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):6.963783147027782
                Encrypted:false
                SSDEEP:
                MD5:23170B909F8353C3AD38859CAA10410D
                SHA1:5FAA2CDC73BD977D2705F089211BE48F0A7318E1
                SHA-256:C2F15AF3B334A0332CDCBD9F0F460BD5D4C509B0E38E25725D2D0254661C4FD2
                SHA-512:D87AE5AE34B8DF888DE1D79DF5C09F8FA94C829A9B66718B60FF92375B63FF54F26C01A44A71A4D5226B6A95F185D2C98D471E23D40313F4092625CC1C0F9F2F
                Malicious:false
                Preview:.1...g+[d....../P...'n.l>.~..........K.w.....3S.....1j_.gApr...|..".DD.]H..~.`..=S....."b....>.=.X*'..{.(.(.......c`.M&..4...o(.K..+..#.?;.F...5.),,W....f~..5...V.;..;..%..j....`....$......K......5......d.5v....0.G9.@...7.........XO.......!&0?.~i..D'>F.\...^I.e......zuxW..N..>m1e.`jgX......$A.Br\...[f...5_.Ii.)..1.....3.......-..{av.4 Y........p`.OT.'@<..g..D..3T......[n....|q.lJJ%...^....|...,.....4.]{.21.j.......I..\2...[......<.YS'..B.PL..=...|a./...F.;.....%.....gn.....a.hV@..;.....o#.F...*K1...\/:.........~.#;x..C8j..W....D.{B ..........e..|0]9....c.M.%.`..n.._.SP.3%.....W.....?..>2....,c...g.J.!P..'.p.\.>....D9..>C.$.8.-r.....l.d..u.S?.+o../..K..h.fZ&G..6.^...;.F#.....4E....t..#-+460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\217__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1636
                Entropy (8bit):7.367410095208933
                Encrypted:false
                SSDEEP:
                MD5:25A0C21220278A5C9B468331BA31255E
                SHA1:2AA6FCEF64D19D1053C76C8E03CC6EECB89F891D
                SHA-256:2B969A37E1078F02F95A322DB32C1515AD6FB663B73566ED24456C54215987FE
                SHA-512:2561C0FD47CE3895CBA783977739A1EC17543149D8F21DC77D7C1A0DBED0C3F9E11FB650A3C069CC3BE5210A07B7365E9925E843689F38646F149CE9E3147C62
                Malicious:false
                Preview:o....e.b.....=....:8....^....-....YD.e.G.r.],....AT.....I..r.........a.A.bH.......A...E..T.)..[.Y..'#........7.".^..y..d..w)..H..Z....3f..UrZi.>|....+...[...j.....X|D...Ws...{.".Q.+.E.Wz.).T...p.N.La..i...$.....9..).@...-..^.f...."\F..@..I.A.y.'.<...3.By..X..%....., ...:.......z....k"... ..)R+...io...h(3>....i....hHQ.r0>..=.0.U.^....jE...h.?z........."......$"...+(..%\ufWz7...p.../.X.K6...0.nq.*U./..q..e..lW2.Z-.r9O....u..x.M...pU#;s.\.0.V.>.8.[......L-..(.....n.......=...o...9...C..J{..*'xg....p.E....`XdC..O..../x.....l...E.Af...{..#...'..W..,9(.ZDE..O=....s.....cT.^!d"...yP.f.mI...y,...F......d.]._.9..(...whs...m-...)B\.eJ..$..A.{..n5jK..U@......_l.A.x%..s .T.q.6R.V...F..... .L)..!(.SQ.m.....'f.X.I..,..N.F...P...U...4..=..]y..U..7#..I.rM..M..u{q..4..W.HY.d.=..vK.n/..;\...</J...~.L.d.....I..nYv+..@...q.....M.%x.(.l.J.53.2u.H.V.....uF.R!.......H....y.A.T.[.v.....<.OS ..zP....3..Z......sn...69V[p....&.h.E.t_H.i..;.....d...2~

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\218__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1782
                Entropy (8bit):7.4454762006800035
                Encrypted:false
                SSDEEP:
                MD5:99BE4375F2A24079654C2F829BBA5775
                SHA1:906B1BEA486BA412C7BB05D24B5A5418DFA07360
                SHA-256:84CF887D5A9D479A75366286EF926245FC0713A73BC339B38548A12C4C925DE1
                SHA-512:FA3FDC01D6F4E727F2514BA3B19AD49E79749E7C63DF5D02BADB297D95629049842772FE673983A82DEABACD151F167F9F8D614A9B72053E45B09C1BCBD11A0B
                Malicious:false
                Preview:......H.l.?.H.Y."k%.....g*...$..LI..A...q#...Y.zK.. ......+hl..]6x.r.St z9.*..1.n^.. .0U:]2.X....${u.g....o..K..f.........V..-.....s.{p.Q3..>,:.T..V.f.!...L.R?.;.{.gtl..%.'...v.Y....2.._..nn.x...cG.T.Y.ix.!?..`....x6.@.~J]...y.h.{R.I!.q@.[..e.P...U.3...^g>..`7.ukhO\0..1S.[.).`...m.2s.dc..o'3X..W.j.f..............T..YH.g.Ho^.e.c......oh..d.2...8.5..'......./.i.......0..x..[.... $+EU.<.....;....< ...CG.n?.M...8..D........W.U...o.?...,+j...&@x5..6.Q....".d.q bWh.aM.H...=.....^M..d}$......]......~.f..>..#.:.?........9...G.."...........6J..C...J.=@J..?...k. v5..c../...2.U....wO.....:.TZ...D..'p.}.Vsy.P-....1AbJ...g..2w._..E....K.7Q........L.Lb..0.....0.-+....;.6.....\B&L.sg..P.D...l..Q0(B..G..H)P..IX...=.!&...)..;4.X.jx%.......2[....V/r.9.q.uR...%....`.K..`.MqY^..pF.....}......H...|.I.....|..5zuQ..@....ry.GQ.PN........ WF....,.....i!...%F..p.R....<.Ct..\q.Z..@}._".Y...`......@............W.}...9"!R.F..}d}y...i..E.x...d..r..\...o.#}C.`..`.....P...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\219__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):7.005791626543926
                Encrypted:false
                SSDEEP:
                MD5:7A9D4435AABCB229C1C66B6E2FDF94BE
                SHA1:66451AF232E80B1F463BBF84F9862D9263FF5964
                SHA-256:E5956CCF32E033AFF0E274DEABEEA15286D1C86F8BAC759CCA05B96178CC52DF
                SHA-512:0F66D1F27269BBC33241CD98EB68C94B1121181E003EBCFAC8A0A1E76CFC776FB10A4609B97872CCB18CCBAD6C4B0A9D80BA89E7314D2E2497BD5B5BE0016E46
                Malicious:false
                Preview:.....M.....x.XK.C%....0.4Dr.....`.}.X..}(.+`...n.7L.(A.4.h .6u..2.=..`...m..%ht...G.t...?.;..E....o.KG I..X........9.r..P.j...I.......c.k.....[...E.b..D.|..t.....{....SY..p..z.Hg....0=o.H.....%..z..Q7.5.'^.......g.-."..vA<...?..M..k.n=H..n...G..P.*R..?$.w.G8A.#1....'.D+.4^{.].l.lQxd..8L.x...r.j...&.zn.>.r....{H......]......~.k..]d...?....`..#..M.N#n'l.G....<BB.~.;.....$..C..[.w....?.@...AM....u..c............k...t....).i.*p*. .&.a..'e....9.CU..9.Gj.\..9.irk*.8l^r...K.../...q.x.O.#Q........7.r..XZ.z.|'pP....L.j....|E..7...+.4...)...g..I.\.h&......T.:..\..h.C\.b..$.U..c...;\Yo.3...[....-.....[x...&........w...p..Q....6......{...V..../..a......p..s..HN..F....N.3..f...Z..T..k.>..+..w460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\21__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.549559412941272
                Encrypted:false
                SSDEEP:
                MD5:6A625219E04D934BD7FA3E3C17322010
                SHA1:7366CC05907A911E701DE97559B8B5F2383B590A
                SHA-256:C291D6CFDBDE99E8901CFD586C47B06677B7A592853236BD493CAD653CDACB7F
                SHA-512:CA973BF1046238DE6328E5D03DF34A6934D319D16E91911A616338D6178083533A907B1CD1EAA52E8D3CEC7E3EC9F67C4E738E4B40E417E1A9B5D8BB67D833FB
                Malicious:false
                Preview:IH.P...N2.....Gr..{..]..h.^./..!.*d.;`.E.Z.=.w+...`.v.-.Z.;.B.....c.Ll.j..(....A.o......x<. ]1.....&.I....c.$|..4is.PH..%.;....... 91".u{).}?C....m.........`..p....:.;......]...&....V..Im".h*....{..yh.).)I.]L..!..P3^{..E&..r.m....n../.....@.-74[q...j #.]3....W..w.k}.e^..8..ig,V.....8..PPM....k3......W..;^.c.~.7*).....c<...owt....><N..@B....]E.%..kt*.z.42.L..M2..s|.....w..UhD^.g...;../...]^......&..R.W.*.}H....V...!!.Q......H... 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\220__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):999
                Entropy (8bit):6.578578204072284
                Encrypted:false
                SSDEEP:
                MD5:04923D8098DD8A5D09019808C7439B80
                SHA1:BBD51BD00A6FB92DB1D25E3BF2985F03E988956A
                SHA-256:8BC2FBE11A109AACAAAF75ABE1D302AC669F0FE1A5A2981A57975FCC686FDAD7
                SHA-512:2B081BA1EB4A30DF1FF775B0D8A08DA3E3713A3E422D264A0DCC2AA9B0E1298AA0A1EE0598261A30627EC3FA13F94FA06E04FF1A88027044A18604E5AA4FE361
                Malicious:false
                Preview:....E......]..j"!Q..~t...[.Z...v$.'....'..@......oF.K.6z}..m.:.....S..yP.Wx....Y.........Z..%....lB.v..../g...U..7..J.F...{a ..fn.....gO.O8.......{...Qj.a.YJ.6X.b8;*.l..Q..Q..)..AT...v..;w...{.....:.8J0.r}O..H!..{.p..8.k...W.D! .f.f..|.'.Y...3....W."k..'.6h...$.G0|..O.:zXE...,.CA...W;$3.7.#n.A.......Vy.B.g......*^......PU.....H.....5m.'uD.R...7).&.-.}f.........f<_3....Jr.i9.Z.v.G.=.=........S-.Ynq...P..A.a.X.........j..k.U/."...}})..C%v1....,.V^..^..g.......U.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\221__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1294
                Entropy (8bit):7.05619798048749
                Encrypted:false
                SSDEEP:
                MD5:F14D606D98457BCB1DD0D3D61FC4504E
                SHA1:2431CCBFD07D344191841AC5F581EFD4C46F441E
                SHA-256:0B67515572591D355F0DE4ACB945425B352566860C0E3C1946B481E401E2278B
                SHA-512:A5E5C914A40E3AC49BBFF5B4D5C7489E43B0B3A978459DB1C6BD8823B03144882145DB463C0CC1AA76E86701D36758FE855CC175450A4E0C18CAACE7CE427850
                Malicious:false
                Preview:..x.g_VX.K.&_...*Ak..Y..R.%.p...e.(Mz..@.b..P\(.+!.....b..h.<..'8..|.[4L.....y. ........gS..Q......h.*.N..x..0$nk?..;.s.P..r./........y..AxuP.`..vS.{...a.M..KDgc......$P....v1....L\E..<....y...GS..$..=.95.9v.?&[S.....j..E..2...........s=.P.4...;..u.7.....[4.6..8'...<.Tm3..n....]g+....2 m...|.YC..J.....>.9.......y..v.-.h....../."p.D.q,..$i.......X..;,.79.DH.GVL}'^S..v0....?.6T.#j...M.........*...NdC......#...<"..".`M.....l..,..%..V...e...2s....?B....E...V...+.w.,..&M..O...]Ft.;.<..z%.._..u.O\:*..w...8)...web.Q....{...@>..h.....P=..&.. ..6S..7...(St>O..E0.>....e.........0{xO`A...tS...A..7Ek..(R/.w..Z.....l....B.'..mRu...:e".j.T$)T...,z....]m.}..,..zq.F.o......."..../....eu.^V0.b.!....;..x...%..^..kT.! .!.J..ob...0..%-;"R......,....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\222__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):995
                Entropy (8bit):6.51936726566224
                Encrypted:false
                SSDEEP:
                MD5:9C19B88061953061A46352F64B98EAD1
                SHA1:785D73B9A5FF73DA418997D40F329F2999BB423E
                SHA-256:CE81F68C36AEB215F625476616BDD23A3E5C072082776A3E4F71F7F558FA4E27
                SHA-512:308D678365BD3D7DD0FB044570BF58EFF6C76070EF81D5F17FCEC3BBC976F9245B5BD32BA6F5BB1308429D0DE960D8363963903FF42AA5746F912235488918A3
                Malicious:false
                Preview:y.cg...a...i...j.-^q...g@.Pw.gO.SS.UCV.O.K.c...I..-...e....,3#..X..=q.|.*....^.....3...[v.....|...i~6...R..]..;F...t..vU..v. R.fNT%f.J.,.Y..y.a([]...:..wB..A....+-q.. ....]...-'........A.......\.......\+.....w..N..0k...'.by..(...$1...6.u.*...F.vG....9e.a.jW.3O;._...zK5.c.d.QA.....=...c.S.Mf-..JY.S...4s<.7qM&.2...m..#yM...4b_..P..w[......<9&...+L.l.z...e..4..t..N..01b].EFP.:..L&..R.+oE..Rj...Q.zJ.F(...._[..K.h=B(....b..U.k.....;I......rb.......{j>.~....loM.E.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\223__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.561968190385288
                Encrypted:false
                SSDEEP:
                MD5:FE80F845BA54752BE4C849A4BD77ED34
                SHA1:365A37E5E0A12E7139EABF2234C0808E812304FB
                SHA-256:E05ABD96680F7DE36A5DDEB29E204D5852200E78758AEA20AD977F0636E8921A
                SHA-512:00F2DEAEB4C93373032CA73536B5EDE1455897A9BF1508349E34361E8948706CF60F56B281FCE41125BA48B6E844A7042A82D764F7C12B93ACCC76BA60292C76
                Malicious:false
                Preview:..^b.L ..o3v...oD{....K......;........o].W......i..._..>.`............1.i[..Q.....U....@n...u#.K.\.C...8-...w~.]..o_.)..c&....{F.-.....Y...O.......pw.Z.O>2.....Q...h&...WQ..."..........O..P./Bv\..[.X.....@.K..^.1<..T^...4hV......4.......K..IC......0VE.....?..x.j.$}..%....*.^{.Lwh...t.....;..a .:.4....|}..:......I`.rF.0.......`I.S......NW...j.?D.....cO=.....R.^....Cp...g...N..v....g.......9....~.d;..:w...`P..{V......%.p.`K.......S8;.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\224__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1220
                Entropy (8bit):6.9662245175769435
                Encrypted:false
                SSDEEP:
                MD5:C292856AF73CFD04386B1F82A48D6C3D
                SHA1:0DC848617FCD0D34A025871D268E0B21465C7298
                SHA-256:AD7CD25F6BA199E7A7F21F003F186E9C7880CB0B6360D43557BAF82B83BB1E05
                SHA-512:4AFCC9B8D266B3F520ACB0CD9C93B0FD8AF253679216685C1ABCCFC1C1E70F231DC787FAF286DEA24622BEABE3BD00A1A2312F5CC1A6FAF385E07FC1136135E2
                Malicious:false
                Preview:....N..<r.`. ...N.?..&P{.Z...Y....!^.@......y............&.q.y...?.i.....M.-.nS...F.,i2_..-.NGC....+.....k..Y.B.Rw..c..m."..QO....V..*...p2.....x...R.M..._..S....nb?..v.x3lH.$.GH..k..,.2..R....h8....|x.4z.z..#.`7......Z...`.e.G.....8.[.2tS....T[..H.g5.Fx.........._..[d......A...Hg.p..*n.......z.Jn.......>]......Bg....Y .C6.`.<.rN.]%.n.Nt....../?.a...s.k.?.r."2........t.....Ky.~'.80......g%...I.9...fr...~i./.y/1.,u/.....x.2i.q.pH..w..a >.."C!.../q.m$<F.'./,.&..Z..3..T.9....p&.Z6&_.h..|.j.=+..s....9.}6.....M\]...jl..%0..Av.X..a..f....._...81|<......X....&!r....+_..........8.N...6..V...X)rgI..A.x@.(........z.m.[ .q..Y.O''W...n%./.f..ex...(...;..d.>.....C....l..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\225__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1161
                Entropy (8bit):6.876558284510371
                Encrypted:false
                SSDEEP:
                MD5:9AC3DA722CD90B7A9F6F0CBE0E72EF21
                SHA1:65D7AB65553CF1D18B41230D941793839EF56790
                SHA-256:3AB2BDF208856F01247F4CB76910CC6A4D14317D914243E3A77B94C3D648C38F
                SHA-512:0DAF5640987DAC55F30456BA9DFFCCB45929B3B47E294ABF53B99014D996D60008D08773504598E973A1D18119C593EAEE61464378B2B9F9CE42A581B29773AB
                Malicious:false
                Preview:/.Tk.a$...`.......;....Q.R.G...`}.....f].|...l.z,..K..B............M.R...+-.p...^..P.D.?l.V.......[,.g....:.....E<....lK!.-gg..{..2$IU.........MN..?Tu[.z.~.....\.vr.{...[.....2....+.x.yW..On.....[...<.... ..I.O,%.....~.{.Z......Q..:..,zID...\.`.Qb.9.V&R.1s..K....C..H=.b..uf......T|..h.a/m...o......>XD....]..V.....EEOc....p.a..V*.. N\:Tl :.n.1S....T.z.n2(..i!.n.-...Zk....J......S.N$../U/0.,...E..M.K...).DK. ^R..mq..f$7...E.........G"k...BK...f..%,.o......\..jR\$@.....{\.c.........AP.......F.......V.l.n2whp.$....}.%6.1.,......x..%d`.I....h..dTm..5....r.p..[).m.%A.|.8f.:...E$..o../O.O.^.S..A.(..r..9.kVQh...D460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\226__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7653733752292995
                Encrypted:false
                SSDEEP:
                MD5:38F2859EEE526DA7E6ECE48FB55CA3BB
                SHA1:28DF6004FDC98F377050747439FC8A27DA4D9564
                SHA-256:EF159F41D9823114D603F0FAF55AA9787534A1ABC123C95BAC412A96603D2E96
                SHA-512:8B3F06E1A492D1B138323806180327C87055315E1DE8E17CB72AD429AC3B353850660F8E81534072F5F1215D91A1846DC8C0FE7FA51960393EF75022FF0AD781
                Malicious:false
                Preview:...=-EP..h'..<.....]...@U.=......}..0i.......A...~;..f.ehk..GL.E..*R.1.`a...t..D..}.....G`41..n9Y*....P.Q.#..AK....v....T..R2..k\\.2.tw......"Z...u....Rc6..=.DU....F.?$g...LSy.LNR.)W9._*......0P.F.D..."_.!......+.d.pX./.EI.A.V.?..-...n\....._\..D.e.|+@...7G...F..>2...S...u...Sv........P.Q+..4.........e.N...^.{^k+.....T.2...&...Jj....g9.Z.2.;..~_".o{......H.d..t.:....{...0.@E.4..s".P~.....my....1............xXmq.gs...,4?.n3.Ja..U..-.W1.t3*.w..&..).j<..95..&..iMx....I.R)E.&....a..q.B.."....P@=.t......e...0.6A..z....S....Ls..&$..._........m..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\227__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.688633263287193
                Encrypted:false
                SSDEEP:
                MD5:8C603C3DEB80F012BA6243616776153E
                SHA1:03E213F905FF04193454671231DB34DED6AAA4E7
                SHA-256:09581FC12FF2B42955A32E7C91BA0BF4ACA92F30FF34EFF3D07437506CF76A61
                SHA-512:4F86A673584EFE98898512D483EC67C4F332469CFCAEF2758262F3EFF85D11377EDFDD7EA28A394985805881F885A8FF4E667BE713A0151B31B8FCE170D654FA
                Malicious:false
                Preview:..H=...)4@b....GL....a.`........Z.Y..L*....q.1,..T_..=.K.rx.}.^$..n..,h........M.;.. ...I...v..9..4....]E...6....|a..q.p."...?5.L....(r...].7<.5.....c..s....2..}C..]........%}.._.p...w&s..m.[.Q..'0..=........S.W...>x..o...(9...H.Kg.f+\....Q>...m...9..^.....*$.d....C.....5lQ....f.o.3CwW...{.....W..A..$'..f..uM..-......fz......,...$..#.dn....hj..[..{....J...S/].+Na.cU....n.H/........tV3.g\....8.vb_..c......g......~.Y..q......}..r"....q.ka.+x...1s. ....d....b...P...vA.......V.N......C/.........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\228__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):964
                Entropy (8bit):6.499705867292257
                Encrypted:false
                SSDEEP:
                MD5:BFE142C727A97A59F211CEE488A820E7
                SHA1:0287107AA058314014C1FB2F4F8BAD9748EAD465
                SHA-256:D8F199DFBB3BEEEC67E8C7CB869ACCD0531F2E6AFBB80EC1B267E3F6F1B8E6D8
                SHA-512:BA7FD4D5243562FDB279E07A9719DD3CA90D2F758867212B5BD60C99808A52F0293295174F7DBDBB0527286E74F9F8D9FF0D1ED63EB2E3F0FD439954355A5BCA
                Malicious:false
                Preview:.........<...b.........S&...\o..Lv......7#.F..G.....*..<.&..=k..J6.z'.G.w..."..cV.S<.H..a..Sv....tG...Z.b>xB..1};....0...@..z.(%.I.2:z.....Q.9.`..7e&/.+P.f...R..JO...rY.B.h...Q.._Uz....-......^..\.."...H.f....2.......^].S..Sw..=.0.T....hvi.......|.X.d.p;Z..P.&-....*.z../Y....}.<}u.c......;+&.".[.).....Qk&....u.c..%/.o.,.Y`gE...!.5+SF..O.5........gx......Q..j.1.prb9."U..X"S..D...........1.!..^..q.g.....cE+.H...7e*.+9.Yx.,.........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\229__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1381
                Entropy (8bit):7.13296597273594
                Encrypted:false
                SSDEEP:
                MD5:D1DBE546209864A23AE89EEAC1995672
                SHA1:BD32EDBA40E27F2881F1C88A631CA6C24C9F5D52
                SHA-256:0E400AF8DE73993D73CA5BC0B59BAAF7887CDF98FB4913A380FCD8C7A7D90012
                SHA-512:A8B99B074506022F54CED9F791E917CADB46E85F387893B808D4E4AA3114A777B313E80F512B9E51EEFF56446BE2D21ED78B786DC7787DEB109482F77AE6CA1E
                Malicious:false
                Preview:....M.je.....F..d}_d...a.......;..Zl..hd.G........P"..k.v........[......Mj...F[R. .Y........".1k.1..i.~..m...dc.18.V6A..=.^..wGp..<.... `..&...1.8$.iq....Bm/.......(.j.L...~..|....".J.....o1S.@\T....89......W..}AtdO.....)..K.96FNJ..M\.Q.d.W`.e...P...$#O.^F..`..L.\....l.......YE..I..e..9j....s.L....XLE....'U[.k.N.%.u...C[J9...N.k_z..9.y.%.'..*.7.Pe<+.ty.j^...{=...e#..#........5...aI....J@dt..L.q.Y....`....?...5..e4j........IP.....[.K.+W4......E..U..X...Q...S3.J.m>...V..O.3..t. a..d.rV.(x-...............M.e X..$..$s.f..N.y...NP....0.......7.G....K.A^|2...j.%......+l...K..<.?-..(.....$lK...gu.Z........8.7Q...Y..Y.b...%.....q.Gc.8....7g........&......;..,.{.&w_...^X.;.1~...0......E%...s.4L....ahh."*..X...MQ..!.q.......*......wq?Y..C....K..fj..~.M.`.>"A.?.0..f....[.."..S.._'C.......\.*D.}v}.X..'.Y.~'..(..{.."z.Z.../..4.....(_.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\22__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1302
                Entropy (8bit):7.027351297037608
                Encrypted:false
                SSDEEP:
                MD5:21548E98F9392080E5A57204B5ADAF9D
                SHA1:DCD668F7623C0427341F5EC2C9FAB48B1EE3912C
                SHA-256:63C2FB6FC57932B9E3C0BC3A2E8DF85639094459994C7EE0D77ED251E1355296
                SHA-512:D46C3040297C34F96DE013C16A3102907DA1675EC218BC6580EF83EC0A8A7717119E1E108054FBDB5D86ED7FB28736E20F7618B8494D1005C9F0A543473F809D
                Malicious:false
                Preview:..,-Y.9TH ..YT.*....<0v.,iV.]M.o.8.k.6).r..S..hI...L...F.dWu.(+......Mu...g.%.1..~.]eD.((.h..#.b.l.Au..ev..l.c5..D.#.."...r...S.3.a..+q..L..}....|=!.w.$......X.....s5.4.L...C..%...vX.]./.vB..y....u.F6...p*..#Vgt.m}tZ5....$$..0@.Q..Bl.*Fw?:..).l9..Z.......JIV......=....!.JZ#.......=.k..=[._...n...<..........E.n$.n...1l...)..y.r.ht1..+..v.4......O.|..v....d..)w./.(......_.....l.........h.W...HC.....6kQ.:.R.=.2.......b.B...w.F.....#Q...........~U.YC.R@`.wA...:9x.?@.t....}...S....O[^....my5....j.7.!i......a.>..*o1.a...(...[.>..'6.lYo.\m.m.=..(..0.q..Ve..8..i.!.?....f..0_..#.i'.k...;<SS6!.b.'c..z..!..cO......@E.s...K..%...!W.n.6........ws..I..e{/..............l..R.i..|...*.a..aG:.>h...F...0.......M.....cO..0S.I. .T..O.6j.9.\.b.D...OAy.Q..~`...hJ.g460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\230__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.04090618218952
                Encrypted:false
                SSDEEP:
                MD5:836D1BF428DE5792853D4F5ED2F26029
                SHA1:0DD7E4617D5039AE486B0836962151CBA7EE5FE7
                SHA-256:F6FB21497CDD85EC18D313D2B84A0059F0CBAC730C46DFD75C91CA9A8317DB5B
                SHA-512:A66E3F1EE84FCF6DC9BCDB0EFC5599377CFEE8B78CF9D8EBAB0E384DBAE5B66FE61793E5C28E0D125508DB69678DF0F66D3BCADF19780AEEF58FD69BA1151D54
                Malicious:false
                Preview:m........hU..J....b..[..._~M.'@.\X.....Npf.......*.G..{.......[..~."3.{y...u^C.(.U.s.P..|.|5....\_.k..F.]........K+.e..;.#..hR.._k.Y.+.?..V:..<a8...`.4.kI*`...0-S..1. ..k.g..?u...$(..f,G...H..D..L..P../0._.....g.hks/.5........|.&5........~*C1Co..'.)...i.H.Ih\.......;.V\e....B(U.....(.....F... 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\231__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.969898256335335
                Encrypted:false
                SSDEEP:
                MD5:9CAAA8AA6318F71F29C022ABA193C806
                SHA1:84AFF6C95F1775B379102091AB5A726ECE2A7657
                SHA-256:95FDAC124FA5C54F4E6A3032D1F0EF8473A118CBE31F0A80829FF0755F5BCDA0
                SHA-512:E736CBED7B9575364621E6EF3CD024FBFE263C71CA6A8861A8BE7341B3F41654EC3B5665C26BED0ABF985BFB1D32554070B84BF969A04BB7DE9FA9D79AA9D8E1
                Malicious:false
                Preview:....-.....w...#....m7.d...)....Z|EQ.lq.8..\.YCu&s.....Z........r..;..\q.M....zp[....XQ...Iv_....X..s....72>.>.h:'[.......{?1..Zai/.]n.O.n.p.ZdMi".M#~t...........b..P....f.z...........J?v...Q.}....^.E...2"..8.]<....V..[]7<.'..........G+i.B...5>.\.].'ds.~JP*s.......?.v8<...nH G)<YZ..*.oPH{...Hn..?3.?i.d.{..R.W..;..s....7s.}J.1"......~wN...{.>...........;....*%/......W....#.c...!...f......U.0i/t^.#.q..zJ,O"...V7G....+A.\......2S......J.>.ea..@.8z....IS....?..`....s.Ee@...X.M....._...2.P,..^U.Bz.wE.....-...H....}...L.1h....h@..I.....0....E.....7ql.p.f.3.....s%9..t...n1..}...W..`T.g4]{..2...6eS.=.E...i.O..P.z...r.f...".:^@F..x..v....R...~.*.../....u.m..v.5.f.6.KN.$8..b.n&...Y...QnU..q.3..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\232__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.991666334242135
                Encrypted:false
                SSDEEP:
                MD5:F0F31857D8BB158415FB0D82998D9A72
                SHA1:AB5F76F2E56CDDC5A85B9FCF3D1E091BF98C00B8
                SHA-256:43FE445EF2BAD368B2A7CB54B578BDD28269EF8B9D34B8E0D5F16BFBBC1D4BEF
                SHA-512:7D061541506CD1F7D8EB44F180476D2F05D92464F0DE4B582DD1CF716D3E206F9B83306A744B21A82A1704063045AFBA303EAF0074A085119EFE76D8F890CB89
                Malicious:false
                Preview:.]...%B.h#.....2.e...W-.x..09Y..]..^.~...fD../...'.[...N....aq...6ci..... .2....^TL.....'.^.. Sz3..6...ps3O....1....e.gOaOk!.Ri#...........?Nw.&\.W.o..l>_+B...........C..@.......-...c.d.K,{.y.l.O..p.~$..l.t.......u.P.1..2..Y......pb$M.r....]q-....x.....;=m.6.D,:.m...U.Q!\...[vGg.k....T.:8..%`................R0K/......jUZ.....s...z.,e..u:Cv......@.=.3r..BOrN...RbT..?B..#.........ps....Z........]l...{>m....\... .f..V..j_K.Ro.bhy....;.._..H}..W..).1;....)Os.^0.#.s,q.......N./X.{+"l...E...._`..!.?)m...YM........B]...O3..e{...i............n.Xm....@.c.X4..O.|.|.a.@..q>.[....o..b}.; ...e.-...... ..np...o....IK....dF<.km.`.c$/..(....x...?...I.Uo.,..E..B.~._...........|.J..l.8Z.K.AW...aM460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\233__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):982
                Entropy (8bit):6.479258455384721
                Encrypted:false
                SSDEEP:
                MD5:885DDC69CF32E55EC5C9B86B02C7206F
                SHA1:D1BDE32695B62B17AB241882B8178B81D742F484
                SHA-256:8D397D67E690C761CFD1A550A1747FD613FF0B6EC07008B5B173E9D1A381FE45
                SHA-512:ABA8D32C9E0E6B36813B784B552462D1A06EB5C37470DC232F23696C17AF9334C379345624FF37A037063C5A919423A2F02884DE77B3ADF1403ED084C422BE04
                Malicious:false
                Preview:.x..C...A..y.`48[u.:eX.8.:.m.y.-....}.....(.x..$j|.[S...:..9..T>.;...Tm{gx~...x....mAj..*.....Un..s..N.+...:..._y.w...`..4.z.nn4....7.lG.>..a........E...4..9oH.....]\...b6.gu1u.P.....ov.*-S....jMqr#B..8a.....8.........e...t.~.@.....a.J.....:3.3..nW..9.}[[.'VV.X1bI8.T..*..j.5....NcDWO..-Z.#He"j9.'.0...<....t..mZdb...uTx6V}._q....O.....a..?.g..Gu..!..0.!X...S..D.r.~0j..ZZ..5..i..j..".-....<..m..A.A....0.|..@...+.,...H.._S...HfN...Zyh..J....E.5.=j.... U...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\234__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1370
                Entropy (8bit):7.146233387759618
                Encrypted:false
                SSDEEP:
                MD5:347836794D2045ECA889AC1E56770E10
                SHA1:BD7C6DB98FCB37169686BFB4F4BE57812842E5B9
                SHA-256:E226EA2ACFD14D6E5EFCAF618CC737BC320A4579DC0029AE84FBE9B91ACB2B0B
                SHA-512:A48DB31006E24982AA1EEFF2067431BAC7EACC03FF29CAF6998C8870DE92B43B795DD8EAB3AE6371C236B9C79F525270F119B932A301A70874FD8E1D05C36515
                Malicious:false
                Preview:....u...^.Sm.....H.i._....&O....M..!^M8d.............V..._.......r..~h"..n.}..^.........oe...6...8.WN...\?....-.K.H...._n\....-U......^.Y(a../u>rs.....{......-@)...... ....v.Rq.".wM....[*"4.c.....$.5.... a66.7....g...cD^0....&$...i_.@KPL......[.......^V.wE......+yT.....Tl3.".....!...5...a.....5..)..AMas.....u..K8...X.C..]..OY..u@;#.-...........bt,.%.....K.2\1...n.b..........d.|I..5.....uF.o..)+.6J.k..}%jE...s=#.s.N.%....S.......s..+.=.i.._..7...+ ...x..j./.......Z]..G...V..".J..x..G.;v.."...o.....m.N.....?8E....U..#+.,............c.s....AI.]@!....T.....|...CI...)(P......r...q?.W.....e.g..HN.....|T......]...7..!.F.D.4....r,....^TQkr.....S^.f~f.A.....Bj..5@.7.-....J..u9.JO..s..w..:3.......#$."C.a@..m.M...".e.......6....%......d...wM..3.W.....].Lz.Ous...t...s.x.x.+.k.....P.x....G.xV..KOtyh>?..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\235__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.78147603678592
                Encrypted:false
                SSDEEP:
                MD5:723AABDD2251ED12334E1AB3F160F733
                SHA1:6D3E27E81A2B8FA4753DF8F8587D036D1EAA0DF8
                SHA-256:A001E08D69296051D6758374595B597E00F8720BBE12BC415354F6667DC3BB69
                SHA-512:AADE956745F05A5D2BA768E31E3EE18239F1A0D2706F1D6FBF5C16D36D8248A3FEB67D4E94BF925737219CA124D5795302EBFFF0DDFA80D960ACB0AE81A2D1DC
                Malicious:false
                Preview:uh....".i{X.i.=>....Z+@^.pU..T..3..R.W....Q..M4G.V.}(M....Au.=+.2.E.`..m..l.j.%V.Y....'4.bl0.......mW..y.....D.co.H..._{^.....\..LZ..N....Z....k.....j.(..L?..J?......-..~......;x...|.w3...{...S..0......+.0.V-........3.....Z.-.......8L .h...Q..,Gp;...5.$...AdI.U.....]3T.pV>.-.....+\g......Q...m..Z..`..U....@....Q.x........sf^.l.....N.!yl...,i.(....&dZ...s....r.!..#.)"B.....j..?..a. ......."0!..i.pV..<..{l...wT..K....}...i.N^].....n...h*..g{./....v.t.;.c.S..).[k...3;...-...I...@.,..r.....r..@...0ltlD0.:....W....>....{i2....6460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\236__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.628419302118773
                Encrypted:false
                SSDEEP:
                MD5:08BF9BBCF34EB11CB208BC12451E4986
                SHA1:5D99ECFA0612637A4020010BB5FA47391862619F
                SHA-256:53350FACC29C6E39849D83DDB364B9F41FA3D9D501E80A7127978DD73A8F8EF3
                SHA-512:7CFFFEFB7D5DE6917A58317E6537724D93C63393DE8BC2B11D78D1C628AB8D319780714F6B37E2BDE1ADB8C9420E788A64676F945B52F8BCE2A38E05A82D043E
                Malicious:false
                Preview:...Y.Ao....r..N^.A...I...`...u.......u4...F..)..f.4tTz..7.K..w..........|.#a.2....uZ.g.5...2..$'6.K..J5.^.....)...]..y.b..E....b.8)..B.0>b...~.3...g...]}.. 2)7.F...lU....\K5-.$.#.<@P...X....|....#..#..'n.F...K.!....~.7B.I(...l..K.D.,..~.m..j...Dr....p..m9.b.. ..V.$.F.k....a..W...q......e9.VZZ...W........9....2....=.Z...J.R.E}&.8e...@.........`c.M.{.|.[.....g_..d.... ,...Fc]"...A.u...P#...-..`..`u.sz..;....j`{.&..L.{. .DB-..`..q....:...,.9..y,..m9.....CB.....*...........a.4B..".. U..G.`.G.'.).].460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\237__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.50006110325842
                Encrypted:false
                SSDEEP:
                MD5:8609369F73BCE715EED0DD755FA28F35
                SHA1:CCDF4FA5B13D4662275A3737632DB874184D1FF5
                SHA-256:DC6C1EF8E8490A0F726053F61A5D277356A558A172036C9941AC906477F94CE5
                SHA-512:07A1FAF1F1BC699E5F111183E163FBBBE10E1D42D19B6D4D6921517B706F3E076FE88E17CAADE63C8E2B80257B7C749C22C3C5A0CA22409F5AD6B2DD4E7922CB
                Malicious:false
                Preview:.7..5.K=..M.he.9..0...D.N...?.WUVU...GJy..8...v)|(.......N.?K... 9...O...C..r....i....@.dj...6.s.pw..j35P.Z.R.....Kk....B...&T...]..[.H..)...@,..7*B.!..<.^.....j.v..._..IG$kR......7...irQ..iM.].Q.....`.<..5..T!A.j....C.l...dY...QU...&.1...J.....(...%..*O.`....L..2_....I.c.y...F.......^......J.h.|.t.."..#...../.ql.-.K..._e.g.j..X..gO.f_`4...-..07n*..|...MH.._.y.(.RK....).....>.C....?...E.qt{FL..n..H...r.,...!.S.,._460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\238__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1220
                Entropy (8bit):6.9420997663916815
                Encrypted:false
                SSDEEP:
                MD5:FED92C331CCF2F5F4D9411B290A9BDE1
                SHA1:E0BA99E2EDCFB4592BFC39CD522F56D6236079DB
                SHA-256:99EC0CD3EA536CEFEF3CC59DEE480A2756B540F70E2216F2C24A952BF66E6EDC
                SHA-512:130FC00BDF735D077F14E349BCBBE99E2320E3E6C40E58B2124E01F297F38157D20139A4E17D8695449F11973A12855F960155E9998B63F1CFA50E7D3C9CD4E0
                Malicious:false
                Preview:....,......).U..."...;..X.^............>?..........t....F..}.(J.).Q.:.4.W....V...e..*M.....0..(.UG.....lh.R$~..kF....i._V.1....0.`..gk.QR.ZF....(I5..`z.^.M..B.....U.".^o...4.u.}....vN.S.....gM..8>4.......yrQ....c..hL.Gs..{.'....,..O...H..#rl......P.M1..P.+2...b^...."hR.M%*8.[..~...`......*..1.2.X....@;5..}.fE....F.}..!$..zv...`l.....r..^]F%Lh..,.'...&..5.U#..D}2.a.s.].............o.iK...........;...C4it.aw.L.f?.?KcD..`.H....Dk.f,v......25..KW...t.VH....d.$x....'ga.......j0?..$&..d%.!...!h.&*...rq.iV.>A..t...8M!tN..D....<..e.;o.../%..8...}.u/....[Oh...UF.Ne....9...I...,9N....lu.%.b.....q`............U.4)...z....W.w....2.8WU...d.I7".I..Lb.&y.Ha.&?..d...NS...~.i|..i7...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\239__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.78494843174201
                Encrypted:false
                SSDEEP:
                MD5:B58F385135F354CC1DC21CD206E444F9
                SHA1:07C05BAF22CAA174AAFB059D063EF8A115234BA1
                SHA-256:DFC7106FFB54C9A2E19BC2D5E2F850A3F294FD9B3E15EE599EF863AF9C293FCD
                SHA-512:BBFE5F0E071866DCFA95CB7DAB6F12AF9AE1AE8843D437C4A46BE8DF72EE9CD95EA1AC2B5426EFC0580FA1245E2332B8FC21310A641826EC3DB1D6D02711CD4B
                Malicious:false
                Preview:R.*!:ul.,........7.H./.+9.E#..q"..K.....F....`..Cb.b.?...h.9D|.o(qv.L.~Z....Wv.([...gD..=b+L....L.Lx..........^..n....cW.Kin..5.....Z.....t.....|....+R ......C......G.)(4M.S:.|.7S.m.-.....S..@.A;4X.........HF).%..u.U&-....^E...5M.u.^..\.\.t@K'.ge}6}..1T....8.,..."&.K....2..t.&.h..K....#]g...)p....t.w..... .}n..4...+.....\..3...v.|...`5GrO1?.A.....#...>8..mu).......$...f)..92!y.v..f.]....k.z..J.W]..sJ.qb..\..|..Pc....I.$.?9...U....#.XSx]......sQ..R....].!... X.W./....4...".{...V.o......././....%...O!.G.u=.....&..Y....p.i..f....+.$(...;c..\|..&460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\23__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):987
                Entropy (8bit):6.566516668338429
                Encrypted:false
                SSDEEP:
                MD5:9C0C182FF4AE7C19C4B117135E123E23
                SHA1:FAB7D87CAE7E7C063C80EFED99A1DD315B187635
                SHA-256:7F61E243BA3F8CD92D48D0B380573CB49AE2DCD8B6731D950B0E2B4969F62EC3
                SHA-512:7284ED0FAD21C932CC6A318AE059CD67D17F3C503CF4B72D6BEEF6CCE873992226CE4926C7BB92B8895026A8398DFCCB81CFA727346E3532DCA845BFF60AEF18
                Malicious:false
                Preview:.....-.SW.a.gtA...wk.....L@...t.C\E..r....h..6.B..v... .[.b.q..g.N.^g.yg.m.7.].Ha-.g._..$.Y/..%..}.P..+...@.oC..T.g.2.z..O... ......I.?......6..).T.C.q..*+...G...#..&o.=..I....<$..y...77..O.j.....l.x8,.@..$5]....zCz. .!..8_5.".Z...o....r.C..I.\.,(.$i.+........w.fV9e.S.C....r..-...n1?UM..T..H....v..(6.M*.{.K2..c.&.S..ab.p../.z../.tKx.xS....%Q..'j.z.....;....|...<......Q.p.}..........~G,'jS....g..[..e.<-J.&M.#I.....4..K..N}\..i.omio...kQ...Q..z..z...v}..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\240__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6602050430943756
                Encrypted:false
                SSDEEP:
                MD5:742AD7D17B96333BF3F047E8CFC9F5E9
                SHA1:7CF4AEBE372485D91D049950E443ED25BDD1D4A8
                SHA-256:88474F12D2BF2168515199C6251056FD40891628D327CB7E8CDCA31D6D134C3C
                SHA-512:CCD0928466A678CE40FD006EC961AA4D3FF57406BDDC03EDC87C4C6328105E288F73EBFD30310B7866B1A86BD0FB745BFB7D564F7D27E3D8CBD2B2088EABEE1F
                Malicious:false
                Preview:..S@![r.L.J...")}1.=.g.5.m.\z.j((...G..g.....e...(..CC...z-t.u.[.w..~.y..Y.uN0!G9.tL..wk..F.1..O....._..%&,R...'t..$Fz.....i{x..B..%......f..#..]6..C..=.......).}.)...'.`.;!1...f..._........<3.7T..W....%d.,W.r.p{.+<[.,S1.(..V.j.......'.....q.&yF.....,.....cli.98..........'E.-!..f~/.+.`.%...,<q.P.W.E...DwB.A...M...&.3y...?...Ne+.@..&...(..+L..n`.....<..VC:..."W,.....8.F....{.....5.M.gB=.Wa.......nR.A..?Ui.......I.B...0y.n.5e...D`f....f.##.O...........k...~i.c.>0m;..C......o......Z1./..>.Z..R0(._Xz..D..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\241__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.486340781741177
                Encrypted:false
                SSDEEP:
                MD5:E64F756793ABDE05430E8752BB3D9EF5
                SHA1:7918E2DDBF76D4DAC7A1D9486827AC7B58DD64D1
                SHA-256:B0186293F78BE899B001D30B4ECAE66C7B898B96D8BE183B8BFB49279A85C187
                SHA-512:9D46109C4238ADA9D4B57F31570CFD730CE4B916D5137C344C33C116F4DF513F507442A79255DF5AA18F3C7B9F764943F18EA97873142A2C2CA06A27A5B05249
                Malicious:false
                Preview:.e..X$.z.jO....'[a..:.M.C........=.B..md.?*.k.{P#Y..`....wP..t......R.....X...9<&S..32..|......RTt.0&1.>..Z:.m...z....R...i...f..}..t..M.J..;*<.".|.U..`.<.......k..1.H..c.?f...32k..p.X...J...:s:)...lh&hmm...Q.(..... ...:.J..^.L_g..X...l..T.S&)...60..G.<.z.;.Py..SQk.N.<,..b..-.F..!....y.+.gf...Q+=G..\-.#..4.X..>|.|y.Z...@..a+..0Y{_...c...~...4S..6D..,...[....Z.2.m..Z.~_..D>....'....hwx..KI.........,ntPH.?.?.C..'..z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\242__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1235
                Entropy (8bit):6.950439273803286
                Encrypted:false
                SSDEEP:
                MD5:480B63555496365D965774E814FC547F
                SHA1:DE45C0429D4FAE111F2C836B91D8B09E55A336F0
                SHA-256:30C23E2563F09D958AD33653F335D75AADB3A9046B47367FD6AF7AA367B882DF
                SHA-512:C9FB7404FEEBE2E5F6CB77139BEFA4B46FCEADDE4AA978D682176B5AE51EEE5750E534D8274BF1B08D223BF7C10BB2EAA12522368EAE586B69D2EA1E566A2D26
                Malicious:false
                Preview:r/d...X#.k....8.._h{r.....T...I...2..=....b.b..j7f?.e.H.b..w ..r.........&.}Cu..r.-..-.I..ui;TF...Y.h3..|........f6.N`.....=R1*..$?.G.o....$..hv...F...YK...xk.O...e%..l...5r@gM...0.D..K0'.p.....NN...qy.i..........\o/.......3g.c4.._.ON.......k.......~....nhqZ...$v...0..(....].{..i.@...U..q..*.<b.Q..ip.7*.... ..,..`.J.u{..A.<.B.NB.@en..+...]....W..,e.jm..d.p......*].+?.qhh..rX.N.4.F...(.*..H..q..$$`......M,......r.m....\.)..0tC.a$..........".....f.....N~@a..[._IQ"4.{....9..V..^.jy....R9S!fN..Z....9`...;(.-..`uZ.......e...~.:\....+AR]..2.2....C.h."..".Y....$-.....Mc!&...=Q.k...^3..vo.7W}7.~D.(.......G.Y.C.q..Mv.qv.L.:e...H=..b.Rh.5 p.....909....d.}........R...bH..8B.dj.'...._.........#.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2feb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\243__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1634
                Entropy (8bit):7.342883781024294
                Encrypted:false
                SSDEEP:
                MD5:3649E59EE1F6905F138D2E5E0AEDF7D4
                SHA1:303F084B0EAAC868294B3D24B9CEADC422CA546E
                SHA-256:2B8ADCB05C3EADB55847524C6B833CC48D430AD04248F1CEC79116E77F90BF37
                SHA-512:CA9DEDC6B80BE45A64C8B9F85295C5268A5F64322177020D3562E780124515E26B6454C2626D09CA9442C70BA3D0F8A2D90CC34911F7B21A13B0782940E3C183
                Malicious:false
                Preview:.-.v......4&...(<..&.......Dxw.......X..B..V}JK.4....T.-*....OL".,].......A...B.0.D.(.p....`(...].Kr..e.O{....$m....E-.[dj&i...k..i...k....q0.......F..$6..m.).F...-..=e...&j.a...y~..:.!....|#Gq*4.....[.E.F.....hs...|w4^..&NE.0..SV.. ....G7zz.AV.[......y{v.". .+.y8.fe.Q......^%beT.x.D>...........K..q.Av...Y......>.G...`..5.....G|N.......A.%um.....+.}..yf......Q....'..Gj...V...ua.....].".\u....{.,......N..P...c..~F....e#..J..v..BS..o....qI..GYi8.|0..s.d$...lj........2{.S..+5...*s...c...;.a)..D...E_..h6..JQ...(...4.P...(..C.....k........b..w...&..e.......\j....U.yko.wO..<....iz...jb./c..5u...9./...s.[.....|k|/y....*d...B......J..&.b.|<.*Ik[.........)=".."Qu.W.a..K.....8Qlt..."U.#.>~..]....Y[}v.5.....@..><Kg..G..........}...nnn.~.9.1.)S.C9....9..,l...j"......Z......?........B.n.T.@R2>......@N..... ..W.....s.H..+.Q.[.pCG.......BpN..D...t....d.-u.....='..1...r.....Pe1.P.1.;#...-J.Spk.Y........Hx5..@....g.. .y.u.Q...S.T.Y#...,..pm.zf.."

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\244__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1894
                Entropy (8bit):7.468139645239917
                Encrypted:false
                SSDEEP:
                MD5:D777DA8713201DAF124C5B549BFB3392
                SHA1:7D46B0CC23E808AB1F877BDF62257820FCF78F17
                SHA-256:74AEC4B4D244A5B631EBC167D49238B99DB255B867AE6354264A8B5F75C835BD
                SHA-512:65EFF3ED5518169B296152E99D1D8277A5853A732496E546FC0BE800A70281E10D41E1E9D05B72F0A96624743C2E842F52C9C0C2236A7B31722A88C757948829
                Malicious:false
                Preview:..!~.z...{.H.2"..C.....b.U.^4*......Ls..U.6a.N.....Tv........X..|.`f.."......V/..Rw...~m.16.@..w...6|...+.yL.F6r........4.'......m..4.q.o..,..g.......[....g|.B*!]x...$2..G.J|Qn....7.........g.,..}(v...1..DV...;....j@qn..H..4..a!./A.x.........8.V0..*..~.Z~....q.......~t....,K.?~$....B.v.E.....hx`.4+..mC...6.9....1..Ds.d..c..g....y=%..PBT..z....L.&.qq..h.S...L...I..<4.......}....u.R.FoNX..C....5..........\..B...M^+&-J...[Ib.2w.:..l.....zh.R.M.'.[.S...../>w..Z.tl.#..eZ..>$.[63..N0+}...5@....S.q..Ic\.......~...G0.....!......i.B.d.Wj..I.....1nI.u7.J}.r.2.%}g.<V...,=..6..B.,.K5...|...'...^..=....[..i^...!G......Yw..}._h..l.M`lO...T....,6..+.,.zMjB........nz.W.g.Xf..V...gg.t..2.......mE....9M....H\,[.I....+......T?@......&..).o..5..)......W.......T..H/,..._...o|4..$...\'. ..F^!...C_..N.....s`.../q..c_..S`.uk.....T.6}.3...s...t........Q4P...2.o....Bdb.9......=. .......R..|..b.2..&[.....=.!...N.4h=M#.`.i.S.9f._.U.lO.Y..r6.....TTe......].....m..c.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\245__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1012
                Entropy (8bit):6.592115283861076
                Encrypted:false
                SSDEEP:
                MD5:E6D0DBA3E5BB8A5E98C0324C92300A25
                SHA1:A3A52FDBF14E43534BB86F9EAE81286115ACE51F
                SHA-256:4AAC29FAE0EF1E54842B43D24A7AC1BBF1D798D3015D3190C6AEE7BEBAB5467D
                SHA-512:48E04318570D473CF9259A2F8DC37BDB46E32EF22297C154BCA42D8500CFD94568445EAF61E091D44F248E9E9D3BFE1D07D0D27716F978BE982972F85CFDD634
                Malicious:false
                Preview:......a..0f~Pm.....F.y.N.D....U6...{...../....c.G.x...j6...w.H...I}.KL/1KI.?..`..*....6*)..'...Y.te....N.bb.......9....n..&._ie ...P.....?.'.{=.v-.5..Ol..}..I.....4....FgKn4..B..f.dW....X....d...e(.x.5..@".._>9....+...q.j.j...... ...2Ew7PO.<....t..i...C.$.XZ.|O.!.....P5.&.y..A.".p..Vp.....2EIrf....~.G.9.....oH...EL..N...0..{.........Y.X...[...J..1..{....' f..2"6.<].R..W.V)r..X_...t.........d.. .9...)N...... ....{.........p.b.!H..l.......0%O..@|v\6:8..NUf......C.........Dc...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\246__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1304
                Entropy (8bit):7.075233395002409
                Encrypted:false
                SSDEEP:
                MD5:C2FFC8025F90A4FDFEEFFBD84DFB9B45
                SHA1:1E52BB99DE108497DAB339240BB5B2592098DBF8
                SHA-256:55C700F1B567025C7778EDD665B05254C3B066F6D9C145CCCA2BCCF3594560B5
                SHA-512:959156DADA9CA3CF569C712DA9AC9B1F9F4814B7B365FA2DF286E5FFBCC1A3BBA9BBAC627145728E43E62D4244F62AFACEF8D25FDAB1CF06D8806927CC9EFEF6
                Malicious:false
                Preview:K......@R...Y..k....#J..e..d..Z..".w.y`o....c.O...<......).Ia...u^..Jx.8..,R.........1..b.^{!n.@.f3...g..$'F........k.S.j$ ...[..E...I..V....#Yk........B.k...EatO...^..*. 2o...\.. M3.W.g...O...SN......y"!.~s]W.......,......]`DG.=*.-Z.......H.e..fJ.\[.Z0..9...<..W..W...._*.g8@.@..[..+9..D....r.i.b/.s.~..ld...74....idH....].../....!...\2*..>...r.6...CF...=..(iJ..t}w."Y..^.#..wM.T.n....pT...g&....N.....E.{.Nr.................J..i7...........DY..i.(.:8j.."[E@387R..xTX Kl\..*.o.0......b).=.<.5h..L.g.....A."H!3.(R........!hl........w0..g...D[....B.......#@...pvw...X.3...|...i.....Z......U.2u$.3...._...-,v.eCs.G..x....T....lUV}...G..%...j..g..B&...#.}W#.*|.L..2&..<.M...I...S.X...n...W......S...;.dW.V....&..H..g.j.0....k.e...U..]..|..$...A.7.w..r..e.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\247__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2340
                Entropy (8bit):7.638227760044168
                Encrypted:false
                SSDEEP:
                MD5:30D8088D7C40AFAE54EB56005A8E7F6D
                SHA1:DAEEA9CADA25FD940AB5D38963F0387DDA7DBCC6
                SHA-256:6E60F274F3F5E047D0B276D3892455522300DCF7851D8EF1D058F8FBEB949CEE
                SHA-512:6912B77BCB42CCADC5ED553985494D0AF6B99505D5913BF7741A86DB277FF3257A9568251E264AD4A1BC0F32462727FF509942EB9606FA281032B20904FDDDDE
                Malicious:false
                Preview:.~..........%.].B...;u.._.pV-0....}4......t... Z..6.....|C`..^WV....U.....%..6..2=#..m..O.(..T...+.....g...F.N.'...m.......+h./...Z...l..`l.o......~...NB..kg..0i{5.fk....Y..x.b-..).e..P'.u.i.nkh/......(............n]Z..Y.C,..4..LH.....2...#F...P)sX...QIhe..............B....J......l......Q.p.zv.M.^...T.rQ<,...G.O$...5...Hq.......b......0-..@...'.b.........g....y.K..A<.N.N..R..,....H....}....I$..w..os...;..o... ...e.......Y.,.!..`k.c......M...,.09.-.`.....(#.L..cU....9.)..@..:8..@..Xp^:....^5.QX.)c..]..|.,...VQ-+~[z..x.?L.I.)d>is"R.9C$..DE....G.a96.\..l..I..){E.<.B..R,...h...[.....!..9p....Z.....6N..G9w.;^.&.......nFE.n...^.X:...xEM[.{..:...h7...\...[..&...q.FP]>.7:..{.+%V.p.32L ..t.]8.,/.`Jw./...}...5^.wR.h...R#B..SYx.......eR....0......].L.".h.C...._.W.....1Y.=>...;^..'\n9?.i...u3V?.V.K..":.M[&)...U(...;2#..bX.i.C9#....1....b.C..]O....R..{...R.V.G..+..B.a.O.0.Te. )...Ch...E...GH?...Y.....eU..=..c.8....k1U.....p,{s..t....=......'!.2....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\248__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1353
                Entropy (8bit):7.117124501328112
                Encrypted:false
                SSDEEP:
                MD5:73F40BB2A7D92D4CD10D171D013321E1
                SHA1:1BEF806A49F2EF04A7CBCB7DE2FA6857481871BF
                SHA-256:DDB532B7F709D39778417F2D65D0BC049F8DEDF97BC3CA4F930CA0F8CEAF67DF
                SHA-512:483145B7D51A682F4FC66F16245FAF6EB174754BDB810B93B8BD464D458AA8E445ACA441F1EC2E27F81D3B251E94283A068F0B6ED8BE19454764F850F14B9197
                Malicious:false
                Preview:..C)qy..{...&../..a....3..~.C..l...]ef.1.!.GcE..'6..R....3..LW.[..F_df}Z.c........w."'pR..b..stm.(^D.......,....k...)p..........5.P..]3)..35..P..aD.b..j........i...A...z..Q.L](Fz..%+.cJ.he:.........\......:(...%....v.{k.|....a.v...*._S..........lu...rA...."....F._.|.M......n{5.r#.U....;2........j........$.C..+.B..8....!..[..\..L.4u...}.........V.q.Y....:K[..b...w..c..k?.1..r.\......O......h.w...@I-...b..#."..@..~~g")..M.W.S.T...@w......Pl...S..^..*..9..........3I^.....2.nF.1.X.-T..&..z!...S.w..0z.. .....A..F.;.....-..\rYX....<.`@w.....A.....*"=K5..R.......B..=]........8\h..M....K.c7.....%g..^..."....-u.. .:L`.&..w9....?...{....7...U..".q_-............K.@....x....$p {.]....5c'qR|.'..]e..U...K...C/.#...R^....>.......9.Z..B...P+.3K..oe...&..H6n&.\.g\Z,n..<.b0$...t.<d~.D..6w.Rm.T..yF"-(a.p.'D.G%~..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\249__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1154
                Entropy (8bit):6.803874028897926
                Encrypted:false
                SSDEEP:
                MD5:04235CE0575DCFF7BF4779052AECF4F0
                SHA1:8986FE562595D70AA9A11FCEE4E985A3769E440C
                SHA-256:F8454C8EBC6509C00F6542A96D14D728CE0D78ABCA7191348A33C85D9439FC33
                SHA-512:D0CB5E79448298727207FAEBD76DD2D53DCF8F6C08AC17F71D50A329AD488C65551FDE22DA3A5A77905202DF83A5D329316E1261B8BF7F816E207AB25F387097
                Malicious:false
                Preview:...-....e..........>.>...0!....V..(..kA-Z........D.Z-N.%<y.c*6...g.r&E..3.9;.......A..S...\..Q.=.".q...'.7f. b....!.c.N.3....GB.>w=.V..`\.,...6...A>.UM.A0.8.z..p.).pf....m5.O..73Zm.Q(.......'H.Zg.=...52.,..W'=..t,ijf.-.w@/....<..x/+=..d?,....?....Nes.....P}i..Q{.'.....)OwzV.T.it....n...+...D;?.M.-f..kZ.u.v+^{B..}../..(.%.M........K..H.r.Ra.%..*cX...O.'%8..B\..@.........rpc.."......9{z%....|95u.w. n......d.....y5..?&..8H8.^...[xF....d..*7&.~A,7..9....,..j.h...%...S..?......z.f.hJ...d..f...W.p@..N..X.1.e..G...PrY.|..a..%.0.%.&d5w:..>O.......OQ.W.....i.d^.4.+ze.O.[.e.d.....3|.e.1}.a.......C....L1VV...%.........0P460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\24__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089
                Entropy (8bit):6.683051160388325
                Encrypted:false
                SSDEEP:
                MD5:576088940AF294D74AFC64CFC78883B7
                SHA1:2B1973B38586C5D4D48AB7111C38FF575DBA6DF4
                SHA-256:129D1C215689016809D229715C4D466A96B9D47379EA5F550F43829A59DE7DB7
                SHA-512:1D39FD972FCBB3476BA18C746673603E8CDA2BA2BA6D727708A4CDA04AFBC545497AF12D73E876B2414CBE5CD5D7333EE104E8C68E4BCDD8192B5395C6B296F9
                Malicious:false
                Preview:....L.c1.I...al.1..A.......9-.B...0.p...'..j.:...Yzc...&.U. E.........G.....d..\;k.;f.E.#|.,..(..i5|..XpR&k.`T.....l.9bi.eg.6..5.l.&..p.:4..$.b..6{ ...U.Nw.+.zA...t....a.p>^..q...........C8.....@.B4U%..P..x......O....5.y..:.z2=./`b..U...r|.zF.G.r.gW.}l..K...a...+..l.].80(........`(.^.$S`c.M0...a..y.6e....Q....h..3;F=;.~zZ.a...<.....N...V.....x.....TCA.3./`.;..Fl..]........3;`..d...0Q.f....sK......$.......E....G.yr....*....e.5.....4o." ......6..R.A..2|.r..;4.J.,U.....T....q...@C...........7.pg.!OE}W.($...i:s.f.$..a.E.e.q.p'q~..f..M.._.....$.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\250__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1824
                Entropy (8bit):7.418629382518003
                Encrypted:false
                SSDEEP:
                MD5:EC5D9A953BCBFBC2F4ACF3D49E3DC51C
                SHA1:96413D9B13A527978BDE40C434C7836F089902E0
                SHA-256:BCA7E28867A5CC70745342013D150EDA1651358AA79C53CE7C2C635BD88E15E8
                SHA-512:0A9ADAA17D964289C897C96DA7AC8EC2840516B521562C7CF2D8BB5C7911A11A8B0F0239559C60FD302EA1C21581CCB1384925490449236CAC91E44DFD808A1A
                Malicious:false
                Preview:.5...>.x..@.f...nh>.....[.......w..u|.....'...`E\..e..^n."..:g..*.....YZ9.S.C.ZTE1n u..jM.(..........q.@....z....{...#...<..V....M.4P..n:'.q.A.H.c3)E&...EJ.'....tn......|.\.M...4y.`.{B./?.......>^an=.....^/..Z0&..3...f.h.=...yS.Q.ED'.".Zhg..iyW..\.V.....+.....;..........jb.CU......*.......].D.."g...lrd..{A._.|..1.......0Jc.]...&.f..n\.".#..d.....K...L.L.. ......;...\....P;r..R........G.6...=..9.+.E..M..{.\.yh..R..P.g......6.m.4.\.80.9..Y..[J...PX.....>.2...`)u.`....,....A....j..-fE..D`8yZ.>1?*.6..l.aASl....^........E.4.({d...;.....>...y.:..).?e.,.>....dXH..a...?j;...5...`...i|2.p......`n).U*.|..[.....lH...2.......YE....4C.D...i..c5..m.F.WRpH..*....Zf.;GZP.....Tq..P.z..M!..[.......^..].....<~..)...........u.y?....+._q....y..lA#..*u.$.W.HN'....f.b..H.m...(....Q. |G9P6...*.].t.......d'l.o+e..gX.l.SG..p......a....7U.x......l..).1=.R...C..A.+a!...0~.......Fsz.\.s2h......&K..M.;./G..8..!lz..[l>..g....I.I1DR....*.........:...P.2[i.nA.p...L...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\251__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1351
                Entropy (8bit):7.120996477483865
                Encrypted:false
                SSDEEP:
                MD5:F2B6206DB6967C42F1B12CEFD1660FC0
                SHA1:9A0DF1F6D2E839939DB96E9C327BEE1E34F0B197
                SHA-256:885BCF132FECC2012262662AFC2DF718B6258DF4F2BFB529CF7AC5133157CFAB
                SHA-512:FF41CDCB46AF70A8962E96042D1719B1909F665B280777FDEC601643FC125999AE9A9966AD2720227FA6A7988F825349948C9717552AF8363D5DDE05C87F8494
                Malicious:false
                Preview:^.......Ca1.....fft..,....+..z....K".7{........%-.3jE....W#.R.Y...n.z..^.A../...VX%o...9...B[X..5...,2.N..G.u...p....?.J.=.!...V..p,.."...Y..rd.8...ef.i=.,?.d..B...X..F...v...#.N..!!OyG.........|...e....Q3.....d+.A.Q....~....~3v.t.g.....5.*....6A..a."(/.......?C....}......(....W..4.0.......E...<.s... ...b...'WYd.......)..x.>OdN.|...{...............................Q.....'....#......}...X....;.V(.D...K.TQ..F..u%a..0..N....U.&..OV...i.....s'x.W...'.i.....'.eF....u.....Y. ....grL.\[.+K...L..=.wp...T$..BjL..Ei.....e.Y.WKpfv..g]5.l.2rj(.#.....0E....W.H.....N.09..i..O.N..,1.|.....A).f.;.%....c.5.l.A8.S.=A.........>lZ.....x.....`.5?T..R=H..O....(....M.bS@..{.x.HLg< ....W..... k..e.}.._.M5..i...F...n.~....1M..uY=..\....g+.i[c......]n\.i,.......~.ZE..p.n...^]B2.K.s.Oz..$$...<...{..!.C".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\252__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1188
                Entropy (8bit):6.945079016707578
                Encrypted:false
                SSDEEP:
                MD5:2CB814B494EF850F9844659FA6DB27C9
                SHA1:82D391C2D2D0D3C5E03C7AD7B568FB98B4B75E20
                SHA-256:FDD35E6E3CEFB349609067E46AC04C80C5891D39AC71221FA5A7CA28B69AF5A4
                SHA-512:D7B92E672C38B277AD598AE80D99119BB8D455284B0A01CA7CA71A84CB3A0CF73B0B09E7F05E4D40E9646B8BD2F150E196DFE0B632F79FA741BC7C61A9F92440
                Malicious:false
                Preview:..W.....F.S...F ..........;.O.g....A.J..P....}........{. ...o.$....%|*..w]o.....X.-.Q.>..........*.ld..e.......H.W?.F".9z&.o....L..F]....z.LM..7..I.r.L.Yx..@[?..(...-.?..a=|...a.c..z.......~ E.\.....B....0.(....K......_. ...#...].+dS.\...9.(,..;b.!.l...U........hB.#|...%!...Q...0...wo._o...r..w.;.B.M...Z..)E........n.8...Y./Sy.H~..s...../..zv.MHN'q.3.!......j..MA...R.......}P......f..r%.H?:.kg.)...d.7....U.|U.>g..1(..4aZm..\;.J..I.vX...B.....l.%.J.*.....B.{....2...A<.u..d3.....x....8..7.+E.b.N&Cca.e...*..........(.....t..A.P.....q....W.u&..7.b.+A....n........,.<{...8/...B..F....H..j3=..Z...i...U.......m2..v....~j..x.b.H.C..r......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\253__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.8973392322003875
                Encrypted:false
                SSDEEP:
                MD5:BCDE1E41221C2EC2EEC01104AB8E2010
                SHA1:31F8D0833C5DFDAB87E6AE34848C7E732C8EFD30
                SHA-256:CAE85E9D7C1A453415BE52A44379EB55F49A75FBF2CC385D44C5E0089E2D9EDD
                SHA-512:EDC36FD12F6B0D0D022DF5615B7ECE45CC6C64F248A3BCFD7981596E2D93A5EEF1F848F5491D32D269CF80C7AA6AAD6822C96E2E1E22BC47CC97983540856E97
                Malicious:false
                Preview:/..cQ-........*.e....B...m'.J..T?1..5..|%.P..].'\...6.x}N.U........$....O.x...P...7..D.F10..i"R$.|..........r.T.........m..'[..%..L. .]./O..o.V.........TA..Y.U.g.. 0+....J...t..O......Xl......7WV<.R.[_..E..r.....A..=.[.,..:..y'...z..j.J=.x*..z'./....Q9....v.l.\.`6..._$............'..u.O.*Tj^.o+r...O.B....:.z.-).....J....&vY.w.&..9..9.Z...xE.9>.mD(...3..4.F.=^?....N.......%.?\..#...d...........l).:9.........&.m`:>.1w..9q0....d..pZ.sO....'IP.N.l.2..ml.g.XI..kx3.i......R..6 .>.m.$>.9n.8|of....Pf.......W.%b..[;\...P..#\.....o..!..CG4.<.n.....f..g)_].F.|6T..4...R....r..z....'..r....|..$nl.c.....J....*+|5b.hD....'....\.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\254__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1218
                Entropy (8bit):6.974873810416632
                Encrypted:false
                SSDEEP:
                MD5:46867C80D287C913F39023C90D34D1A0
                SHA1:3B9A2D4C96DE4BF66891F3E2F5D3721B924356B3
                SHA-256:1AF011667C00EAE90FD2C08B16FAE52FE21F4BBCFB2D1866594F7668762FD854
                SHA-512:83E92C493BF892008F0EFF48945B9E5C1848E482773EAA99BE71F30234E8AEA3A91FD92F502BE26A940537243AFE9A57C9296FA6D3BCEB64B4C0DFA9CB11B912
                Malicious:false
                Preview:..E.';...%.t.\..+.!..+..Q.....~b..]..........x...Yq.(..R.E....h....Ji.n.t.oq..V.McK..wf....#M.....y/'..G....MmX.}........^I.#..U.8......K..!d...$V.6Q....."Vrc.Q.i."..........Bo7.-..,.M..q..{.wNs.>B...........'E.>KY.....g2.8.?.x......%..Oi...1...2O..I.5pN....c.Y.2..>.....x.P.#.+"t.CZ|,..U.06.6...{.6d.....I0.D......H.o....rg.^.....SjcS.....1Dk..d.....7k."C..]`.C..]y..g.b..T...m_C..p.z...F%. ...B..............O-.G..0.O$^.m..R.....O.....m...K.....|.....z{..p9...C...l._I..re8h.)....*..i.f7. ...|J*..I....;....G.~&j..[c.%..`a0,Q...p.wv..b..W.L..NZ4...C<./.......Y...T.*g...sr..;. .kJ.....%Sv OPG....w[...A.N.9y+.<.MH.M.A.iQ........zsI.....k...>./Q-.T.%Z+....\..>c.V460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\255__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.77227434685274
                Encrypted:false
                SSDEEP:
                MD5:D6884222EA942B0A45DBE117631D50B4
                SHA1:94CFDBDE0D9A565B20A5EAAD78ACC486683E5BF5
                SHA-256:0B00D94F1B456DEBA5880C3000C25A77DDB5173EA61B7050C86C17FF2FDD89AC
                SHA-512:B1ACA5166900FC4DA63B306932BC8A9FA5EFC6FA45144C2D1DFF86AB46F2A0CD97D70C431B5FE7CE3930567E2E46A51864F784D702BA5DE8F084ADF1D61594C8
                Malicious:false
                Preview:....a*..%.B[......x2.vX.s..6........K..q..! ...b:M..w;%}.D..7..nv...xM.K}T.N.,K.. ..R.*<Nx.e..$%...4..b..p.6.O..DG..k*S.F...?y*.T.....p.......i...lp.O..".IULmV...Y.;..#.0....2..~.'....,.^+,.)o#}.&...G..4..O....,^.4.....Y..].y.H.m#..........=...$...q.d...N4...'>...Q.'....r...Za.... ..bP..&!"....S.'...!L......,5.=....Z'.......&^..qM{....I......+..D..0P.L.N>qvf.M/... ....{f.Y.....zw.t.......%b.........A..RM..Q...*w..x.N|....,.RM.g......+.x.+ ..f]FGuj!k.Gw...0t.!K...c.K.......7\.Q........m.:.\..?..A.I.....D....o..nwei..".>.aq...D...{).460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\256__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.654337589510666
                Encrypted:false
                SSDEEP:
                MD5:E607865512A4546A894356CDB2CFBA12
                SHA1:885FE4CB8311119763DA81134FB95B128AA207BF
                SHA-256:A872A81C67BE5D4C3B2D650A5FA1AA54EB52AEE2D3C3C75EEDB2AA872820985A
                SHA-512:150E0DCFC17DC30EC2220A7179EBB26F3F7C22C476A560F6BFDB2C958E99191FC682574CBED374336B5C53A64227B6CFB1EC5DE47105DB300EFFDE778E704E23
                Malicious:false
                Preview:.../@.*C..2.W4.k.>)rz....!1..rnZ..!R.g.Xw..+3.....{(...!.`...Q.u|.k..i.!.....M.Y|....{....I7<.....6hlb,.......4...xr...2.`....=..z......../...C..6.:.*......XV.....p.....f.:.H..E!ao..U`$...4S...RN...F.....P.?......5.....[t[?.....szP.....o..[..2 ....P...|.I.#...v...8...=..T..Hf...Q.....`.>CS.......q.qf.#..S......;F....3v.`..K.o@Z.~.W 2O...h..`.1....`...T.L4TL.x/...tG.uN.V.u..J4(..2......".f..a..wJ.C.R.P7..e.vHL=..8.l.e...kF.....A..+.S....VVa0.....jx...?gY..5.eM...........g..SG..A..n.u..k.].<AIs{.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\257__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.4460820082824
                Encrypted:false
                SSDEEP:
                MD5:E2D89C7A7DC23F9D19C390AB2C8F5E37
                SHA1:E7E39E2B4B5D8741B99945149073B802147BCB5C
                SHA-256:ED9105433E80CC194602D796FE4C5F4C2C6983126B73485F3D8F2D65952F0EC3
                SHA-512:CA7086094BA95D926565F754B9DF492D07B084B9B1F5110F889E62847FAAF70D741F8A950908B8C1CF5358B4F338F690CDF8DC69C7DF5F1B6235243445477CE8
                Malicious:false
                Preview:d...~..y.7.?.........c.T.._...W...t...g.U.`B.C.8......_...._A|..b..i..1H.....o.]..B.6.c...Z.V.Y...SJ.?...t...(..y..~....@B".RN.+...O.{../.t.t#..MX.c..P...m.J..l.]....i..]...k...M......e...A.8......F.).OK%1n...3......b..M...7.u.6....$J......oqA..O...vM...~,x.X.1.N[.-.=....iAN.NF.....l}F.C.YD.6hJD....f.6I4.9T~....brX\....UE5cwHu.k.{6..a..\[M...5...C.G .Q6..:.8>~Z......ng....". .zX.g"+y.:...X.k..[F...."...c....7.B..E..P...Q........'460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\258__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.957625730938131
                Encrypted:false
                SSDEEP:
                MD5:115565698A7B217E5C6C5B3F3C44108A
                SHA1:291D7FA79E1F022EFE68A272F8030BCD05D63455
                SHA-256:161AFDE7121A7E452D9710E78487C03DE7887F884BE464CC6FEC313E563ED882
                SHA-512:D497F6E2F33D3A039E59948F523DE61ABBC49CC0B92F9095AE33FC7F1CC77E6897DC4B10046CCFD5E221F32CBB4459C927D57EF748EB655897EAC0D9F00A8748
                Malicious:false
                Preview:.m.{.|d..+4.Z..Z.D.3..|...P6.@`...u.6E..5.d[.j^d.-.......oP....)$.#.2.nvn...v.^....]RB.M..1..4u.H..d.........Jz......."WY.[.....N).?.p....A..^x.7.XSmx$@.o.....p u...2$P...g]..\E#.".<D.w..`..$9p..m.i.,-zSo.....(G..$.../.....+i.8.=....y......8.=..m.{4...3.%.....|.V.|-Pw....R..._.$....u..y.0i...zv...i.....mlx.$0L.Y.7..V0|9)K.-..8.......o+..T'2.^+d.t.~.......YMa....H.y..0.U..B.a....l.RF...,3a.&.JQ@2.{.I{.....J..D.a_..C?..e..$...xCk<.>X.(.R.s.7(..qB ...NMY.K;].~B.....hsr..$.ya.9.&3............|.?7_7....0o...EU=...8C..-...{...D.....u.Zy._a.a...>y...bh...@;.....c.....'...'Og3.C.....W....C..r.Nu\....*T..BwoQ..VD..N..[..bI....vV..a..7X....A....?R..K..K.l....N.]%.a....x..2..0.X:.v^460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\259__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1354
                Entropy (8bit):7.122772054483433
                Encrypted:false
                SSDEEP:
                MD5:4C39BEA5B5B8A6CF2DE15DBE72841F73
                SHA1:548F5C39D0F2E9764AF4E62097C8C459F4005704
                SHA-256:71EA1FE05EC3CD7E5CC4008DB2F6034B05D2DC3EAC689013D40B15EB991CAC5A
                SHA-512:48CF32A93181EFB3076CE69A3E4BD7D0DADEA89EF79D7C071D9193C472273BD3B386903A750690690B4EDE55955D5BCD7B32480591AA4C5446F2EABCA5D4B77A
                Malicious:false
                Preview:Bf...4y)..zI9.....1Dv..Yk..W..G3...7..3.5....W.I......./...J..k;..;.X..i`.[.[-.........Y<&N.Q..r..\.Yh..#..8..x..x.(....b...9.J...ba.A.H.\..rV.dmEu..AbXM.-.{..B......-x:..l.E..6v......E.`qtR...."..).R..m eB....V.hB.C=.0.]K..Bt.m....@...i.u..6...Q#42...V.....H-....;.M....O}#....ZJ.R~.`S....j.A..D.v...D?1.....w&...F....K.s80*.a`OT...3x.a.X.w.j..?c...cNlY..G.._.....r.....6..0.x]....HS\.I......xs<..{4.........S..>.X..}...%...;j..=....IX....8$(.o....h.T3.+v....s!.&.A..1i.C........S...sK....sq|.Y...\3....G<.....h..u...t....i.....tj.L....B....L.`>..R... .h...j.......m-.;.,....%..p^+..*.K...<..'.^pn.!..#]x...A.....j,vB.31.'....D(i.pW.~...K.w..2.F@....I...a.........S.DS.x.]R..d...6U;l.L..:u...bi.:.S).u..j...5......`.H[.J.\..,..o...u.........v&.....v......3....W...3.t1P.J.b!....'.!q.].....}S........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\25__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.689969204315918
                Encrypted:false
                SSDEEP:
                MD5:09C387DB28969E423B37CC239C3BE973
                SHA1:452EE161AA77175910F8D02C5BE3FB460AC2460B
                SHA-256:C71704CD89778FA5889CFA29F88DF96D8A3A07584D99EA454B7291F0360AA372
                SHA-512:3B6105FF258FAE89A2C0EEE6CE683B543BDADB7D022C668132406E009CD69A3B1C68DE5A77CF0D21F8F9EBF08A6A1FEB3EFEC6768001AFF0A52A5D11F0304CC6
                Malicious:false
                Preview:..-....H@.:..F.8`r1....;*.....8..lP.<r.^....|Wj.v...-...s......@.....Q./}].$..n...a..1.....uu............d....%n.u.9...k....c....=...u...?..X.F._|..].Wi.=.T.&.'x.^..k]...t..j...@|?p.$.w\....|7.....T..........Sk.X.%.,=..'..........T.M.4.#.b#aI...H.RL.T.8g.........f.....D*S..;.\Z...6...,Wxdjq.%.../Of^".b....CXs.{....^.M..j-6p...m.v5qm.l..A.._D...J>W;...a4'.e..*.5Hi.k.$...T..o&..L3...[..A9_.K..v...r%.......IZ._..~.{..).....x..b!..g..$&........4......:h.........oEw..B.....h....w)Ca........F.......p.....P460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\260__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1302
                Entropy (8bit):7.0704912326985605
                Encrypted:false
                SSDEEP:
                MD5:A31DE081F25FC62D6E4CCEB586531B6E
                SHA1:236643B6C66C7E53DA9526C67239F5AE2B9D36BC
                SHA-256:165CC073ED7DA536AF5DAD6154EA17C99AEA80FC4C8BA644692F7422A417899E
                SHA-512:C7550C5DC42B37552765D145E23B769A13912A958FF5DA616D70DEEDE64F3C419445A95EA16AF048A43968ECF29F23D450EE42BF64F316769FC11DBBDB312777
                Malicious:false
                Preview:.lB.).K&...]...m..)._............f.A&..(.w4.*.<)...Q..;:..........v]....^...[2..W......z~K7v2.F..A......Ft........R.G.....A......E.$....3.0b.....u..#o.*.k.;q*?=.S..FL.:A...U1...6....QH.i.k....#.].V..xw.|.J.H..F.T..F..~.R2..6.......!x........'..G.T....:nb.{<.h...e. .Z..H..}.....x.l.YPf.".x.B./..h.{C]~... .$....'l~.zDP...%a..SgYe..~rF..eB.......q..j*o+..n2.C_A.c..h~...Kq..|.`G....c.'.'|.n{!..%.....W..p..A.p.3..-..[....y:Iw..H.3....e...9....T..L;....^...'..5.&N....kn.%......W....Ao..%J.>.6G.iB.PH+7O>.v......./...46e.M=...9...qd.^$Wj....hc..L....;.....`.)t.9.-..%.O=j.....3.][/.#....|..=X7..\2!.4..|J..~.v..i.1#.NI....G..#m.).@.....E.l.c..-W.._.z4...U`.....q....m}..=...~...}Ax...j...~e.......9.^;x...V.....]...gO...._k.v..W....^...22p.....>.54.`.M460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\261__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1295
                Entropy (8bit):7.039758884305935
                Encrypted:false
                SSDEEP:
                MD5:449DC9A6EF31A6027FB14F471D728371
                SHA1:17E9285A4D3B0445F4933B46680C2710B8FD8196
                SHA-256:64D80E784F450CC2486FE242ED9809460A64B96AEA207D027915D0C1F1515FE3
                SHA-512:B24D1981E30D10A882F024322170F757BFA7756DB39B917C18CF23A028291D08BAC6451EB5648C8DCEFBD1BD1DAE99C1E87179E9D64594AF2C0F8D15B6ECD0F9
                Malicious:false
                Preview:q_.Q...{.R'...r...c..B.\..`...WV:V.+.......X.;..!...lJ.\I..qWT.-.8n>v...AS.7.5RF..m}3_....BG2..Rjm[.M#....U.3..c..`......@...v....~DL...C.jw.z_..}.G...wd.?.4..g7....v3.;...J^.......k0....U...:.8...E&C..w...dz.G..7....X....U...&...`..d...R..^.B.....XC.X.r.....=~..$..l.:...:7.....7..7aAe..C.....o.:....ye..Kw...o.........&..CE....-...~....oh..t.d.<%t..U..1..wy.;.&...<.......c...dP.r...m...|~..H...'<:.3.)....6;."......T...n...!..OJ..Dg.4@....FH.s..%..Q7..h....?}..#.u...z.V%;aU......L..... ...ybV.bgP.#..Y.......T.Z.uL.:....E..a...u.BN.f%A.*.A%Vh.......(..t.....{..?m..a..zH._....a#.}(.D.W.[.F.3.+.~9..or...M....M#.:.\.u.....}..0u7.5.~.~....B].._.f....+.h.c..+.E...Kj.W7.~..f..x.Q.../..Xh.@...Yu.~1..Wb.K.>Y0./.. ...;r2... ..+\M?.h..tr...6-6.*pk..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbddd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\262__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1228
                Entropy (8bit):6.959965624284669
                Encrypted:false
                SSDEEP:
                MD5:CFBA7088BC11597BBA6B77EF7CA963DE
                SHA1:C14E8A2F55DF9F6E721CAC191B24B8D2CA1923BF
                SHA-256:61D9A6C18DFA75E00495025713A1D441700866349A69775C8D220197DAE05C3B
                SHA-512:33E33317AC533650B90429314522895CD16448E0D4D2C4689D9C1E92077C1981B832DCE98398D6FCB3559A894A673600BA753777A2B46D9C2009FCE1F63A9556
                Malicious:false
                Preview:..j..)....U.N.t..7...>.......A=P.|0....."..L.....CD|....".&PV!..;X..j..\.J....85.A4.Y.$.OlZ.<:1...}t......L....{Nt.O.{...E...x/...e.v.{.7.....=Yt2.s....8.....#.o.,L..pz...W...%"g.@....{..JY0.....<E(.qz.p..K.u.T..X......Q.9.....%-...yt..a.......+..L+..X.X0...8.c....[.nX.e........F..2......"..........=...R..C..6..ciL.......F.Di"..\h4..i.V.EAz..<.+!X{....S..c:CoQ3R...K...-..........l3......2C.."<G..8Hd(...qlNO..t.v.....T....N.,.-..@...p@v.?w....1...~$.r.2.o.d.M...I...D......d'....A..8..5C...8!:*..*..;.82..g..n.?..i.R.tQ....n.6.L.Vg...q.%...E5..}/c......ZZ.]R.5..b.bp...R.>_.@2.[..1`Ro._..4.....W.O5..N.H.eQ@..s1...R:.d.z.p...7.......$..+..:.==g..G>.=..t1S..Q>.$..F.).}....S...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\263__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1300
                Entropy (8bit):7.074248935427961
                Encrypted:false
                SSDEEP:
                MD5:4AFBED0D60F5E43500F059BBABD012B8
                SHA1:D0D087D49C8AE637C9EE7BFFAD6E8165F53DD7D6
                SHA-256:D2E323CA26BE26639B98E8D64BFD0A0F00876D64C43075ACF24DEF4CCDDD7101
                SHA-512:8E4DAF78478DBC98751F38F70FB527EEEC1D6001B1689211934B70AD19DB923F3D14281AE273DF5D5771B212B40A9BF0D091E474E10FBD6FF90CF1F935747CA4
                Malicious:false
                Preview:n. U.V/.; g.%.DgDw...g.8[...P+m..B5..(fW?D.,.<..;*7.$C..,E...rs.........JZ\..5.)....t.Z.......VfR... g.......6..G`.:!Y.'......_.xz.E.s..\.."|.[...$..k.7.9..|.w.V.=.br..cS..1..>.PR>.lV.....,.o.0.....[.>P..T.M.u...[I+x...#6.T....y.....w.Q...{.n.E.....K.D.....n.#.....(D....)..Z,*.t.....T..8LQJ....a(H#w~..t8S.JRWGQ....2.Z0....`..fk.../.J..t.-j.a.S.HC`...t...~.......3^..<.W..6. .O qR...~.TC.....n.h.:a%.A..+....z.j..X..[..a..... 6.PV.C.e..y..*N....d....2...l...^.C)h7Y.vg..d..V.mH].k.#.QIMm.7......;........&...KD...a...jz.J...T../.@.p..Z...x.M\:_..P.J..?..d.g.k<../.. .....P"....,...'Z...._.......).a...A.EM.)3....>]..G-^r.C../.u....Q[.$..w.Rf.........|.@...{...............eZ.\.x....i6...W...._...Z.$X.}E7./.E...2..n&_A.n.h.|.I.2h..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\264__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.804870966790255
                Encrypted:false
                SSDEEP:
                MD5:9FE38A2D020B64BE297913B29112D82B
                SHA1:960C5C02AAB763307F824BE7F2F1AA12F47543F7
                SHA-256:3E30E190F3B0AA20E63E82D9764E08BCB6D594CF542DD072FF00FFB07DEE8171
                SHA-512:061A807434EFF1BF9AB2833C6ED6D13F7B1300F62452BB87C3CA5B5B0B354C1693A511507CCA951D6F80D880B00BCC4AFF334728C72A6C6C722A1706EF0C8B94
                Malicious:false
                Preview:.......W..O*..p.W.I.).W........ .#tk.`.m..;}....et-.XN...:v....1.E5..&B.3..j...p|~....L.)...a..r.f..q.......#..tQ....A.....S..l....0.{.'.QBC.E.!....Ef.r.D....k...w..h.Z.\.:..i.X.mg..PF..U(..G..F.B|J....E..55%P.f..f_a..]r.w...;.&..c(....z....S:.;..T`..Bk..-..6...)...Wm.e.#..S..%.4"tw...,.Y.....C.Y@.pZ.a.+.YA.....F....U...n)..}k.v..aF........R1.P..:..-.?..4z'&.....GSS...-...eW.s..W..l....-..v.A..'S..@.....nv.).}...p.......9./...l.....V.....>.].Y..(..*...|.w.....Y,......\..O.......3....P.#.!<%.h...........L..........>...[....3#$i....j.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\265__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.673394867646828
                Encrypted:false
                SSDEEP:
                MD5:F36FC77C79C3BD438824B466EE1AD27F
                SHA1:EDEDD063F789F5A3BB04B05ED3BB4038F6E1DD87
                SHA-256:E6CDFFAE534C8DF48D12323FFBD1DF9CF137B01849600C10FCCA3DD47B995370
                SHA-512:F50F679C9E6EEE4B25ECBF23933A7DB72222F14B7BC507EF1571253D16D57B3D74CF3239F9FADFEAA473DC6F4EECDE86292E512268A2925EE0CE87C88F24401C
                Malicious:false
                Preview:...y.Z..xtQL.....*.l..6Cf.?.{".F.c3...m\..6...L,.(.]..........L..D.@.g..B.Q.....F.a..M>...z....>Y.........j&i........o8.U...I0.E+..y....nW...ad..;./.P...m....om....,....W...Si...:./...K....Re......=cP.R.....i.Y.'rf-.qt...7..6......)..g....Bw.0O..[-~.CJ.!..g......7;..sf.Xp.2J=/.._M..._...X.W{o].VS../....W.f..........ax[.....R.....$...X....x..+......x.S"..M+...u..r.b..P.~..c.f....K.t'e..}...[B..K..o. +..U.+.F...I...M..%..!(m.....I...%!]...;<..;u.k.@'{.R^4..h!..X.....#R.TnI....u;%.(.!.*X....:.MJ....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\266__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.484053453841245
                Encrypted:false
                SSDEEP:
                MD5:16876DF2B9B5E42AAA93D3A8248D94EB
                SHA1:59336A17D54306825D6904E4B17DFA707BED9864
                SHA-256:01308E4C258F27EF104F249EA4D6A3BE6E6FD0DFC621C20B3A5847D7C1CADAB0
                SHA-512:B2A350A2C6E7550E3947FF51AB54BF54BAAD663588459C39022D41EFA5ABFACE92CFBC058B4AEEBDCC0FFFB2A9475490011CAC4E53629DCB37BEAB668AB67BDD
                Malicious:false
                Preview:.(.u........$E..........C..mm.6..1...3.V..2.;.....w7..z....B...%&....[h..3.37].U'A>./.&G5.v.i.../.m.S/<......J..3...xe1i=......B...\.!*k.t..$. .....2h.(......F......?...hv....[.g.U........ .B9x}.3..>..m-.SZ$.K...OR...s...J....XQ.:..b.$."..e...x..d.g.......]........oFUz.....gNZ...`8_.H..f_p....`......T.o2.c.R(....r.H.1......;...S..}.fr2....\)...{...AJk..:L..Z.....d.........R...$~.l.....vC...&..D.D.....EJ.e.W....Cd..[z....E?f..;460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\267__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1239
                Entropy (8bit):7.029017799246294
                Encrypted:false
                SSDEEP:
                MD5:86457624789229893C9B258149543C67
                SHA1:947BF766038AB428E9AF593A6FC148D194CFE44F
                SHA-256:7491EA12AD07CCDFA398CDEF026093EE8B53094A0353BF29694A837F534725B5
                SHA-512:8419DD39D3A40ACBA4E361EAAB0C1A7A7EDEF1450DF582828ABE694354344A16E1357CDBA35F5745C7F5139EE27BB1CA1D73A33779232FF550D8FEF281EBB99C
                Malicious:false
                Preview:.Ht?i......O..R........+.0.J...x.......]%.]..%$.Y..<m(...l....Mi.......$pQ.:..-...*. ......@......xJ..........O..w_..WHl@.V...d.p.{.Uc.....!Il.K..o.\p..+.&r...............y.Xn.Y.q.'.P .:.w...Y~....E..].V.*..7...gP..H.."{y.......D..Q...Z.....(.c.p.3..S..?2).....X...h..v}~$...Q....W.KH '....P...B....Y.1N..m...Jph.....W.. .a.m;}RS#X~=.. ..A..*fI..=.m8.Fe....g..o=..I.r....2wS.F.>.1.....f(..?.d..3.[..1.2[.......x).!.K..n.&...yy...9...O...Nl.w..=..$...'..P.......6Q...7.j#{f.E..a.t..G.7......Q.i..D.n/.M..cU.}.q.*.'.H.bg...<.L*MXq.,...r.d.W....$T.-Ll}_.hM...............D....eR\. ..#yLm.[.g.}..*.'..I.T......|.(K.+.._.[D..H{.....n.Z..;Z...<.....V....Oo?.W..Yo.J...'I..o....(...HA?..]...<."z.5460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\268__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1218
                Entropy (8bit):6.973615375021692
                Encrypted:false
                SSDEEP:
                MD5:1D83C489736AE588A4D1C728AF7538AF
                SHA1:4FFCC562E2C44D07D1FA84ADB84ED42A16F5D227
                SHA-256:CFF44DFB712AFF9E676AF2DB4C6EBCA3EFECE1BED0A8EA6F4D630E5F74F636D1
                SHA-512:C7DB85C83023A5700323F156AB58855C8B7171F63C1FA15A43DD61A98CB63F02BDB591EBF218B92F810BAECFA0C32EC32038BD4080A233F8FBC1F6A83004D082
                Malicious:false
                Preview:q.o....'....N6.,B'%VQ..Z..p.p......8..J..a..O.,G..'.Wm%...H...&.(.......#"....J..........Y+Fk...&|S....J]..O.O....-..S.).4.E..]"....0I.YM....e.e...X.T7.+....s..X....&..^.......~...a...%.$...{.....v.U..xO@.!..e...mR`........+...R...y...g..].,(JLcW]~4..x...k....g|I..E.q..._.zI;M.wbjj.7.U.....T.....x.s.Y..V...L.yY....f..E.w.-....=!......3.S.._iQ.k..!.cF!.32....[U..L.F>..U.G2..b.k*%....*.....&.Jk3`....\cl.Lm6p..z<..~...w.....BGj.G..:._...-_..UB..Z8..w.-P....n....?Y@....J7t<.5=..zE\r9...;.?................... .!..l[D*...h_.=..[..Y8)7].<.e...3.....t.4..\.M5<[..$;m....+..3.'.B..\.....rC..a......=....z5..P|L-+.Q;..{$7...RJ.Fa{4..G.....2..?.v..!].S.M.&.N^.`b...n.cy.......cy460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\269__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1241
                Entropy (8bit):6.993834211565154
                Encrypted:false
                SSDEEP:
                MD5:E66FCFEFDD4B42DAC9859149041A2405
                SHA1:C2AE569ECC37FB4BFC60E1A75A0E4C8F29AD7050
                SHA-256:BDF9C803A6B5006A5BCF39F394C380C82EFF63DA3843BEE334647388BB3B517C
                SHA-512:02329A1EECD9792CA4FC00E609CC651DE42B1BAD5B2A819DF53F734C222AA37BC5197F7B52D6049E79513A35A7987AB213939DEC7BF8FC85198F872554767F6E
                Malicious:false
                Preview:..&.n.-.&.L<..E..~....;...5'..])...".Fx..&.".A.S..v.9...h.>..[.VP.....p.....c...9r....X.-|....V...2@|{C....y...O..)...P...|=.J...U-....~..M.?.$..0..(..M..m.....[.b...1.#6T...f%..<m..a.Yo+...w....Tz.he.T.n...SU.].X...]..4..[.~.....2...;!..1 G.5..0].....)..G.B.KLAC..v.......:.4U<..;.#_.UC....)...>p=D.4.i...iv..nE.gcl'.Jf.*~.9......F.M.....{..Y...S4..y..1..8.q..Q.V.$BI`..!.:..&Y4..M.m.R......"/......A...?6,?9..~.2U..K...d.c.=....:..v.....L....!.. .;j....X.-.E..6.V?....U..}e/...Ma.._.).mq..n....3.P.=$a.rf.......!.....$.UL../Pv=^u>\c..=.....ECl.S,.,~@..?o....Y...Cz.(.....z.'U.x!.d..Q|........^8.g.$C...P..H....4.Q.Jyo..*UM"....rG.[..V.T.....T.C.....R.1W...60..W^.....p..q.......0X.,.9..U.B0<460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f668

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\26__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.477640159210058
                Encrypted:false
                SSDEEP:
                MD5:2C47B5AE88A518BE87DE25ECFACCFAF2
                SHA1:CBD86CB706BABD7727D3C0E14BE7582AA8474742
                SHA-256:63184772237CB59922D1851A0F0754816097D08AB0CEA4482E9BA7BD5DA617A2
                SHA-512:9095F4ED800522CE87D3B3CB513E359C99EDAC641E4AF02C15F42B82567153FFB3DF9BF8755917E1AB79F01841D522CE01F39B8957BCB00B88C8B7AB263EFE8A
                Malicious:false
                Preview:...4.P..6>.wr/.,..$.rR...x...].L.wL...{.+@....)....R.5G.I..^.....s..a.<.,kk\...c1.Z...m.{..L2`.#..+...ZI...PQ.n....?..0/...].....I;Q.P.7f<.-..{U.8.M\..p..R..uk.R.|.........61.F7 .@.....q..`B.O............r.5y6.7 G$....V..;66..] D...F).p..~..D.....s.4..X..A.2...l}.t..AB#...r.&?... $......o`J.p....V.9a..mzMR.....h\..Zj.1voZ..EJ.7...z.......n.-.....kj6....x.....).+'/.....T."....+i.\..Nwd..!.&.....VwW....f.gg.Sk(....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\270__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1082
                Entropy (8bit):6.732918042145616
                Encrypted:false
                SSDEEP:
                MD5:51DB4E60A768604714F793F0FFB0D0B3
                SHA1:942671F2CD9AA95D24ADE8B4A25055D8E05E5CB9
                SHA-256:C0292C4A89A2C47D91E22494CA903CBF9A809CD7462DE73A13F0CB79CAF9ADED
                SHA-512:603CA3DA8D375CA0DE1C2122AE245893BA60E5D19326B0A9E2E714ECD89599B5C6E2D49FC8105E79C263AFA374F113F649C295ABA80E8ACEF51FAB173A57DDF2
                Malicious:false
                Preview:s..tL...f.........`.5..=v0w...3..R.s..0./..Z..K.".f.:z.....8..|....t...Cs.^5u.Z.N[.2.p....z.tG...I"...b..9.z........j.......Y...C.3..9...R.....-.6..>.D.L...L. ..h.P.b.a.../.&8......K..........*.o.C..r...C....Q.\.Or.*e'..<..M.H....RQ...U.j.g.ey.[...`.x..{x.~.)..Y#.s.....4...!7.^_...97..{i...-...{75.x...&$...x...L".p[.6...D.......G.......d.G..%=4...`^...Y.-.K.pk..u.......OQ.....8.2>..Zp...k.k`.lt../gp..n..".|...q&.....z.}..................1....G..p....AO.h'.......583..\P..B.:.$.1..)g...Je.<FVW.V`....W..%.'.ZL..-..X..D~.. .}..'[.&d.&.S..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\271__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1038
                Entropy (8bit):6.647086015080001
                Encrypted:false
                SSDEEP:
                MD5:1DD93D87ADA6A7EFFA6EF21FD0153BC0
                SHA1:2E8D47E7BAE4F11F82F746DE22843A5DCDF1C573
                SHA-256:9D35169B5A1AF15B7CD30B1A018E2F666D00D26B94E16C99FFE333E258D1C3AE
                SHA-512:6FF9445A20588A41876CB30D8B70B25929F40CF4EE62D4278A18126F985957FACCBED999AC6B63C3C44BB9E8FCEA6DBC1ED115DD96A7B13D948BF44983F35860
                Malicious:false
                Preview:i.......}'... .....t..Bw...K..v.`.......Fp.l.%.8a.(.........3.-B.........ae.....$j.CZbS...+hWf_.....s..`.S..Ce.....a.......O...X./J)9.nT.' .>b....(..n.U.T.Q$.k:...:.x.C..8....t={.D(.G...%.....|...!...;._. ..66.._...T.....;O|H.......k..e...M.NgPd.._..=.+.3.ex.A.. ..a.1....I_..........a.{.........2.:[1....2..s}...F._z...H...En..F.I...`...~..'.P8..n.....z..G.F:...>I..$2.l.Nz.6&;9.4%._.Dcu.D. ..\.:....g.Fq..............rb..Nr...h(.WN...\>..6U..$j.....x...t%.{G7...)..l....e.2...e...,:.......y..i...]....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\272__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):961
                Entropy (8bit):6.510387494463902
                Encrypted:false
                SSDEEP:
                MD5:C3EBA9AA7D24EA8F64E12EE422D58C7E
                SHA1:CDD60936CB59FA95DCBBFD31F4A18E9E5D43DA02
                SHA-256:E02EB3A7C49EA107C0219296021E01FED24548F7BFF9DBB38C8F63C0A4D33D19
                SHA-512:97E0939D1A3BAAEB4C14D3FE8525340443EA765CA2097C6C27A0D053D36E762CABD1DED4063FEFE7C34F0DFE68837B83EEBC883A65B368D6E1D5CF2EBB1B3EAD
                Malicious:false
                Preview:.....~.8`i..ul..|..c.l...eI...$..%...7V......Dy.A3.k..\#.3.:?nr..7......v..*{..Wq...X.....|.r.z.u...G..=/..!.#..i.5...v..Pc.M.q.q.{....T...pRQ.O..R.....L...7.*v....|.....s.F.1..A..8lYy..._..w7....=.\..V.....0.0. ..r...>.]..`..h...."..&....PW.....)[....K.h.{..6...A..z...YP.......rL...V.Bb.3p...v.Z.W...fiJ/..g....H.;#.R.D..W6....T./T,H#...k......-}.Sq..OB.j.]y...)..[,..JB...TTQ..?...s...vX.........0.....,.Z+C..rIZwg.,...@.Fj{460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\273__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):6.979071240809787
                Encrypted:false
                SSDEEP:
                MD5:123B6A2DBCA1DC2B8192CD554365DD18
                SHA1:BB7531710A8A5375DD8166563C6986A1FC1C85D0
                SHA-256:88A850641C85982691AC318C99C00A7F6906773ECBE99733B231E6EBE1CCAB93
                SHA-512:33B45F2074AFF9993EFF0708680787BD861AF93C5813C1C06C5665CCE915B8F38EC5126C9386C7B75F01778E78F49E23FE481C5DA728F2288371669E8BA47DBC
                Malicious:false
                Preview:!dn.s..KO.....85...u.K.`A.]....s.........i../..?Te..(.>.......p..Y.....0...#.......^.E.{.3.......bL.........&..\q.I?.Dd.=...9.../x1=.....a@'.N...bXQ...O...i.....f..g..~.....qZ.}..y...q......H]...#..mV.LCN. .*..K^w..le.*Y..;>D.P.rW.L.:... .....<.....-,N ......e.......K-..fl..R.m.5.....*Qp.V8v..J.....m.!...].ms#7...8.q..DI.T.,.Br,......"z...q..Ua.j.b0r=.....$!=......e}b.5c|..].c.....m.-.7/....\.{...i.e1Vy....../>.kq....1..=@.w a...M....<....SB.T[.(lP.A....W.d..*R..u..1UQ......D.Y.......!...HM].c..W-.Y....$G..<..1.w..$..g....y..o.......|........X..2:.u?..F.y......6.x....g......?.(O...o.?.......a.d....d... .wNLE../.`......T...7.G.#.A.._U'n..e...._..9....)..%Npen...(..j..#..i....9.I..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\274__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1288
                Entropy (8bit):7.0504275689892735
                Encrypted:false
                SSDEEP:
                MD5:C199EE7D6CAC0F130B34E46C496FB3CC
                SHA1:1A4FC884BD5EA1483FD2A47AC0BF2B489AC57F43
                SHA-256:93196F2FF1798E34F02F5C446F2B9D77DFC8C0E401895615444CF0AD5961A29C
                SHA-512:860577D995B22DBB08D6615A34F7BD840C773776E54F77F0E8CF0D2D7A75D67B8BE81497F53B2A4660A0CC7B72A78D2CE4D1AE5764FA71C3C64A99195B466FC3
                Malicious:false
                Preview:i2..j.X..F.`.}?..=.#1@..%...m.G^........h.._..O....f*a....F9....e^i<.m.&l.y..&.v`m.&.<...;....?.4.E6.. ..u.fU."s.l.C.h....:#..E.Et.8...&.....k_?...GbTx.ZS..m<..p.o}....sX..kc..5..u..e...A..k.Z..:..Ci?.0.>..\....0%.D..C...[......{...E.C.<...........t....9...W;.'..R..-.>b.IPz.v...o?.R.x.K.9.}.v.......)...0H...`..J.rb..9.yZ...&.#Y.h..4.VkA...0...`.0.+E....%..i.q..F..+.+..>..1..".d.v..~t...S...u...~...Y.o..g.....p.G.@@._.M..][........)%/...5.M.[.z..|l.....E........]..R.M.l^.<?gQ.qPx^..5.....e......b..+.`.b..1.H..~..:JV..{.C.O|.c.C..(...G..^..4`..IwLk.~x.}V..>oE. w.]."FC9.....L....!YC._.S.u./f.....TF..^.c.0.....O....SZ...6..PC._)$....a.-..M.T%.]..f.....sGn......t...cqB9HqV..&.....G..4n.E.r3...O.<...'.RZ...{F4J.gNL...a.'...H.+460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\275__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1774
                Entropy (8bit):7.419346414708897
                Encrypted:false
                SSDEEP:
                MD5:7D3DCF4E9D5F5B268BECD0E58D5F00C6
                SHA1:FDA9AA755B29C9E3FC93E65BB66D04D938BF5E70
                SHA-256:9BAEE54F2AD86918C77185540231D56372998B38277719C692077CFA56F863EF
                SHA-512:586BB6036CFD4C3FF9805678F85900ABA03811AA9EB23AB1CFACD0AB72E0AAD6D5A1822F12FF0C8880C8992B61BFBF0CB3E719B17761801E384AA8C1E8B9DBB5
                Malicious:false
                Preview:.u..).K..\Y.8P..#......e..{.".......:.M..?.,...(s.=."(....=...v.....'z..."]..3...O"oU&.3ys...p..........S..:}-.......3..]<...K.&.x.<...Aw....m.#.......e!.Pk.(.N.\.nc..9y.\..q.;J2..E...4.B.+..y...z..C3.[.Vf.f......Pq.S,.."U..}x/N..a .L,...........#O...A.a.J.5@../t....gw>.Z._..BM"....aJ...#.7.w.t.2..u.,.....B\p&.....$...........e~....uw -..W...|.n.%....S..f.1...~.8.8.[Qg....(.A[.a&.@..a-...T.....*.t.:.:Q...x...B.;.M....e.....S..[.(.@J.F.g...[...b.6./.....f..*..Y......P[.[...As.M:..q..G...az9.:J....v..:mo..W..2.....^..$......k+...O.....}..Cs.c...7-/..Q.pG..z..#.$p_bE|.7...&.........@;......].Q..E.).l.#.I.e$.v._C....|.y..V.....8gA<..S^O....,y.R..|..i3R7.w+..vz*.qY.`...F.a..'|..%...7...."K.Z3,.1...FM#..v.....E-~.%.`....*(....u=J^........`..+/YS..Fr......Z\.V$..c...bL.v5.iR...q...R.@.C..jl..k3ntL..\-.~Ut.. ..o.p....J..X.x.nY.Hw.......[..).._{V.`."1L......B..{.}GM7O'&(G.v....g....n.v7....D......t7....K...<7.z...T.3q.........\:.....T.....A`6....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\276__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.749712669966739
                Encrypted:false
                SSDEEP:
                MD5:62803F5F1BD57E33405FF21E05532F5F
                SHA1:9F4567AED330B2604BAC52F812ADE23DAE785CB0
                SHA-256:0792B66D34E33154EE6BE01AF1857CF0F72A952965C6DAB5EE85DBA3F2FA1802
                SHA-512:DC048256FB3448EA320600711464421934E7D9F31C721E57CBA089003742B1CB81247C04512AB0EDAD0246B72FC2127C4FB39767FF8FFE8830A81AAC7F1D0F9E
                Malicious:false
                Preview:..hM.'..>Ln3..OAy..y......|..X*.3..B..E..g....8....w.tK`..../7...}.....'^3.._'...2G'.@..u.....Z.....>-T,.5Q.....m=.I{b.....,v...z.{[".5?_.@..>...].F:..:'..o....y.$.h.....9..Q.l.sV..'.....[..N.<..OD.@:w.Rb..C.f..9...5.E.....lq.n.%.n$...g~.._~.e.8..u.L.i..~L....?.G.. .....x...]Zx....Bb.'.............r...8..b......D..|../.r{......1g*......m....1..uo..p....L..@.Qb..4...V..k.8.Q1..%Y.XZ....l.."].j....AK..9....n..g....{..@...=.eri.".qY....kOq...`...+........X.[...~x[y.r.R..d....s.^.Oz.*..+2.F{.. ...*4...;.n.M....Y...\..^.Nb.(.J.4.v&<O.#O.Z.).m.6.S3H}460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\277__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.653157419116207
                Encrypted:false
                SSDEEP:
                MD5:4E0051ECFC8205C5499939507DC274B1
                SHA1:20FC06A7F5687A6768F80D502FC1651169D6F9B1
                SHA-256:B274FCFE77B470FC6011B8147098AE49C4B4426BF4B085438A3CD756817F0B46
                SHA-512:7BE7345DBB95CF6165312E72FAE16C88AE083944CA8795861D6BD56766B9388F05296E24648C2CD87730065D54DE2764627D3908B12B0D70F0B20D8C243693F9
                Malicious:false
                Preview:5.....3+K.S.C...,.........he./..Mq.M...p%.G._...9...R6..'WB_......`....N.|::....)..w..(...s,Qm..L.H..:3.".y;...g.V..r.`.!."..{.b.U..zXh.........rK.D.`2?..d.[......o.51..C.Wh.0$...........6I.&H.-.~.0u..r...F|..........?.'(..f.}..@.Y..E.Vw.u..Q1..U....=..............F.l.....j..u....a....@.<.....v.<.w..."5:......(...m............Pz.D.....[.Wc..EGU b1...o....._..V.C.w.o...UW..B........O..6{........5dIu%.8...'........m|..gb..H..B..."m...p/.=.B..0YD...0....e.A.~........o...9......T..,.gN)T..g..5..@..7j.iaG460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\278__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):953
                Entropy (8bit):6.440230101238639
                Encrypted:false
                SSDEEP:
                MD5:9F9C5815F8133034A8B9E1B43066F7F4
                SHA1:1F0C5C7E9CBB98AAB11B0761555E50DAD585F2FA
                SHA-256:A26DCFBBF1BBE167E89D480112EDBB0ED9F8D076D0D73B6F0D5BD3C848ADD546
                SHA-512:91EFC2CEBD25ABF3A9370C45DB3DF1B45423BCDD5C27567B7B65AFCF11BD8FE7C36C6873BDAE937505C2274A42F80AE0F4C55F92567667F94ACCF7A560ADCE7E
                Malicious:false
                Preview:..g.....h.....)T_..#]...Kq@eQq...-E..;hM...]..K.b...d...#....o.NU.>P'..4.0.D... v..q$.\.../......52X.i9K]....&Ia..;0....6S:k[.b../.Px...[.$8...M$u.hOy.....T'.^........_...9..D.v....,...5...+.D...+.|o.I<a.........y.ax.qmn.X.......1B..W.W..o(V9..%......Z.6.$=.3R..../M..b]I...5^6.....2;..}..^r.]."}..C/..a......;.{..i0[.k....wz/.]...(Y..<.[..$<P..u.s:.@0.....t9.xz...b.VS.N...?.....CA....._K....OD..<-;...h..S...z.,.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\279__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1350
                Entropy (8bit):7.111280519131567
                Encrypted:false
                SSDEEP:
                MD5:088A35813E641976F6B62C856225DBDB
                SHA1:1B8485F7590054A3A78E2A93E5D2A5981E1CB453
                SHA-256:F44687A58A878FCAA7BF3919FD783005440BD3C23DD4F0BE05AD60BB62ED28F3
                SHA-512:6A1026C2DC9AB612F241B4EADC4FCD0ABAACB9F934A88A58C03A19282E7D7D43091D852C1FC878CC2E1588CD54633055CC600C12C552AE1FA142D9140ED42B5F
                Malicious:false
                Preview:.t..>.if.B.....3.L......{.....RJ...%..nMF.q.4.q..8......C.>....N.C.`....J?...........J.f%.S..D.+8>?..2J:,.'.2|.........v:6e;.5........x.6)t..A.D"......;....A....P.JS..y....x....cn\.U...M......j..#..u..._....!N.,.....u...|..kl~....o....B...H.....Kk....n.......Q.z...v~m~YU.[....x...~.....;F.......[+..'....@5@......B.&.....Zk...K.:.1..P@...%...q....8..k......l...6l6_.b.......!...4(....|.....A.L.&.)...c....?M%..S.J....C@63#.P..k.2....K,.M3z.g.......o....FNHT,}...4s....q+}.N.....I.Hh(....(=.f..P56X.)..L.....(k..e..?.|;T..c......!....c......H`.B...yn.|..[w..$0C.$L...'.W......,ux..G.....Na./b.k...;fady..:..!.l..R..*.Z......Nd..0....zo..s).....>.^.f\3wC....l)....`..9..(......ax.!.0.%.;$........hfi..../.M............R5.I.r......._..$[GC.B.\{..R...#..R.'|K...\...x..k.[.G...y2..l..%e460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\27__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):6.996795737427594
                Encrypted:false
                SSDEEP:
                MD5:1C31438D99FABC1F1D9C8CA29EC7C4C0
                SHA1:756E86AF3CEB9CEB431673125AF0460B0CCD5063
                SHA-256:A3545788FABF1456E4D7617B8A1FC5BD444ED071E4926C45BF2469E799BD926B
                SHA-512:9CD3D063D3FF0DD19A0FC9BA0C02D15832BF582CC87A1851D00C2406F464E896C22C46740300D76AE0B9C2A6A6358FE7DC542E860A2A180CE086B78A7EB0FD9C
                Malicious:false
                Preview:.6K..u.g.B.....?.#..aag.e.4T.....!,.rP.7..z.%.+...[.a..?....4.IZy..&y..p.I.P6.o.......dx..er..q......E&.f.S.....'....(f....+.....J.B.8.Y...W..c..F<&aH..N..;w`...cP.?k;..s+.c_...'cg.#....)..@y..... ..]|..y...6.%I.$.+I3AgA..o.=......~%yF..p.~;E...>..vo.....{.9..._.,.B9.:A...=S..:.#+...C..M...'.Az.=...B.,h...&.#..[.h..F.+...U.iR.zX..(f.W8b....M.*{!j...J.c..{...[.]A..&.k.B...0s..;...B+..W.f.H.]0..}$..Y...H.^..u....n..;..k.i......f{Bl..%...`Z...lO.....b...O....~....G(.@7..\.,O.j........#?G....".0..#lo-3o...h..a......k..<...:..V`..a..1.5.|.....=N...H...>.<`a.{..R..%....Q.;?..!..K.SZ ..D*...)*O........[...... UZ.3.)....y.....F....;.x..........~..A..}...0...%...c..`5*R\..v.N460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\280__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):7.0019920249113445
                Encrypted:false
                SSDEEP:
                MD5:F48E94730CAF27F1E20E10CD17CE8D6F
                SHA1:137DE510BC7A7B41CAEE95A78099E55F02B477DB
                SHA-256:D2A227A9C41DBB81E63E689BDE5F8505DE28B713308B910735AB094127D862AB
                SHA-512:478E08588CD7DE02C8D625FF4B173BA015A69B725B828435793F3773F28EB0D7A4C90F7F96234861F8E7BDAD8B1ABFA0C04F8994ACD6A2B0D28941B90CF89049
                Malicious:false
                Preview:....P......R....{<K..WC.s.e0...u}...8..e..Y.g5 .n..F.8.%..B.~.....>.d.:...!d..'..@.`H..l.>i.i...8H.......8..SaXf...y..L....v|,.X........\(.M..9.bR].]Mx.;...r....>.-.............\./?...;u......|..t..J.v...#..59...........qA..e....&c.....r.+F!oY....3yg.m?.f.p..6W?.`....4O).pBIS.h5.....T.?.+,/.P|R...!G..9W}....rH....J.E.X.|Huwf`.*^...|.!.:...3W.0.._..%...~.....I....Z.h...).....+.'...uT....K.jG...i".d.....<.w.BVb.gpn..)w~.M.hv..m.#t_L@.ErT..aP.^.W]..._;..z..a........=Cy..k7=T..pX.......B....I.b..#t..?..H.!......-..+ ....1.dU.,...T.."...:..s.........E."...|..o"c]..(x....|..9.;O.@~.3_......]Z..G.."#.rE..c.3.b.uGD..k.Q....i.......]~k$.\...J...r..x.LR....<V........R.+o)Goqg....n....Q4i460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\281__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1227
                Entropy (8bit):6.975750108200671
                Encrypted:false
                SSDEEP:
                MD5:C197C858EBD01A99375E5867233980A3
                SHA1:9443AFFC587F8FA838CE39B5767E683A381E8C46
                SHA-256:C181B2EC42DFA5FD49EBAD617036ACF4F82A206D175BA2535274051D85ECC581
                SHA-512:8B1B20DB7D230C5FB5BE7C0D3DEACF7C7693692DC77CCC44FA814AF3B264516AF6FC58EAF2A414EAA72ABE9097EA779951935AFA7FA0420CAD00717B196F118B
                Malicious:false
                Preview:.>..<w...h.).......] |B.L....Q......E@~.2.@..`.r..L+...Y.jE.a.+.RrHS.z..X.....y...(5.....N.AD'...P...I.G.]...nU.....o.\.Hp.....@..Otc...q.H.../.....&.2.(............e.$....Q.'.....4....2...J../I^...T#h9.t....W...f.....].t'.Im....Ho.\VZ..7.....?...).$Pc..).[.v.eN.Y..*D.......r..~NZ...0.Bd......5<'.H...E..S.%{hLh..:`.K.....;A..OAV.p.9....w............,...SW0..B..JoE01......:z.....&......2.V....R.....e.M`....SN.?.J.jYJ'........2.zr....T.qm..8..?..).`.Z6..Z(u.%.lJ..../.:e..9.\WH.".I...=@...-....$...........#M.(w.[.......`-...3>h\........e.s(..t....WXLw,.`..~R.i..H..|..d....i.KY........IT=....@;K..o.q.W.4QF...R..R%Xn.,V/...I.....?...fK!.'..6...!....p.. ..M.#....y..y1d.JKW460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\282__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1161
                Entropy (8bit):6.8614531319105705
                Encrypted:false
                SSDEEP:
                MD5:FF491C5F8C91BDBFB9461DFFC1B81AFD
                SHA1:B67CF11560F8AEC433387E9269ED235E5D98E0F0
                SHA-256:4EB4CD1CD143046C6D9B7BC990337EEC41CD27EECF3CA60BCAD9A321B7E0859B
                SHA-512:56A1782E9E9FF5E9EA7274F15AC8A9B114172DABFC828BFA49B6C3AF89BC30371E14D487E5C9E2F05EFDA1A64A422DA2F22D80950A47977AE73476D10CA89D91
                Malicious:false
                Preview:U...?.2~....)....^.9..*..n<N.w0..r.."...........^W..Q.....R.iAI..`...*.........7....H,s.&....*..X4.*b;.P..Gg...9U.Ee.C...Ux.........n.......u..^^#z.F..^.W.._)0..=_.<.]..2.+abh.9..5k@v...H..<2..9.....@........5.D:...w..S(.4..&*.'.Y.t{....w.:.v.B&.)~.c.[#..si.8H.......c1.~.&R.N.6.....@.89..n......O.G..Z..d.....j.......6....J2P>...p.&q.LA.xic.....q... ...w..\:y.....8[.6.-..1f}.....)..h....#.....H.c.../...Lz.Q!G.Q7/.G%....}....B.%>.....Ck...=La....oc'+.....M.M..{.W....U%.kO..R......35qO?...9.&s<#.....bL.l[....es.@.u.....v...L..n`g.:R[...\){.sR...E......n..|.$rc!a."...hoZfgk...o.Gl.ub.. Fx.F8...:.Y.....M.@......i&h.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\283__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1239
                Entropy (8bit):6.945760684144596
                Encrypted:false
                SSDEEP:
                MD5:5E9A5DCEFFF2A2783E4757822DE9E18E
                SHA1:32A47FB4B19BD1523DD1301DF544C66EA99F0FCB
                SHA-256:F5ECB21216049D698113353DB6315669C1C362157E2CEEC00C9C0F3BDD3178E8
                SHA-512:B1D54B1363ED081C8F90B5A31EAE26F9697445110F3BE577E4595688A892B1D84244DE3CA09269712AA1219358E96A12120509D6EDE309D659FDA6581856E1A6
                Malicious:false
                Preview:..W...M.D.VQ&.S.h..s=.....M..}.&.C....?j0....c.~..Tdf9....;.Aa.|,...o0..a3pZ#f..P.6E.Yh.0.Y...r.4.^ t.X...4.....R..>7.....Gc.0.k...d..Y.5.2.Kq..b..[\.H..P..D.h..f}.S../.k..7..O...K....2.]R.>...{.&...y.X.K..f...$._..S.7TG......?*.............e..z....9.......6.....m.._ .h?D....f......._&=u."6....q8b..Z.:..#l...g...(..|....F...j...7Z.....7e......!$.@.......l.SE...g..8K .C.......3...P....2.3.#kT..y.X.) b.<....p...5...L."...Q}.f..V+.!.!S`{..a..r..........B.........ks=>E"..g..t.h.Q.W~|G...>..B.0...3...`z.UFjD...S/.h...6....P..6kx.A.D...Axp.....1....&..}.,.t...3...F...{..W...$)iA......O......M.M.m?.......>.3&S.-.....[.M|3.(...H........|.c...K..+.(.Jv..h...... .T!p.oJ.#..Q..f.Q..j...PS....x:h.N...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\284__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1228
                Entropy (8bit):6.955772669466792
                Encrypted:false
                SSDEEP:
                MD5:A1615131487A591D6D99F6DE4FBD31B0
                SHA1:2F4798EE14762D68CF5F3AD2CA9C53CE56F6F013
                SHA-256:B25C7C8130719F6BBFDDF45505BBA96888A850B88AD92512656A439DB5C2EEDC
                SHA-512:D712CB0D8A3EF5F99FD5ABF6A78D623A09266E93B767B52B94BD01D00F857844E633B777EDCE10F5869DECCD261E436C97E07BFD1C8C3253F6EDF10DEB209491
                Malicious:false
                Preview:L.ym..`_..{....-2w+.'.....@...Y.9"2..t.!2|..*&{*.DE....L...PL.{T..YV.n^..ag%N..W.........}...+....I$c..e)....`.c..X.Uf....7C\3........9F....\.v....B..JP..*VtG[D?.}.q.Q.?..#9..#. k..@....vC..2.#...g...c.K...`u...........}vc......Wk...|.|......r6.:..$..M..Q....+..U....<..O....5.Y.........bS.Dd..-(.=5.M...P.i........,...T..c.J.n.y...U.CD..wcm.h.......JE..Lb..{.|....K2.z...n.2r.... ..Ro2...[...s......+O_M..B..v...h.r^....(..ojO8.u........]+..*..b...........jSkr..)t..Y....{.`.....h.9j..*.5..}{n..N...P....o=J'=.1.<wd..1A`.Z'v...X...533.y{j.~.l....n.......s:....E.nKbl}..cv.o...y..y....$h..K...1.=0..F.(....[...2.t..vQ...aN.{..c...P......C......O.....@O.h{x....5q..6......O..D..Z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\285__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1383
                Entropy (8bit):7.137843674740917
                Encrypted:false
                SSDEEP:
                MD5:1649A97EAFEBA561C3F635CA8DCE72ED
                SHA1:098BC824B4D2F2A71037CF6653F0B39A848757E0
                SHA-256:3077247B970F41CA899B32F73C32B7123567631F979E9B244686BFF923C0932D
                SHA-512:0566E9D56658308C8DE49E1F0FE0F8FA81E0B6B39D8C9D03BB37975FA619113E611269D7F6E5D8238C2A7E3652287FD6604CF174714200B1319BF6E0FF862CBD
                Malicious:false
                Preview:..e..U.........+t.Pn....B*.....aP.W..7\B. C..|._..e.KQd.. z^!...y.T^W.M...x.F..'.b.qqN.y...%3..PhA6...U..g.....m..'.MM3..._......Db.....Q.?.r.o.Y..V.@.F.@.#..kh+....R..K.f.S...Sy.6o...H...QZ$...!n#.S..k."..f}..V.'3.I.*..x...K. .G...yI..?.........T.4)....6.@..-.z...i....@....g..:o.j.....>{.N(.B.N.#..}..V.....,*".i..Mq..K8.S..9\}..wj...... ...S9dT.4.\(...R.6K.jjGU.`a...=.....dm..pxM. ._..O.@..Y..cW<.n8.(..A..3...)..h.}...........M....3_.....~...P.;L..0*.EuY....,.-.X2.......S.'@......a......^.....h.3.;...}...&.-.....4X3...A.!.98.y.....YC.H)..4.3".b`J.fc..:.{..P.>|...Pg6..?..L.z....0w..8kM.>Neu..b..#...=k=[..WM......8.6....*...S.}k:.....,.n(>VI..o(..l....Rg..~c.#:.q=U>~2\%.4...u.........~......l}.8.X..$ -...p.=.K.00.:.......+'...]...lgo....O.#l.d..[..O9.!...D..o.Ln......}...I.G.........bm(.]\.j..S=.....H.yF4.XQ...>+..z.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\286__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.7574404988097925
                Encrypted:false
                SSDEEP:
                MD5:AAAFEC7CFA5E6B8F485542563A2E2E07
                SHA1:FF0CCBF51CA783D54D0FBF92F55037812D3A312A
                SHA-256:2D6471DBF762A1DEA41E28D4C19E056463BC6716ADDEE8DDAC1D8035BC626219
                SHA-512:CC7543497599492696A9FB9727603D533625DF32FF5090381E3BD49D29692D53071D237092687CFC6FCFCAEB5885C20A85960F648DA3E1FD25EBD4505EB83031
                Malicious:false
                Preview:...m..m.x...Kp....7.{.K..$bS..g2m...Q.K.O2.Xx..%..........k..aY....[........Q4..<.N.v.{.w.=.J6......5Dn....C...UE..'..J..Rr......S...w....O.6@NO..'Ua.1:....C.....d..H.$.1v.@."....`s..B.I.14.<..../.D.MU..........?z......>..;G...U._.......6.1....oR>A..r..uKZF.....3.Y[+..Z.*;#..7...............TG|..|..P.....w.B...#.AQ....J5Dhp..;.k.95..MJ.Zp.[....Q..q.yy..X..:@\....BJI*^........H.-.qS.6.U.....btCzlE...s...3k.=...0......8.....wS#.q.`...!...y.b..v..;a.&.U..}......]..[..... Q.V....46..U..N.de..)Y.<.h...=}...._.2....1}x....U..&o.E.....Un..0.e..L..}O.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\287__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.700214794869204
                Encrypted:false
                SSDEEP:
                MD5:5D321322A66CA67457A54059885E7311
                SHA1:C6ACA0AE6E96BB9308275F50C1521AFA874B181E
                SHA-256:B081222364BBA9B1D5345F4AC22904156CCDFCA078EC5743CAA6BD6234E9C085
                SHA-512:6DF4D9658E0C5B3B0DBCABEC82C23A44164E50BD8AEDA01E844F835E648604B43F573DF1C8A2841DD4664A73A6AF45F25861108BBE15EDF045F9AE56E7AF09B5
                Malicious:false
                Preview:n.2|c...`..Y.8....n...23....>b..R.o.K..L.t....:~..R...R*.u.f.=...;+..}!%{...?..}N>..j....0.e.l...4.?vU5.]....,.Q.......6<6;A.(..G....('...F+..Yu?.....t...q.w.-...Y....?.6hw.U.I...>Q.0...;.J.NO.R.@...:p`......N.f;'+T.H..V..3o...&/....].c..-..>j......u. .V..0.%...T..N..zs.t8h.....Z..Q.(..gz..M`.~...q.y....}m......g......... ..r.nb..lr..H..tZ..<.E.l..f)...T.....!.....*s.(p.i.0..C.~X..\...@.......p.19..I......}..].b....]..O.J;jT...g...A2...C.....3A..z...0.*.M^*..S9"0#XU..lv....t.iJ....M....d..ZW.kq..gR.>..J..:.(.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\288__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.480821751324008
                Encrypted:false
                SSDEEP:
                MD5:C7AA455B00B93DA377AAEC255C329E4D
                SHA1:3FA32A3698C571F9D180E7FC31D3D9C338AD69B5
                SHA-256:8D8EF632419305C1E5B10B916DA820539EF06216AB7E3731CA87318FBF0888A3
                SHA-512:037D7FA6EFB5BC1177459425B0D7727BA823B1F73EF82BA00A2BC0A8FC813D409E74B2209E0D5BE2F36DB2CED20CC49DAFCEF07A0083379D0D9932C6241E9FAB
                Malicious:false
                Preview:...v..8r!].#..Ce...?.....sN.w.3..5.o.(....g#.$..]. {MT....+H........*.sc.e.....2..E..G.e....ft.nqB...E./<.g..c...z.....j....r.,...Z77Sn.\p.y.r.$.h.k.............B....3.rk!...l.X..6m..oy.DA&......3.....k.9...Q+........EY.{..l.."..kM.....r...]........c....T>..<}....k..-./.&H..r..O.......P..H..-......s.h.2^.....g.s...2y.r.Z.022;r8._^.o.V.]......q..o.)$.e.'_Z....N.,p..eip.uQU...q...*..................4!..K...7....gb.b@P...].....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\289__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1390
                Entropy (8bit):7.112973378646145
                Encrypted:false
                SSDEEP:
                MD5:E4B5D0DABF62E5BC2E490A1BDBC25016
                SHA1:45015DBB702F38985C8CB0EEBC4DE6AFCC226C50
                SHA-256:9A7503B3FF087D17AC4C5C3E54A8643B62A5DEDC996B8B0405E6B9AB31132270
                SHA-512:1A01D1C139AD347F9470EA622067014A68A3B6B07F7DFEA829B1A2B687AEC4CA8BBF6506BEF986F0D4C3EC96150E7EF78E70648C3BCAA9655FF4F9C864340034
                Malicious:false
                Preview:.<.?...Vm9_.... /b...F....z....J.d.G...._. Z.|..!O.}z...,..E* .*....+(.q.O .efc.....g...P......1X..[k.o..Os.....u\....|SxOP..^.4...9C0.ha-...>..W.1e..........pCrn-M_......7...EUc.8./R....&..>.........b..x...R.L.Vs....v..UY...G......^.hfO.@...?...`1....n-1T./*.V..i.....9*.E^. .t....wD..Ze..d*.UEV...U..~*..B.Z.}...?.".YD.....$\...?P3d&O..*.E..G...u.\N&NS...1..K....6.b...d.\...a..`}d.~0.z..uDE.G...\.V.f...ZO..$....p...xm.[...6.C.Z0..j.w...n.Qj....4.\.*.?#...w..Z<U>h..>..Ex..q......h..Q..|...T.._.e\.F.......@.a:...Q..b.ck@..^.&.h.......$...ro.C.3W.kl,.RO.1]_.A8..{<.UK...[:.....*2.3*KQ.W:..\...>g..n...`d..1'k...0..<...I....9...t.-t.*...#...$.1...n.g....?Q.kY..d..'N9N..v.T4^...Qd..Wy. .b.....U.........li.$.3...{5../f>....M.....^....G.........".F.Y..ak..'~l?....)].(B...p..{.._L..7.........6]F..Wub.U.aNB.9...I..:...pu.....5....~...g460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\28__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1345
                Entropy (8bit):7.10980571876799
                Encrypted:false
                SSDEEP:
                MD5:6AA8AFD086DB21F7CA89349F75AD5F22
                SHA1:BB9B4B8A3DAC5D6B5F18127809FF99364D424F9E
                SHA-256:70D3FA93ABBAE85FF1EFE936B5E2ADAB8B0439C41A30900992E081F58E6008CC
                SHA-512:385639393AD2E0F8A207F0D25CFB7D33E7960DA44B3B5AE29707F0F06B86C6FA9C6F2591AC02CEC6EAD42A653B7FC91F13E41977CC94CD7DEDBBDE92C9D6C529
                Malicious:false
                Preview:..m..A-DfMt.B,..Y...?......dYo7....{.....;..x./.....Z......y.%{.. %M."H.RRE;.~s.!...F-._....y+..Wc...*A.1..Y.*Y.......d.1e..XJ.3.....sL.....~.Pr0.zF.+..o.=W9}Gw.{:Tm@.L......A.3x....eH....N.^S..W.&..e..Az~I?.).\.%.bM..3.j.l6....N....q.H....\z....6.Y4.i.f.......ZLS.......6g.g/.".H.........9...T....k,...%...W.U..9.=[elk....)#`.\..[Z...Q..A....m.........{...2..9_.oc..z6.TYF.b...nm.....Zu.^....&...F.......A...z^.....r..Ug4.p.x.v...^..C?..7..b....yY.YXY.1M..UK...u.$.gm.|U0..f....f$.......M.Q.H. H.^.,..Re..~ .0...._w..`E....V..0@..:.g....3../.l....E.R.R.....o./...V.4..{<....w..j.0[kE]%}.kdB...@...[x.fySS..6i.-..$..,../.$(...q...zm.F......zC.=J....F........Z0.@..}Pz.hu.N.pW......?...fB\......#KW.....lag.a.p..-...Ixwq.9..ZXZ;..u...U.F.af."y........+..$.......s1..H.y.hL}c...FN..DX460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad441708

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\290__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):6.969498945117197
                Encrypted:false
                SSDEEP:
                MD5:6D98AA04B6F086685C04BB6D66792865
                SHA1:9AE590765628C9A1395E829B7EFACB4DCC534754
                SHA-256:670F5587FC8BEADF79980DCDD82C3E664E71A85E1F77254553F7A7D9E6566D53
                SHA-512:1F3A5B642AE675608EE8AD30A56F92F83CD29351CD5D3E9A7EE90C8FA0A502DA4D24136C064E70E2F7DDEBDA4137A6F36D04FFF519B3BC43DD9E350734B0882C
                Malicious:false
                Preview:...>.N..|...V.g.......o.........^.g..y.j....Cz..,G%.......Q..`.#..L.+.....ED..)........#8.....z..:......W..W.C.Q?=.oQ9H..X.~..A.R.i.E.U...?.il.!....,.I..=.#M....f..;{.@>.d.@..c3] .|\...0..Pr..?qqW.....j..f......-.@1...).P..N..b.!..5..}.B.-.ot....(....o4...'XjE*.....@.. ...lw?.Q)...A!......Jy..Q.A.|.,H..I%....V....y:...!tr.\.V:63.[..5.w.O.ox.....9.d.,.I.@....UP=...^...|....i'.c..........*..$...Wx..y.<^..i!..$......"~@..yA..o...~"b..R..(.....f:cQ.[..iw.Mi..U............K9....J`...~....Aj..-ZP..gz..O.F..s#...... ..P..z.......2....5t.y*.....(U....&....ca42X....:UC......a.4[1...W,.7...8.w.)b..p._.y.A...p.P..X..%'.{..jw............g.0.B;.@O..!.t9]e......HWG.y..........`..j.-.TU..Sg..b.A*.H/.>.n0..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\291__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1624
                Entropy (8bit):7.321557494374833
                Encrypted:false
                SSDEEP:
                MD5:73DE469B1440C90D8452E3A6452E2F11
                SHA1:871CD854128813B52164F3AF9DE2F83219192BFC
                SHA-256:5E5CF32A9FCA1305C0ADD2989C472F258F39B96F9861EFCAB1F5C9549302298C
                SHA-512:0A6FCF1643FCC8CB92018E1833A0D56A59B285F3BA6E03CBF3F124DF16D586EEB70C0B745E45F6C41D3C0DD8453CA961DDC0D65295CE46A0C498ADDDDF95660B
                Malicious:false
                Preview:GF...8.."....33OGl.n..A.J.o.P..pk.XM.....T.V..l~|...f[..#..>.)......O.C..B....t..h`..h..$..0.^........;....i.Q...;._..O....s$X+.#.;&.[f.....B.H..P.....z..6...0......q.L.Y...d+?.....G..a&...Mo......F._....#...O=.R.7}J..S.|w..+&.-.b.W^b.......l.T.C...0..k.R/62.|.....e..`W..J...b......1N..."%.a......K.T.1[.F?E../."......;.c&....4<Q...+%...i..F.G.=...==.W....$L.y.......Ku./....T....9N.~...J.UBi.._....V&.3+...K..9......]?u.HLg8...x...vi...4E.....2.v.G:V.i-..C......U.....I.....q..8.)S...K..*....s.3.2:..V......A..\>*....,.....Lr..&..T%e...=.O4a..i.......zy7<.."s.5SG'os?...9=v.....&.......%P...l[...?......hc<...9.g..^.....h5.N+.R.;...._X.Q+{;Fz..=...!=...pK..dRC>.#+........0c<............@.......<..~..yo........,/...W5.....\..Z$'."..tJa.VX..;Q...' .1.....1.....)h.!......>.....CFQ..x4f.U...-e..\..=......f.|.c!B...@..".W_M.w9........i...-.....[.......H*G.5.C.^.b..}6}...*C..Z...*K>.....Uyv......H..G.%.b..+Q.....1.......b2e...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\292__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2341
                Entropy (8bit):7.611640170696023
                Encrypted:false
                SSDEEP:
                MD5:1E7D47E766B77B228AF246F972589445
                SHA1:8EF2F66623B5E6EEB9E2052712FE881F71626BC9
                SHA-256:16AB3FBDB98D5535E655211984B610B4C0815D863874656CF86DCFEDBB7031C2
                SHA-512:A5B07E58BAC5F179366EA055131F039B9F22A251CAD0CB3DCE39C0996B8F2951CD6AC7D7EAF41777EF0AA475C3C8FC9629FA12619C4653A96EA5CB397C84DC21
                Malicious:false
                Preview:.....4...G..=..B..*...q..SI^.O..._=.7.]n.4?....xj.@R.0#..h...\9$l......|...'.CC...../...,.aE.%..[........b.V..s.S...7.X.......0..B.J0...].c/.l...-1...k.8qN..u...O.....u:...a....G0...c.......q........^..E.r.l.aO8.....P3...S*..~.]5.....Le}.....mWd3$....z....p.8FN.2d3..&...k..C....5..LI.!....l~C..7:.y.tWk.......O....>...A..S.....^. V1.w`......Tn....p.cq...5.V..BHI>.......[8E.|.!=..Pv@*..*V.m..q.wU..9&.2.u....$"|h..?.Owv.......$....W..H......g.u.:..y.jl.-.....q....p.....B...|@.Y.V..{tE_&1..\.....[.._^.-.gT50#..{....g(....Km.xzOY,.`...S....&...@.W*..P....sL..#.g../=.n.vu....N..q.._a.0.y.p..).a.....f./.t$R3...Y.ld...x^_....~..7....7..p>#7.~uxz..ju...TRy.).......V6..3..C.Zg..<..xk.c..[1.]n.l'+.S*W.07.%.z.,.....b_..-.el..Mt......XT....tLD...&9i....{Wz.[.....6~.E+......a....;mV..b......;.F73.S.r...6.....I.'%I..a?n...s.j]|C..t.I..#..C.@.b<4.j}..4*.K...B....{..(3.UR.Z..6+&~.v%+M.P.1....U.....x..?E.5..uy.....S...*....-..L.........m.e|....,-2.ArF...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\293__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.920305309002066
                Encrypted:false
                SSDEEP:
                MD5:8040B7CE81E1EAEE0A60790DAD562B4D
                SHA1:2AFDD16D5D9F273C140D578A2FD0921B8FF5A073
                SHA-256:E171E8FD4B45BC559BD29B729389F7C7C6BCD5919D3474A43FF72E987F25BBE7
                SHA-512:469A406688C65AC60CA37346CB4B6E4166C15FFD0187F956A4F1BF495B8C75BC3E6C47D5ACDC948A62850E2E9BB82D30CE3032B29403C9BF5E4F3C6DE0913BF8
                Malicious:false
                Preview:..Np.QSo..%..4T....-..g.'f..qo.....J..,.....R...../4l..1u.y..fY\`.....y..~...#...N(.G]........=..nP..I...&.H...2..1JP(B..@..>|..RNy.......nK.\......eM..!..+...\.r..x..T.......-`Vh{.Q}<D....0.K..-d..i........u.().X.b.$.y.. .2/.2..S`1.Q.Z1^........"Jv.k...H.F...D ...a..%T+.Zy.. R.Q..\..w..E<..Q.A.'1T...........xF.x.m...<..........].....r.D)..]dF..;.qq..v*_/.I.^Sj..f;...$.....-.V0Q..S....r$.....-...^..P.#2......kW.........,...Z.@O[-U.S....6.D..i.q.....J..f.D.9.!....2......U..c..Qd.4..M>.8mB.$......9........E.|.i..?...Jr......nT4...oE...v7.C9.L4....Q..@.........o..:3!..,t.7..l=U\...~..K||..P`.)..M.}{_.....M...4....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\294__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1226
                Entropy (8bit):6.906697353499607
                Encrypted:false
                SSDEEP:
                MD5:39C8D5B8EBEB3C7A8829404EDD89F375
                SHA1:B67435653A1C5FABBFB9C4925D21E3B761CF937F
                SHA-256:EED441DCB7ED71902F2E80A402F3083DEF74D712EF16DF7836FADA23A0F28C78
                SHA-512:BBCCA8386221BEF2787818D8F9EBF31010A4F1594F35A8A8B84556D8BB7C10B826666FF8B67D92DD191F4FE311C077D4CD171FDBC7DF98D69765862625F04522
                Malicious:false
                Preview:..;...._O.9...c..V...d^..............T"6.E.n"..s..b.........{}...)....Z ).A...C..yZ.P....EM.KA.P.E..n..._..../:.\.\w.1.k.6.4..;..y:&...q.opd...E....8........O.u......m.2..b..?.[o~..tk?gb.b....}........[...n....K.*.P5.by.)'.zU.d...Y....'.d..c..yJL}.bAvs.....P.&P. ....Z.Xu...@Hn..YJ8~.rJ.h#b-&.T.!u.5..a0.....sy..3....P.=>4c.HJ&s..DQ..yb.@..hw....8.7"......:.K.U..c1..&?...5..H........[..o..e.>b..3H...0.b...Y".Dq7nW#.....L...q.V........%....y.....my..*....5J ....4..J`.F.H1H....Vk|.....}.....1..S.v....:....Ws...i......."+.w.$..1~..84.......Q....s....y.............y..q..P.cp......B\.*..].V.....O .o.<.j......AK.t.s._..8..oVPf.&.).*....@'......#`<.9.......F...z.v....8B460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\295__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1633
                Entropy (8bit):7.285262262273978
                Encrypted:false
                SSDEEP:
                MD5:502407A23D782C28FAF12DB43CFEF23E
                SHA1:0674817C0BB0DDBEDF40A516A35C5B39521CEF0E
                SHA-256:A7F95DC0653089F4DAD77AB2A9508A5EE5E26C22ED14DCC1B09FBB94ACDBEDFE
                SHA-512:2E4AEC5ABF8D0A982AE1A3C24E2BEF398F78A60CBCDAFE8D97909CFFD9D90600A184BB7275E98320FA3AE81F67A60BD36A2B735B2CA03D47B3B23BC5B4ADFFED
                Malicious:false
                Preview:M...p.......Be...d+.|.>.....U..:...+....9.=......R...G7%...../.4:0J..db..:.{.S?%..7..G.j..C.j.,...!J.^%....D....F..R$v..Bl<P..W.._..v.B......*m..#..~.E;.dh}.$$.;+....n.. .W=.c...L.S......9.nZ.......`(..Ix.5...!m".1T.`.-.!...z..G.x:s..Al..1.....}s..+>..9.4..>..P.j.&U..4:.Z...IQ..0.D_.X..U'.cx.....R8.6...a'M..R..,.....?...'. =6&51....Y..b....c.%.....4\w.aOD....v~.Af.x.n....N..1..c..h..H,.a.uE].m..L...T.:q....Io...],.M1...7..S..i&.....X...\...4_q.CW...n....Rth.......8z..\...\...2....#.9._9G5p..dtg..c.A:Y...u.....J.F%.X...c.Ah...5dSd.[#i8v..<<T..4]L....X]...E..4-.2U...3uo.....CN{....{.~&.b.X..,,.F.C...[....9ij.".M..l}p$<(?.n....sq.Xa9.e..q.....].`K...Iz...^.N.....?cv.^..1...!Re['.4./...8....].hj+....Z...$..4..=..o.?.%....6$iH.y....ziR.Q....f..A.Z......."......F...'^...&..uh{vx.Y.a.q.Y......P.:U;..{.GS.3(..h7.....eE..0..g#....'..>.^..z.k`V_.e|........5....&.....N.8..3.......tu.%..j/...=,.*..o2.t.:'..=..}....q....FL.}.ya.* _.....Y*6H...&.%.m.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\296__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.729133240235816
                Encrypted:false
                SSDEEP:
                MD5:4EDE19F5A060BE4151F98BE4F621738C
                SHA1:6EDD361759AF537D070768CEE5DEA49286F7B8C7
                SHA-256:080E76C2EC6EB27A28D02F4113FBF451300A4C0C92BFBCD3F2A86A9F5A8D892A
                SHA-512:B92D5FA04FE6A41AF6C2C632A8D4BEE854E5928D60591C7435CBC383434AAC8EE0D777CCCFD6FF4D4D68A2E275184F6D1EB408104571F12829C60AA8CAA4378D
                Malicious:false
                Preview:e_..F...S.T..4...#...4.u*.2.....bg....0U\6t..)..^o...UX46.a. x.........B.E.|.tj.Q.=.g.......'O...a.w....b..SzG..sByvn."\..jYx%Y..c..+%.F.:O..v....O......... k.ZR..`..W.8.7..Z..YU!H.T..k....-V...O%.....o...gqL..nO#>....\s.,....../8.j.....;...$B...P.........k{...6.l...........dt.Z..cd.x.ku....C.$.G.gK9..~.9A.N..c.,<.S.tu...D..9.....f.G..;x)..?.s.......5.Z.$.cP%....G.h4.3pQ.REydJ1. g..W... ...v.n....}......s.'S..zw.,.o.kl....4...n.I..\T..!.......z.....!:.d.....4...H..TS..p..Q..NK[.....%....|v.<:.O L...../.~....}?.A.2Z..G.O...T.+<P...8..M...c..N..1h.A460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\297__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:COM executable for DOS
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.666365290748185
                Encrypted:false
                SSDEEP:
                MD5:EB6E19675128A85E28DAE12C7787F5B3
                SHA1:781F6B2D33620FEC602E71C8264F3B20CE4CBF1A
                SHA-256:FAF2DE1F626A8B25F99C9B8B959B578F76224593C0D6C0BC42AED775CB74F812
                SHA-512:FAC4942CDCF7E6A0012F809AD77FC31FEE5EE111A0B8BCDF9ACE6F0DAB956457BB091BB88A2BBA9E9A68F0A8B072CFB9CE9FB1843F8F0AB14BF2CED058DCDA03
                Malicious:false
                Preview:. 2Wo.G..S.i...8.............m..||.N.FH......Z`.-{.."Z.2.pd<.:*Hw..4SU..S...i...P..c.idv...8(.s..|.zF...9..F..?.F....!..... .l^..c......Y.Z."I\zT.#1.@.U...V"...b.x...Z.e.;.....KY.8..M....u.........|.L..b.mlJ....s/..b.....u........?......)..# r.X...%....).T.#.$.B...1H..m.....&.K.1{H..#yi.G4c...:8...T.S....!E)...0.=..*..SlL...~..][.?D..|Z.....d^T$...e,_..7L..i@}\'...=;t.....@.sj...~.F..F.9.2.6<..n8.....jG.?.A...Gb.-Q..[.).vT?..-...M....v...J..*.h..mYZ..Q1.hS...m.tj%...-.i....$..Bkx.....k*......!.)Y<460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\298__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.466669260346239
                Encrypted:false
                SSDEEP:
                MD5:134E8E290A722E6C8F7D467EAB342F83
                SHA1:969B8C6A05A8765F5DC7D62F3AF563C4A21421F6
                SHA-256:8094ED2E33E98A87A6EE4A92591FED77E0E0AC741D2B3C9F0C2D123FCB7CB136
                SHA-512:60262DF685D2EA81EB4023C5206E69DBE47B97CEEAEB4269D42781B68105046412A578B104788445FD955F44FE37912A9A492AF65E9D44D6DE50493EF8BBD063
                Malicious:false
                Preview:6.Y^`...g.j....`....uG~....v......)~...tT.Ss.K..Q..7...6.\.%w............`C.m.......<(.s....8fY.7....Wl.$(.9;m....R.;...*.8v:[..qpO..%.V...S...'.\W.&{z./....ME..}.....BY.f}.Slc........2f(...t........SJ.ma.....e0.g.g....U....T....G....+..,.<A).C..T.Z.%.......E...Y.Nxk...67.k...I......C..ct8..;{Z...D....z..S..Hz6...4.......zG....$K...lf5tA.N.ZJ'_.=*NI..cYZ}P..YQ.)..8......;..l.8#[.......j.e.....).e|U....}...;C...i..2U.qT......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\299__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1369
                Entropy (8bit):7.1229863098302495
                Encrypted:false
                SSDEEP:
                MD5:6449D848F1C903D02CCFAA141124E2FD
                SHA1:0AD55DB1984B9DCC377DE3A6E0617D424FA818A3
                SHA-256:A0FEDAF1165AA4BC792F1E2E250CE3324AB8E0D825F39747CD40CA5A3DF394B9
                SHA-512:7F917B8D7160090EA289EEE4732AE1D26ADBF3515858369C944D89A5E6D5789504BDBDE64392C5324D25C264285299D2F141770BCF72BEDD89B1EA03B7D3BF36
                Malicious:false
                Preview:.......A.P...`p......R..<$2...h...5....A.!Og..R.....A7......d..p...na3aD..#..J..&}sE.'..o.t.33....Y.FQ..8.l.fm.....K.#.wx..c.1.+.P.fE....~...l...t..\.g{9e#._(t...wuIB(.uY..1]!..q.d....._...IA9.A$..p{3.E.~....U]-{:."'.....4v.?.....:3..9..5./...>.HWf..O....n..b...M......:5Z...Rp....N.+!.q.$S'~..[.......E.)A$O.P..0.....{...l....S.a..s[)..t>/....1.N.j(........j.@....W........O"..Q_AR.:........&m...f!T?lV.)N...O/..Q.a....9/.%...;.....x...y...d].v..*.r......v.Z.J.fB...1.r.. .%t.r.......S...D...Y;.qNB......+..!.&..3>-p...B...r..'xK...%..R....:.f+.g....-.........Q!.PO.vy.O.U.......d.0>e@..p.....T..:..'.b$sn..s^..r......q.=..!E.q%...,h..]...........1../.d..h.Sy..S;8.5.:...A.,.2.....)..:n.Q|7Y..y..j..fK... .....lG..+9y..R\.<..e5?Bk.x.%.b...xG..9........ ,.B...T.v....Y.'..O..`5...?."*4_..%#B-....J.....x8.K..&.........j...^..T......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd02

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\29__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1158
                Entropy (8bit):6.913605025655956
                Encrypted:false
                SSDEEP:
                MD5:6D35B43913CD84A944949F37B6BB5629
                SHA1:6AAD4AFA0F1EA3442C990DA14D2E191EBF4BC137
                SHA-256:745CF98C9F70407896B7270169DFBBC580F52A5F1A920A59F16FC71E06FBCCFF
                SHA-512:727C4B98259FFBCD0F0A889F888D3F9FB201D5692FF8B006DEEE6A31A8D73DD401729F0A917945BF8C50B030DE45DD2C277D6DB7E34FBDC7EB366F7791477B4C
                Malicious:false
                Preview:..D...u........B.x,...4-...{..k7c.i...r.x... ..=ZE3N.u...l+...,Q.."... ...y.$.kT.Q..^+.A.t.T..yB..>f6c.J...?...r4v.....0....d.X.T..%...9.Y.t.....)../.L....qao.E....4B...7o...+.`@L..Z..i.7[._g.Cn..<?..n+....b...e.F...1}Y..?.....|..B.Y..D..B.[.q:r/_."<...#[$...\.[c...P..WU....pA...d.1...W.i.......`Mh..2.7W..!f.....I......'..qV..S.<....HMV9+........F........w......S#..u..K..t..Z(..D.....M#..S.0..,).v......y..:kT................]......O'..................f9.]Uv..../0..z.....oH.\u...Nw\.A.D..>.\A]i.'..P.H..0..;_.V....dCR^.E.........S...tb.......@c.a.......B...s.C.....r.y..k..l...>.O:R..+.)O.....@A.d".,.\O__460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\2__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089
                Entropy (8bit):6.802378786072023
                Encrypted:false
                SSDEEP:
                MD5:9777B1F67EAE66646863308E62D2C296
                SHA1:51DAC944F533C10B39C77F4A170CC9E5C73AACC5
                SHA-256:FDC22CC0D801B5C1FC57FA41005770FC472A60BC251B6D3CE36FBFF5A96A89EF
                SHA-512:4B88748EEA418BC49993BA9ACF61E616B2952F4543E771CC53F818E4F6E56AAA89F34643184D6BDD5911DC45FD995FB1DF0D255B2EB5FAAD8E3AE7EFD20F1BDB
                Malicious:false
                Preview:r.tjQz..4. ...=6.P..w..) ./.T...=L<...k.cU-+\x.,..1..J:........?.......=J...r.w.....#.E.vX..mA...4.k.;.C..O..A.........w.....L.,....Tt.hE..A...H!.i.[]RJ......e.x..W6EiL...85...XR[@.........&....f.4....H...O.%O.Q.~...#'..f.\~.i.V.. >.......?..s.n.P^Ko^.Pv.....,.......B.jr.\......B...d..6!..M.y..U.....i.I....m......~.>...\k....&#.h.y......V....'..9..v...gJ.X.L.Y...,e].kME...H.d.A.}.;e.......0..l...W..._.....z.....\..nf.O..kz,b..L......D.........6I.L.........F........cs........{i..[....T..s.........9.d.l...v<.I.......6..u.8".o...@.C}.bD.z...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\300__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.799507023422962
                Encrypted:false
                SSDEEP:
                MD5:B02C0C8F716D50EC21B0FD4BE5ABE994
                SHA1:6D8B1E1661EAC2930B369CCF87F694B08EAD999F
                SHA-256:8CFAC34483A778AF30D2DCFAC33EB04044F85E925A08F059B6035CB01EA513D5
                SHA-512:B52DB1D8B9CDD5E8980324D782B377EC549D0EBCB94F48947B6113AC559718382FF46EABD69A067271B4318D6FB97640D9A743324AF155AC4846A79789EC36B1
                Malicious:false
                Preview:?.2:.....~..9)..?....y(.......[..E.R.+.A....F.X....")....;..C.Lz7.\$.@..w...........d...Zr$.O2~n.A.n..E..>.+b>.q.&..tq..n...B..qj..*.../...N....L.k..?.........!$./...I..I.7$PK......M.."X.....=...|#..U.P..G.7.1.}.-v..tS...LB..;.a5.S...ED...rCf......@.p:.\E.....3... ......3.......R./..;GW.........Wh....>{.'....%.....j.;I..t.D3.....O..i.sl.....W.....$.u.;..R9=.7$h..'...9..U.\..h...........L.l...%.\Q......W..B....~`.......JW.MQ@\z.....:.M.D..X..... .+/.K.....X.W+..3...A.H..B.......^.U>...q$9..i.J......].j...Z....$.+DA.Y.O(....[..._..e...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\301__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.6975767955125125
                Encrypted:false
                SSDEEP:
                MD5:D92B2EEF81AE8B2051DF6C66404B33B9
                SHA1:301F8844A3542D53CDE846283EF7F3E7EC6A7A6B
                SHA-256:CE806356D5089524193011BE59C65E5A259CE36FAD86CDB2AF9B4899F63A4438
                SHA-512:90A747B56FC9A0292401BD5B146CA6BFC614CBAB3795B60BEFADB38EB990C43F53CC716E3A415B10BA55AB90E9A6C111A82835B077C466A900BF7D94C2C268AD
                Malicious:false
                Preview:...ec,B._..9..2......K..#.....=..z.n.$.R.#$(.v..>....+...?.q....Y.&.;....{.zA......L.....{&.......f.V,. .%.........W.!..'...u....C..2k.8.....4A.`p.........O.O.....u.=a..%x....X...g\.......FG.U.[...:".|...A..~..8.........|.!..A.+..o.n.....}l.Z..t.[4{.....3s.%.4s..F.Y...'S.3.9d.~..,..9.7]S.1B... .#.5.. V..;,+..P.A.]L...U.k.<.]!W.y...@rIcG.........61)A.@ .....S.v........7Y.?........(T.$O.^{..p.I...w.....47....Y.............Y$..a.j.O:...&.EG=..b~..5.WA.....Q&.)...b&0.......-!..@..o.>x3..k.m..W460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\302__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.502573386737583
                Encrypted:false
                SSDEEP:
                MD5:EBE15D32981D51097B5EDC8AE143F643
                SHA1:8E6BC0AB9B311980C281EDC9495053DBDFE70D80
                SHA-256:01272EAE13B2451BFACE842E159B0E76A343EE214C0920C437BC26E599175CF5
                SHA-512:07DF3BFCE315BEDBF9E4AE318DD08DCB62ACB7B1FFDA02F69A7A838FFA3DCD71D4E14DB3477A60B567BF3AA931594653ED3C76DB3DDF668B22C07BE85A69F9DF
                Malicious:false
                Preview:....U....B..3K..V5F.,....P.~..P9"aF@....D...9.y.Q..... .."#. S...8..`S[.y.....G*j..R.....+.!.<..iBs...K.bP%...#.q.J(.v.o..%.&<u..Os....J.G+L..C....nhp/^..po~..1S...c.p.F...n....|F@...s.v...'....E....qz.G.3}.g....]^...y2~.,h..\..*...S2.N_&B.E....,C..td.{..Y...D..,..=2.t..~>...{/D.Qec-.:.zB.1z.X.....&(.?.......c...V.!{]"R!..hZ...w..'...n.SR$.....rXw.A..AU.JC.}C..r1>%...^...`,q....A.#:'.X.lF.t...}N..{..Y....9......6\...e.F460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\303__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1223
                Entropy (8bit):6.974515391695829
                Encrypted:false
                SSDEEP:
                MD5:C8DA77178366ED1400156CB4A4B4A645
                SHA1:84128EEDAA396A51A0A12EE0C9F19B3285DF6BDB
                SHA-256:F271393F2BDCA652E32EBA7D8663111981250636CCE79B94AD98DF16E43D8CDD
                SHA-512:2712AB4EF1A5047374E63CD52E6510FE3D598328FEE4A776A60A005C965AE8A443E2362C19BABC4482F381CEE6E10C1C0A4E7805D7D623801B0CA96B3CEBA2B3
                Malicious:false
                Preview:.}?....e:........kr7...l..=.....mR:.iU.E....N... .&Y.....p.....U.C@...)&w...>..l5.F1.....?k........i.r.G.oz.....X...>4.P.p.M..y.#....m..L3e...:J".vn...f;E....V3..A.....s4.U.....2Sl.8....pcs...D.9Tu...6D....JSU`.<.].'..+.........U7t.d...k.s..lRV Z[.n..N0.. .....L....!"*..U...n.1|I|]....pT..w."...Ew?.t>Q.....g..:.]....b...h....?-2.@.../.N....EI....F.=^f..B.....]+G%J...yN......h.r..^.qu+..!W..w0...._..b.C}..;(..g....#?=...Z.m.6....y....yt.<k.<.|R.}"..d_.D...Lw}...~....uV......CY|..V.XnDh..r!...Y .e..w../.$E....c..'..a5}.[.wt.^..jn.%.....<i....!..6...E.....6sP.)d.5.)`.8o:.|w...t.......`.Y.i.....p....n`R$..|@...:.f..@..x.I.._.p..x.v./#....2.O..>.....f]...t.|..c....$..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba360

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\304__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.737292758996403
                Encrypted:false
                SSDEEP:
                MD5:6D8B2A424B81129CBA15AD0453FC4988
                SHA1:599402142410A3921E083A2E15BD85D8A26099D6
                SHA-256:0E5881052C50E1A170CC94FBFAF0F17D50010A625EBD602FA702D9FCAA9A3931
                SHA-512:5E949028579584DFE7B75DB1FD6C309D645C3B89A8D3D9CB3563751EE5E2739C8A1755E87CAD9ED4D333665F26DBC83DAD1886883BCAEADE08882507CA51ED84
                Malicious:false
                Preview:......VL1-M.V.w.,.h.s..Q..l.7..I/#G.Qdu.N&...q\..gJ...)8....\bZ.V.......D.....~....-...?...4..;.u..g.......k~...c..U.....s#X.L06.J..}....+h.6IC..h.O5..xM.y..E..e..B.x.C./{.U..n.M..%..7C...r..<'.SP.8.<.q.N...W...z.E....K.......%06..$...x.f...M..'....=f.7p=3{.....C.M.b..1...K....y.....E.g-gk.......\..<W....n.Ue.....<.VY#......g........Y.......0\..$fS.J.M...6..&..Iw.T.......K..$..Y...8.\..v7N0.-Zv..+....}.*5;.PI84l....q%....d0.3}..(..[.(<D.R."1......T..:...%...& Y,.8*...!.t.....Y...&n.L.t.y.......a.e!.@..!('.....2....(..b....=....Y>L.....7e1.B.iB.'.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\305__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.699111413251263
                Encrypted:false
                SSDEEP:
                MD5:925696B61EF026748366379C401DB40A
                SHA1:4FF84B25547A956CBCA25F943D6CEA67143C7002
                SHA-256:3A60A83B68B5C4521DE515444D71A7EA638E7C69FA47EAF62CB5DDBD691C40EB
                SHA-512:263FA2C7F800CF80FF8C02412B20F0F2C8240A657FF6FC24225221A8B9B7A9B1FFBEE1B632A1071EB6961BDBA07EA13B30E551F56C5410AB474C18FE956A00D2
                Malicious:false
                Preview:..J...:9<.YF.D.....s.b.'.t.h....eo.8...,-.....C_W...(..$~..NJa..J.A....W...(.[O..p.\.t.X.;6.#.L..>./l>.z.D1..e.<;.{.....-.1.*l=.6.I...4....?7}..|...M..T...>....X............\R....V.(......%...v....w-P.c...*..!....C...*2.+......,......x....6.......qu..c.........A....$.[..7...i...c.d...r{..Tp....F..B..X|O)...N..r.L.GT......xI"(O......G..r....I.R....V..........Mu.@JEf.Y.V..!.{...l..o&H.X7..'k..@..h...XN.LU.o..Iq.'X..M.7.d#jO'OW\.+.a^}.Z.1e :........^.....j.H2.LX....k.6abv..b.. ...~...u.el. .B).jt.Y460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\306__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.461095115612789
                Encrypted:false
                SSDEEP:
                MD5:519690BB3477A3651FEF19C760CA12D0
                SHA1:0FF963763AB892CD58D94F7018968E57E5093E08
                SHA-256:D9182B1DEB8381096E91E148A8E5F8BDBF0A0E8CE097E640BD93B31442CEDE3B
                SHA-512:956134E048D295A3FEC4438D9758BEA0523FB2D74544618426600376105040ED52E4BDE8B394A5357276041C11D13980D655BB6315108383267033BD4771ED9F
                Malicious:false
                Preview:,.`....[..*.S..h....Sz..Xw..Z...P.7!...[....2i|..C..US..[..|3@..MJ+j.....!%.=.2.Sv$\u&.g.W.d.2...f..-j...i......<..Ed....To..d.5 ....[.d..A"i-...>...Fl..A...@..n.Mp......m...q ....=....l............'.........c..r.....I.5..wh....>..W.J/b.+.d.K..<............q...........Y.?.!c.Kf\.....6..s...5.y...w.%.h..:1a^..U...."4.._...*../7..Z._..^7!......|.a.G.'.zU7n.....FY.....f.s.c..R6.m..]..M&.G(.+.....!UP....J..'.I..;...0.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\307__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1309
                Entropy (8bit):7.045270947530188
                Encrypted:false
                SSDEEP:
                MD5:3F1ED4340321D2156EACF11D0254735D
                SHA1:DD356CCD3BA157D35C6797EA6B052F539AA9D84F
                SHA-256:DA3363A8C262C1492283CA59123A3C2F7E9CAF877D211C4130EACD396A145A01
                SHA-512:CC4D822F5B74A77A4CD5D8E9C67642DFAE6E76D3F704E6C813DE6E468C3025F0B4D0DEEE345A21AB3839DDBD2A11E021CF46A2623BD989F69D71F3DE42943A99
                Malicious:false
                Preview:....>......Jp..Z..xTx..D..3.l}....W.e=c.Z7.~:..w.G..B;...1.l..Zj*..3Y.`.y^....x. @KQ.i........A....-.H......%3..(..8......0.j..&.....`?..r..BPf..i.#S.5...D.v...d.........L.^..zM.g....d.....Z..O3Q.....2...._.0.z...ttN]4..6......r...l..>..d..1..W.n..|...E.2}.....F...-4.vDF....i.^N..Q..8...{>....Hy.'W.M......yG.)...Ib...,.u..z.6.;.....)..3w$\...1}].....=..flQ.(...=..^n... `]+-..T.L.u....<{r.4......?.Dq3.>._....d{`5.y...ii.=./Q....G.hv6xW.qC..YaJ..][....=p..(.J...MI*[.o....8.......}.....I.O..8....?Q......s.[.?....z.Yd.......~C.$./.<..J}.........m.8z...f.9.).r...R...M.3...!7.].\.{<.o..)V. ../9......r.'2?p#..x.....G..w...hP.<w......z.^..(...5e.....'.h2..z2..n./u...a..D..2dMD.eh...3....b..WA.....(Z{}!#0..VK...C.e.W.w.q..z.w6F!cM.A.....oS...h...C...T...z..._460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\308__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1423
                Entropy (8bit):7.216664171502025
                Encrypted:false
                SSDEEP:
                MD5:EE490A08A6013018BC3500F33D74D869
                SHA1:2673229B8455823F181B6A495B1DD4F84C56FD23
                SHA-256:84203C78E7C41BAE5F3E833E779BE52B390B1B9306AA0EB7180F3C69E08DC0B5
                SHA-512:6710FB5C11B2634494B433CE3D160375D5BFCF662465497E22AA892181716A5DB0250D1C65B4473566436B46EF38A6427830241AE0BC7DBCE8716839E7651EB8
                Malicious:false
                Preview:...<..D}.B.$U.8.N.......l...gV.JvT...8.+..s...b1....b.......B...w.....i/.}..-..5..}.-Cl...a....=.&../....n.%.[..\..Ou..:..%.)W[B...j..y'.`.>..@...V.....T[lR.`.=..wC3...9].U..sAz.<[.wg..$.b..`[...t...;...S.D.,..Z.<.-o.r..-.hra.I@......X...nAc.j.zd_I.a..g..`.j.t........$A.t.A:h......2...^DV.S..!}p.boJ..| ...."v>...@..GT.8....e..t.*..R.....Y..=h.I.a.0.....:.^|.g.f..)..|N...Y...0.+G... ...XbU.k...>.....4d}~..E{...%.8.d.....n..s`...$..0.}.....:.|~.@R\.G...%B9K.G...a.....91...mlm/..x.q.......8LY.Xh.U..........z...i8gn.J.(....t...vn...[b..<.#?J....$..8.... .=.i..LC.\jR..k..L..,7...z.5O..Sy$..(ok....G...|.u.%J;.~~.{4+T.v.....|.\.V...^.:=.w./...f..B.+..fA.........W.....&....7.+if...R}kW..M&.. J...9..y[.x....*...N..t.+y.t.VU=.......U.m....I..6..t.......#/....3.......q..bo...!s.sr...O.pw.=.<'".y..rs.V..../Rg..m.<y......5X.-.E.o_y...k.y..R(P..S.r......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f90

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\309__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1293
                Entropy (8bit):7.05347522694343
                Encrypted:false
                SSDEEP:
                MD5:B355E1AEB79988F7708CF0B0626C70C5
                SHA1:825DDE7C0F8D8DBB0E6EA73F54CB08439572D86B
                SHA-256:6AA72B5F94E2D4EB7F1A45BFB664F4CCDD0A07A1FB81DD4653389F5EC96F03D2
                SHA-512:AFEE15C0F36E88229B85D120D2085F628ADB9584FFF1EA524F65E6906BEA4432AD865D7F62AAA11624CC0CA9DCFC7C508A8C9C8286FE64A962EEB07E96E9E1D5
                Malicious:false
                Preview:..zz.I30*.......r4..`......t.SAxv|.."ok...#.>gH8h.v..W....y.6.[!WZ........K.)....y._.b.6..B....i08....R.....*..+..ew...k.S.5h...f.m...._aG....5.`..........imM.........8..(?.=z(.d.N+Q.A...'.J.Y...Qye.r..LC..W..\.p..`.~......E.........:.d...74]x'.,..U..Y..._..C...Xd."^...........#......C.vS8.s1..8RL.n..H.c.?P...\43pO...&.&<eC..6.}..S..G.#......a7....1>.b171..ek.X.{..^.Nm4......:.....o,...{.>.........,+r...6.>..<*.*."*Z..2.o...~.q%[.....T...a.a..K.N......>V...........Wg.d.(.R....(#.."k.q.. s.A[.......&P.,..g./Z.N....C..5.....c.........K..X....M._.V..K"........4L.........T.n...1....w.BB.....YlK..`..&kI..j.zQ..^...n(V...U.`U\5q......w.m..(..h...>..<(...K....I.._..M..B.S'.}......m...Y........!..P>.8H....?|H..K..0;0Wi. x5.#..{.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\30__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1166
                Entropy (8bit):6.873893700597221
                Encrypted:false
                SSDEEP:
                MD5:664F29448D67FCCE1F9B097391D67CE5
                SHA1:9F97506EB7699EF62BEC4928DA47C7A13AD6F3A2
                SHA-256:153DB0E6CBAA0070711F859C7F7075403DF10E3F443C21A49CBF04B053A1FC41
                SHA-512:C32BA08A2BFD4733EECD329311EFC0FAE419DE1E7590F95654D2821ED8F27896E5173F03E8253F06DD3C25B56D044AFB2813E2EC2A3FE81A65982851A2B43312
                Malicious:false
                Preview:6.*..'.x}...=VoI..c.~e3... +`'3.[.....rv..z..h}.1....p..O..6..*[..;n.6.i..s.1...S.....r%|.........].m...3K...O.%{.G...M..OUE....~..e,....\.l.d.)..L,...(.Sd....?<E.....N.^..Y...."..!...'y.Z.$.gK.m`..(....V|5..-.cb..P.......T.7..o.^8.j/.d..j..h.....>.[` .h..G.&#?.;@...V...%mLv..X@+.PE.nm....@..6....Jf)+/.e..Lw....<=.)....b.`..rV....P.F.Bz..C..h@.....).......Y%...'..FXX$.{.[.o9.e.dv......w(...........d."...7.....0.3.U.....0D...l.\M.........../...j ..6N.....fK}.yM.A...,f.Py..<.)K.k...$..pvr....g......p....1q..2...yX.@`..Fzu.z.._....gU.uyw.e.`..x.;.p.,X.%.H..."%.....8JR.[6.6..tP9.Z...6%..?..b#).h.E.S...e...y#f.vU...z_~.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\310__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1373
                Entropy (8bit):7.143005126043508
                Encrypted:false
                SSDEEP:
                MD5:45BAD3CEDAB9615287842EA403307C25
                SHA1:64317E01F1945E42EE50A9963A55DA1FD813214D
                SHA-256:4D0E8D9A21AA1DD42EF0D8177A922ED05809050859E7C27DCB6F89B2FD260EE8
                SHA-512:FA743ACC351F58284E1AC3313AEB03D7E3A68413CC207FA172C60612E3C2E17E63D1E878887E014D6362FBD73338902CF3DF5E897800FCD0022CACA89520E0C2
                Malicious:false
                Preview:...y.......B.~..^X......5..YuE\'J.....>..B.E.z.....S.........-...).f...a........(.H.o.i.0..l\.\.&.... ...V.j.-C..?..-..]..>.0...p..4..C...0..2.....UX;O-.""u@J..g...4.1N...K.7..O.$C.Ez....8.z...v..:.m...H.#R....@D.i1.X......f..../.kh. .I..c.J.O.K.x.:....b.B"..l..2.R6.E?..O..Z~.|Z......Q.[.{s?....;TS.q......'H7.$z.P.My3.r..1....3.."..!..%>.........rA..N...M4.R0.X.....9.#..Ue.........V...1....P......-.g......?..2....C..?i..r..[..Os....o..w|=....a..N..l.K.:..}B..c./........k...T...6.a..wi.+.._r...Br...K.rA.PN..>.7...9N.;....G..|f..!.?)H.6.....)V.....Te&....q..^-D..,...@@.....=..JC"}.X.?........!."/..S..z5.E/+S5..{.Y./....CGW...l........&..@.......L.jb..MI.S.....i.<..........q.."._k....Kr.qQ.r.I...?}..oQ..d..N[{..w.H.A...L....C..^..........g.7.\....._.d..#..3.7y..h...L>...5.J....h.3.z...t\..t..N..5p..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3b

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\311__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.969890539096081
                Encrypted:false
                SSDEEP:
                MD5:054585C445ACB2A6202160C994CE469A
                SHA1:17CD0A63894FA4E1048FA72A7E0FECDD6622D71B
                SHA-256:1664D5858D28E5ECB23508CE7ECFE2A8E4C70FAC487B517328D4CE529A0A08BA
                SHA-512:C453435AAAEA4510C9C1D8DE2FFD48DF1287B4B29FE68BA9B72E40FFBFA011BA1F389A764423D7AFF646E3967A15C11925859851D22F0B68C2FCF9A866B47B16
                Malicious:false
                Preview:8..$.?/.C=...{wvE.Kz.<......0.%w...wc.....e.[.m.;...g.:q.j?.z...6._..J.ZQ.'...NK..&......#..YC3.gk...Q...u..h..I?..X3.EM0.2.....mv^.9(o.>(-.....q!$... h.?..$m...[....,".%.Q.G...d..3i}....`.D..jA..cY.3....N....r(....z...z..?K.^.}@,..wu..G.a......r6...6L.:.a1.0._...G.x..;z~O]........f|.......1;.k\Y.. %ZhL...W.........a"..d...Gv.}l.^...ro...z{.>.b]",...x.q..A.X.s..>rQ.....H...+.`H.....^.....O.C.6.*....3.Q...........C+..J.u.9.R.^O..M(..'UAF..........qWR!..ob...2.k.t$9C.[.....q!g..z.N9(8.`.nu!HV^..a.....RL.,...FJ.Q..*......I.|.%.e..!..T.0B...]`....B.$%.......-p.....s.QG.3...X..&...pf..8%jC.....UG.N....1.R..!>(..op?....X.S..].Kf...r.<[..=.r`71.rq........:A..2I.....d...5.8/460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\312__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.805969412610184
                Encrypted:false
                SSDEEP:
                MD5:409C4B6422394B8B299AD2158E5B73DD
                SHA1:F74F7F0E276CE0E4FEDACA38095FFF0A16B7CECF
                SHA-256:CE52A03D7B8C73AC40CE0B6E10E8BFECF4C68192CA19FA5F0D791F03693A0C83
                SHA-512:BD0284FBB197376B0AEFAAB6D760BB91C4AED0FCCCE7E99DDFFD1B41B5B4D9778DBD6F4B0C5ADA38ED1C363784725F7E4937DD079439D53EE0BF3AEE30AFB9F3
                Malicious:false
                Preview:.3}_..j.$..S....!.$.....'.JT.....D.:...I.9.g(@)...N...D.p..i.-....y..2.&3..=A..."|...6~I..g.....?H5_Y@'X..a..... ....:A.tD..%......ig..]...).%]b7>..........O..}..P...[...n-....S4eJ...>...n...........U.`{..Z..X",.|.[z../..|.x.%....vF.....F,j....%....x$..wnr.4Y.D..K....$Lj........s.U........F....u:.T..s..r..{..`U.A...!.&L.....v....E..*.=.7G....d..'.-.Yxt...ER./u87..r.s........F.-..b`.n.n..-..m...F.d..$....Eq...n...0.A5..|.W........j.*.W?.<...Kc.h.k.i...,.....QmW.|y..q..Q.B...w..n.d...2e#>.V<..ja..J.?bB2d7..Ap.;.].%Vm.E./.h.*q.....jNo..<..Z.....[..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\313__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.664855596285534
                Encrypted:false
                SSDEEP:
                MD5:D235661393C421EFE554C5BCED68FBDB
                SHA1:D8DEEF74491185B8F309A07D3A50C4FE87E364B7
                SHA-256:53DD1F9979E482647511BF1EBA83785F9E2695ED328CD24B6C4FB829246F3DBE
                SHA-512:E31848BEF8127D6253B8740AC533BC4916F564B05AC98D9A0D621845E8D5F278476792366323B35DDA81EA8CAFA03A38BDE16A51142B378584C50E5817FCCEBB
                Malicious:false
                Preview:..^b..U.G......p...p.k.k.D....h*1H...UV.{...x.. ...;.O.}..C.? ..T.-...H^..v.t..q3.......9..f....m.I.K./0..9..).;.).......4.p..j.<.2n.."....x..E...+_k.x..+...^E..m...R.6.0.....N.>.!^.nY.~...-.|ExQ4..$?.'...6.....;y...}Dc.(......Rg....v.0..}.b...9`].wu)9..P.;6l+......ZQaq..tH..ziH}..a.4.d.|....]..]g4..b.._(........w.E.nx.....B0`.:...=.....<.&|v..j..z.t.....EWI..i..2...=...5q..v..B.{.lp=K..\6.. 4..M].GY.Q..]v..............p:....+`hL.P..R........7..)...jV..p..E8........b'-.C./.MjOs....D........-...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\314__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):966
                Entropy (8bit):6.535809433165381
                Encrypted:false
                SSDEEP:
                MD5:F491029E1FC751B94A9A6AC90D76E23E
                SHA1:17BB3C52EC340DEB06AD559F14097AAD10937B5E
                SHA-256:695F89C333268E449936806FAD9BEBA0D89821637DB154E9A2632DB930B01686
                SHA-512:2749D405E9A5797202854556120F18DC1AC6420E197ED48BC9F0B56E263222B975F7A0B5A12952A2457800B67788AC3A86BD265CBF41AEBB8CD9C8CB043DE60A
                Malicious:false
                Preview:..!...9.-%8..DH..YU$b.....4......(L._.t.........XN..F.[.W$x......h..NL..(... ~Kx.9..L....2..'..y...Z....^.}....J3r.Bp.....w..`.'.I...2>..kh.Z.....e.#...Sb'.T..s....7....s.(.....A.I..A..M.. .s.m\%..l[0..NB.....7..0..}.~..>1.....P\.T...].]....s.2.......UQ.Y/x.sx..{UVU....../M.@wi.,.7Yw...].0I}~}..=....9e. ....mX....>=....Ws...>......oT.5.X!!...N.A .y....R<....6..@h^..."-X..u.........[NU._.....@gG...;.^C.w.v.N......j.Ju....~....j.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\315__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1248
                Entropy (8bit):6.986852829717259
                Encrypted:false
                SSDEEP:
                MD5:D0E969A2369BEFE31CFC63C60BC92A28
                SHA1:F21067D4317B7CA123BADC86B3B369547BFF900C
                SHA-256:0B37D3E35646BCDC273E2370DDD5E17A5FE294AD638B47F6A2B467E2190BB075
                SHA-512:23A0EEE79E0E4978F8BA5CE3DA8FDD76078BBE5F6A4B65D96F70B2EB04B3F5270FEBE49E694450C84EDC984153502B3DFB4865C11E6E02CECD41E5A4B4B67E18
                Malicious:false
                Preview:.6.......U.>^&_lF.<.ms.e].......i....RW.%...$........f...........HK.....................qC...1D."..g>....q%....}L.W.....T?...".....!..$.[...u.%]2WmUk.Y_.a..KF.w.6......}.5N.q.....zC...qH..9..w..g..<.)k.peh.ya.H|.xW.&.9.,...X.v.\........Vy..D.....?...s.oc......7.A..7f.|..t...81.t.s.7..P.b..f.J+......%"..#X.en....J....8cX.......r...+.a8.h...V.%....BqE..v._.k...j-.....fK.b..-......:.......g.m.R#.]...w.....#kI.z![]#.zt.L..).......Z?.Z*..T.F....7q...p.....="Mf[.g.._!Z.....pcV7...W..Yl..._..*....U(.Tg.z..E.I....Y....[..3..w.[.9&..Tqvj.S.j..G<.>..w..."q.pi.~S-.>..I..R....x0..(....{.....a....z..d..%...e.X.....uk.vp.F..W ..8...+Z.....g..h...p}!Z.u.[.pc..\mk.n...%)..C2...xW8h..:5!.-Tm.eHS..-...k.....Pz...fd...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\316__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):9592
                Entropy (8bit):7.952138915314131
                Encrypted:false
                SSDEEP:
                MD5:DE43A81E86A2FB47062CB36D25EB970B
                SHA1:8F0A446C7AF1DC7AB27361F6676E86569BBD4A83
                SHA-256:8F33603C54E7A9B4E580636BD22DB4BBD24F133E0FD4615355607AEE06EF803E
                SHA-512:B7B636B6921C16968C6B3F571CE358BF651B7E560B6B8943F825EABC12E7EEDF74AE9D8EA9B5A089804DFE7348E86685128A71B12821D31D1E16087D8BACBEBD
                Malicious:false
                Preview:.g#......u..-.(n...>..Ut.H5swLHw)q..Y..j.t......B...Z..V.#..mm..z.....l.8..O~..@Q`.&....W...=.......y.s.`K..{n]..0;.n.%l..2.....$j 6...-.%Y..}.|G...w7n2g..h.......<.+j......."...Q.....e..=.Aw..dx.?.Hx._......].v.G..R.....g.._>x.$p.s.."..e.0.&.T5B.E.S...H...1$.......pY._ ......"...w...E......*:_..|`Y..3....3E.e."B.h2.L.p..w%....B....?....L..i>q.@..W..p.T..K.....Re$..Sp..'9...d...}..M...0..e.....b..<.:}tg.b...$.8.....i..k....a.x..d]a.W...".M..(8/.5ne...=!..cP...../d1P.b.qf.U...J.<.^.st.9.......`.....(.......M...!*..PJO;..GB.pT.....GN...].._.\J.......Z^5.X.w.`30.......E..c.x..Y..r.d...I}..A..'...6P..Lf...U,n..*.-.....S.F.+...(tp...&.U.J...BT.n..|....dd..u.z..1....&.ro...^.&4.k{C./..c.G. .....f...rW#....E..C.A..F....f?D..-....M..J..c.`....{..S.[..Cm..l.DG.OW<4...U.....2m...&.....$0.P...;..C.pE..y0.i.V.Z...V_.#=.3r.....`d2...>...P...E4.T.P.)....f.w....N..5.=.$.....p.9.DX..@...B.._.*.Vp.J....8..g...1..\HM.3.....'.u...q.7I....6.2..B.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\317__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1654
                Entropy (8bit):7.385269965424134
                Encrypted:false
                SSDEEP:
                MD5:57CE8805CAB65860EE2FB61A997220CE
                SHA1:B075891998E5C1D6352ECD9A1093CF355CA40FAF
                SHA-256:412E00EA1118ABA57C837076A611EBEC9CDA1C1FCC774ECAE15E04A0320A041C
                SHA-512:C60AAAA6E3C27D69336304E60615CAF842FFF1F5399A0D7B5C1BECBA0DF620E7C5355A23E132D76FA90D883C813A3203F7B5CDC8C97BF236C90CFC466CAA06B3
                Malicious:false
                Preview:^u...%.GR^..7.Y...p8\..k.dN{h......2I.C.9..G.5....(.B:,UV.....K;......9-A.+.Uf...d.....^.x".<.o..W.YQ.s.C.....X.#........K|..J.tK..+...M..W.$.dIl....._.O.......ve..................i.t.S.<.muD...pP-0.....='e.....;...!/...^.{.v..r.B.1.vF,L]....3...a...Q....kQ...<Z.....).......*7......)...._W...sX}...\..j..0..._....,.w.5..$.N..|.P{..9.........1M.).w.{.s%>....9U..p|....OS6IP.....GO...w..l..E..m...{......<....B.0[..6^...b.f?..w.~......>2.B!(nF...Aw.N..A,...9.n0I2.r.EE.{...k...l...W..Kw..;H...c...j`..c....b...i.z.4..8. (?-.q.j}$...!....{..s]$.<.~i....%ES.i.z.....v..Y..m*.4~y..z.!.&%B...|g},8rC'.&....s.v>.?.....^..B.Z..L...C.......+r..*J..H...)....".'...<.....~.M..B...x...'Qs.-.H.....Y.........u.......,.R..<..{..PV.t..(./.m.[..QTM...X......d&..C...RFjA.`".:5.@.v.2d8....s.G....#U...}l..6Uy.].....CL..r.....3...zf.................s.J..3..8.N..;c...m.Z.;.E0)E...e..O....b..o...l<]m.....8.V..%....P...&..=.....'.\.k.G...5.T.0K....j.......'."b.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\318__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2359
                Entropy (8bit):7.626859904465468
                Encrypted:false
                SSDEEP:
                MD5:BEE55445DE55B900D003CA4ACBA4FECD
                SHA1:2403180298EB571686D73BB4BE295859016BEEAA
                SHA-256:9F592AB2CE11F378FA1E3EBF8FF140D611F10B54EC19C39B31A9D724892EBE34
                SHA-512:4394FE2E1C2EED374E6E2137DC6FF8195D06BE96DC966B13B5539AD862596DC8F379DB43FBB58F799C71AF04BF10CC98A88D172C3E8730B2A070B4B40D6C20E7
                Malicious:false
                Preview:=r`o.2..+.@..eFL../.|..y.t.q.........u..AC7.7.vF........sz.bvf ......{..b-}..s..9r,;..<v.....)..s..$<.Z4G....z.<....=oc..`,......`J..../...!.K....!.e..7/.I,......j.Yhg/..Jv.bS.....M..$U$.[..t0..@.Dg...d...y..^..$.8...@.plg.Y^.z..cc..)9.......i._d...8L.]..T..\Q..=....O;.z.Vy.Q..W/RSE(R...".Q.....(..U<9.....0.z...`.7.?._.1.zd..q.I...M.%.......T.O91.....!.._. S...........k:.]..dF.....z..u.pQ^.)....7Ej.:@...!oJ.F@....|..;..I...d80...)m........{...<.U.^.j....D^....#..@.Z....9t_\..|....,....$....0x...K...U0...D+........ur..PU....ZE....W'O....4".P..]...i.1.P....w.U...:..*l.\\...q..w.e.C....-...5........4c.io>.`h.......A..{....w\..wF....vV.~gQ...?<M,. .*m..7.1.g..\...[*W...C.?.5..3..J..*V.:w$.T.....sFeKv.J..'..6.......M...../*.Z..........!M.....OM.<.A<z.nbu.......<B.6.?~B3.u9.y..y......f......S+...q.a.v&..#.Iy...,...#.....,......)q~G.C..V...7.|.$......L[....k&.U$.....X...%eW(r....wB.Kb.q...v........njIE.;.......Q...{E:I.x.r.........A^...%.P..b

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\319__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.532125828961472
                Encrypted:false
                SSDEEP:
                MD5:4C73F84114B10AE5AE53D141CD21877C
                SHA1:75586D05CBB721F2BBEDAFF0315DA6124038C4E2
                SHA-256:2099485A4835E2FCBFF07CD202F07F4B7EB22B20256B753BEBD1D3E29E69D24B
                SHA-512:64A591C18B2E0D3DC68DF0D082C6F431E89EEEC853FAB1BC6EA279CA7C4A4EE924BC0CD39F66CC4429D1CE4C709CF2F57E7D62A3BC5FC95F3783D2CC060E6F18
                Malicious:false
                Preview:......,ut........,..=.</y..}...?......_...JjnfK.P{.5..g..>e.(KN...".$.....=..{...2.<|.5..&'..p..|...j....Z.KA.x..&.M.C..2.[.q.....9.q...j...y`....q.....v.....P.6.N<..t....q...gr.w.}(.D.6...E..>...;^:.=....}=d.B...M...S.8..~.G..j.L. .I.r..?\.|..BL...e.W...{w...._.b"..s..Z., =d.....v.....@..]..7&sL...u..1l.t.j...M.. ..m.....X..x$.x..U0;.8.T....9.kC.T.R..... q.O.j$..f.......S..\...<....~D....<....v.p+.j.wEmJ(..?.R.V1/...jg....1M*uNK0G[\M..c.z.?:..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\31__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1362
                Entropy (8bit):7.110365063383336
                Encrypted:false
                SSDEEP:
                MD5:BD6D1C37A2BD17222170A8C570CECCB1
                SHA1:9CFA97535DF523FA81D7F0070CE1B0AFA9A35621
                SHA-256:D461A2D727BD3F649605E75A95AD1FE2FD282F89929AFFC41A939B8F0BF08F70
                SHA-512:353ACEDFAA70138F0968788720B0A2D31E88CFFF8310F1B2CCE0C9FE0B1C14D52AF4BB2644B66FFA6DCDF2F85883C5251A8EADD246D99106FE42B2AC4E2BCEAD
                Malicious:false
                Preview:ftTY:............y..CS(.R..f..P.t..f.4.K$...t...#Q..CR..(..O.........F.m..j.h0...O..e..=VX0.%D.W.....z.<..S.C..S.4....M...@...?c.wD.c3.!J.yILU....k$...b..!......F...-.N=KVaG.z..nv..0...)..........|p2...,.~....z.w...;)ggH.tR...>....aM.\.I>.b..BR..Pp.Ie.{?q).U..8_..ac......&az.H..).......K.\-. ...Dt...i\..&p.c...a..B.....}....Vkv..F....AA~S#.c.....m.x.E/.J...u....+..Q...,..M.."....O.,.D/....(9~.....K@.>I.....do.N2........*...Jo.qx.>..X.7n..... ...%..U...?^7.~.*G.|..b....11.k.Iqk...#....w.LL.1S.M'A.N.y.@R}..............{`.z.+.?.$7...[pn...x.:.9...........}..W.Te....A.@..0....%.<.3c.:y..X<*.O..@5Wx.d...Ae.A.Y~.!.#.o.hx..I2.Y...,.ra.QUqM...N......|.N..P..y.......EE'=k4.let...s.3..e.Z..%...}....6|....'H.....K.I ..B..n..N..."RR+S"],...d-$...F'l..S<I].n.T...u...=#.3(.....f...dN|.k...'b%...1.F.KT..#.....t..:460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e63

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\320__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1304
                Entropy (8bit):7.027114725414512
                Encrypted:false
                SSDEEP:
                MD5:3C71A87E962B7708138270BFAB841CF1
                SHA1:959002E9C6AA50919D211F2246EC6E2742DE9504
                SHA-256:6D9B7A66E0601DCC0A8A02C8405BD9B9CDCAA9341D85D35E7D0D2D1996B5D31F
                SHA-512:4944CA07D4804BB2B180288DCDAFF4A5D99803F939B48F5905548833629C4ED521EB4DB332B81D058B053A75BA2B8928FB59A51F2A2CEB4B74004A10846129FF
                Malicious:false
                Preview:..}.&..\.3..5.A..me.....H.5...iCo.s.g.dT...do[.C..)..T*.^...~<h.d9.,.k.h...V/..e..N....4&...R..6..0'K.C.^....O h.....|.v..9.O..4h.MJc......u.q<X..e..T..a.b.'/.C;?....0BC7..2.[.Z.T-,2.Rm...Yu........Se..3...{......V1vq..,.i.i.#%.(.F.-...g..~^.d...M.`...!p.F..]j.h-....%...ey\.Px.)..P.`>x2....xO........Jy3.k...l`.v.....^...j'.`X..B.V:...*ae....}......,.csN..........% .a......lPu..P5.{....d6....4Zd<..6.g..o5_xT..g.FI...=.6....[m.m....k..JM.6A..=.u..e..0.%...ny....Xu.......-0O.=.$S...(MZ.+.,e...Z...S7..s.^....j..J..wk...2...r..x.sq.....F.vW......=\....>.qt....6..G.b..|.QLt.....s..E...7... .5..4@.`)o....Y.oh.r..../.v....J.#.8.?.......`.k:.9.....[.S....I...9:.......jgO.O:#.GVX?_&.jp ...bGE.`..!=..w....m:L6,.......#......-&?.....G..[oOR2.,.X.F.h....!.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\321__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1261
                Entropy (8bit):7.037732438641585
                Encrypted:false
                SSDEEP:
                MD5:55BAEC514CC37F7766D9B09F9034DCFB
                SHA1:9B1FFDC96EDC893B78A1DC7FF6BA14426315CE6B
                SHA-256:71406986577EA68AA894E6EFBB4F58D07CD1B6F48B6399929D03166133647EB1
                SHA-512:08199E7BB6D2D12D5D667AD261431C9FD75BC9352A2CFB5A9F9AE64808FF3EAF573F32CB78630D427CD14C56387DD2FA4BB5B779D702F2476D069EAC2A72A71E
                Malicious:false
                Preview:S..!..aW:>.)...!../.fv.Dl4...!.O.k..z.Z.{.\........2r..m-.....bU..W......3....Q......).......A~y^y.>...pU.".GT....s. f.n|....F.......9.KpU]...:..(l..TE.:.:.R3..f_......*!..s....p.g..m-L_....2............d...!....2.P.H...u../....y7.....q).=..c%...!...u....N...../P..-}.b..qf._...+]..rz.xT"G...z.Ms..i...M%..^g..S.._.].r... ..u).'.f......V...\.\...).a.{O.:.F......../.w....~.D:........f........F.].f..5.".......%/\.=.@../<.....+..`..p.4.A../Y.7..k.&,F......5.'1$...e........-.]......I/..?i..B.\.../)....Be...$.R.......F.i(.k.;..l......G..2v..;#3.@.}.n"OZA./)k..?.......5#zW.}`.T.....avA.KM....C.M.S.v.7MQY."..#.T.c..t.E......LXgA....W.D....!Z.t.[.).{./2.7.Z5..^P......^_....n..D.r.[..K.6.cE..m...J.@...*}.d^1.{.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f6

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\322__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.756225155569481
                Encrypted:false
                SSDEEP:
                MD5:6A05674ABEA103448C1333DE26ABD361
                SHA1:E4FE9B88C692B67EF1571835C5AD8C9C80B34266
                SHA-256:36BAC23482D85535CF89B7B57215E9A909E4746EA6647D822758C173350EB841
                SHA-512:034B98FFF346C77A274C2E14C2A1B5B3DC964433F57591FDB8A10BE2E44E57975C53B58D782E82B891809AC61EF5C8E6DC983BA85A16E6817A57DF2B009C6E69
                Malicious:false
                Preview:.m-.SX.d..#s..6........u\....d=;.o......MU../J.w..c..Y.eE....w...Dj..h..T.....^d.F.!.5..0.....Y../e.r]>q..)u.).V..Y.|Mwy...Bo.5..3.q|..h.+...h.E..3+.B..Z..X.8.YH.R.%1.m...B.w..B..g....'.4..5..Q.......z.FL.?VUg%.... ..=.ES.UN.p...R.F.D..d../...[j.K.}.....k.P.0.z..TS...l.3..<.....MQ..'K......(..z9$}..6...0...m(.s...*.U......2=.. w....2|..6x.k'.."...r..l.%..H.....K.!.......m...K.v...........N..s.`.@..7...j>..L...J JJE..a.g...2.."..]j,...L...q...t......?n.).5..W.e.q..."...{.y. ........Xb.H...V.ky5..j6.....n'.(...'r...k..U.|'6z...F....k..djEn.!k...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\323__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.626037368995321
                Encrypted:false
                SSDEEP:
                MD5:C031C2B0012F74DC00C4A1ED0599970C
                SHA1:6C817AAE07F61CFA5B220821B5415BAAA8011605
                SHA-256:03C72252CFF8CBF4FC1C085975D47887EBB73186E4DBC24FA5AB2C0178E1D2D1
                SHA-512:E420A89A766F51862FD74BD9FE0E16470E82991A816B3657DAFDD47E57A86B185C72948AD7630D0BEF7B1C623F186DAA50F5ADC69AAEFE2AD00A3AE02FCE3D3E
                Malicious:false
                Preview:......nH..uS..S9..d(../$O...T..y.R..u..B4..G.&..i.7.X...N....5>B..@.P.....}.....l#.RG.SZT.a#.......n.....n.E-.h. ...BT.2.,\f....e="&.K....T..{|t.....j..)....`.8.....*.`...D.......Kh...U.b... K.;Fw..].h.....>...*..y..)0.......{.}e.2y44C...............6...&.~...!.....}.y..6.'i[1.`$v.c..n..x..$.h.[`.x`......FK.p.<H....K......V.yo#.$.y*Z@[#.,f...Yt!#3..Q.[.W.......\...N5..S0..'.n.L.LT.j.....{...f..yH.A..un5..DL..t.2..........1?..n3Ui...v.wS..<.M.H.~...\....QO..2#d...7......2....*.(]..t....,...fF.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\324__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.421650066926964
                Encrypted:false
                SSDEEP:
                MD5:7E05C201470F221694339D4847672796
                SHA1:869A0CD819F1D960199EE53467B56F84AD1FAB8E
                SHA-256:1DCDB73133F735B094B571AD6E1B18B8E2622840D334C4DE939303B00A2C98DF
                SHA-512:8EDAF4A689FC6320A988F065776E92263DD47D66CBF87559266F282DCD3AE5AF86A5F404A69838116AA8DFABBFB36D3AD9EBD66472547422E4738FDFFC708BFA
                Malicious:false
                Preview:..S.;.oLJ....K.C.Y%sCx.7+..X.....@.a.5.L......9...,..Qm..tY*.uw.i....8..%o.m`A..u5....02..29.....*t..6.7....O?..R..6.,.}....I...1?={{V5...8../%.dv7WZOn.du_....T..`Y........s..%..2.g+w.......B..Q..9\......1.8..E.t._.!T.....i.V....kH6...w....Xo...D.....'.wfN"e..~.+aU.O.-...<.\M@....6...e.....G..5..h' Is....%v..0....t.fH...`.u..v...<....!.ou.8.G..2q[.f...........8#.._....,d.....h..]..+a.o...dUAK.`..1.....T.......h9j3..&`.].460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\325__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1379
                Entropy (8bit):7.117332828195053
                Encrypted:false
                SSDEEP:
                MD5:6E443FBA6194E8554695D4F8AE91FFFE
                SHA1:C8ABC7E05CC723D36C6F2F11FD8D94AAC29703E1
                SHA-256:1A0276C3069989DF8F65E9D2D6D9B66E53CA3905C34D4DA08DB923CA45550124
                SHA-512:2F507EDAA05610C60D3B0B8ECC6C2B4036E6BFE2C37DA7E7C82165371B77E125BBBAA73A597996D96C0742ACE67952E9AB7BFFBFFF2AE86C2B66ACEAE15C829C
                Malicious:false
                Preview:G{n.$..{8.~l..2^...[@..i*N.}."g5ZA)Y.m..\N9..?M..y....fr..K....+5./..B.M..Y.le8.>.._z.gi.....2.J.jAz.....^...c.......-.k..Y.:n^2W76{..h...:ExqCvE....~t.'....U...-..b}j..?....B.I..D..fk...N.3....}.D.{k.+..f..o..=....l.Q'.&.3.t.gJ..../.ys5.......@~.Z.....L$...}...DH>..8.....~.;P..^30^.wa@.=./0+...?V....Ll...ya..E.s..5..Uy.....n\......,.L.q..<9.e|,..j../...e......(X.......<P!..s.Y...@6....w.h.7w..$..8..]%.N.?v..._.7.....Fm...i_.T...E{h..".m........n..T.m.mM.U..]..........f..Q$...be:=}.:......wu.*J<....|._..5.....ql...T.O..fU.2...5.H.E.......{F..3...b.B....va"n..eAv:....r.<$.<..(.."4u<.^..N.f..C.Q.E..p.N.Z4.....T-.....,BQ,..x....P. . ..:..Iz)..T7.X... .B.&.-.$...:D$c...H.....V....2..AXN....&.KN......c......lb...aS..0VzN.F....G}m.`(~.>2r.$.b%..(...s...S[o=..?..bec..CdY!<f..".u.0>...k.m......R..d..n?.y4....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\326__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):6.960153668899404
                Encrypted:false
                SSDEEP:
                MD5:C53BEA994BDF464C9EDA55A97CB0D65A
                SHA1:35BB16CC743585033F998B1176F9C2812D5466A1
                SHA-256:E797FDAFE56978E8514B2649ECAB26BF27566C993E8DA938055EA3C3604C5F51
                SHA-512:88CDAE1423C7B0A82FEB36A51C101126AD8A6248DD810A6A7F22FA37E8F02519D66FC35D524FA4D78A61E69B1AB7C8525147476B19C038867EE319881083F782
                Malicious:false
                Preview:...m..;.....H.....i3...*.B.>l...!.r.....I..Ah.{...g.3.......G......gk.....~'....s.....v...ZL<.1.0.w.....y...j..~.8........-l~54.{...t...]R.}....O.g3R......{h.....l.#`u6.l.G.^.j$..r.T43.s..jl.b...zE.[..%?.p..\B.X.x#... .K.oT....i.!......N......#..#..9....e..!n7@I.....I.:W%..d.@.t...N...?.........g.~Y...v...aO....eS...5.j8..?`~.2..jXm...$.<.....xc.].5.*..vFU..F.LU6.g.5*.2?./.U.v.S...>v.p.Z.L.96...._..v....R...;..wi;?....s5xo....t.l....v.E....b.......)..".}.t.....R..*....T.x.3.Gz...>\,..5>`q1`z..4.X!..o^.........f.^.T.EX.o.-4bV....R.....ac}...Z.hH..R..PL......B......)Oq......8.........6..q;..3..d.wA.j.vw}..S.z]...[k*..qj.-..G.=.<:..ro....H...;1J......)_..f.Vz..(.Y.jR...rj..T.X.m.C.<u460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\327__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1884
                Entropy (8bit):7.490711756501078
                Encrypted:false
                SSDEEP:
                MD5:E79E441495AD0971C5CF91DB49B786EF
                SHA1:4AB34D9BA355DB75BA608FE7E31001585B2846A3
                SHA-256:E92D3923E02EF50E6A57CDD03F68798EDEB7641152C0626761929217DB4D9C09
                SHA-512:E0CA1D7E5E2C8B77A73D0749648837713D5132241DD5B9036278918B5153EA61985C368E3F074BA044144708251C2CC8005CB97594DBC30E7DC6D058CD73104C
                Malicious:false
                Preview:v&Z|..zn..si._....!..}.[J-....4.y..I...>....^l./.......g&...0..j.Q.,......8S#e.*4.......]........[h)..^.$K...P..v.q.f.U..m&...>.D..l.Zug].6Y.}u..x..XF......Q......L...=X1..%<..)H.}!.F...R.~r.U....@.Zq..X...x....._..I.=..X.kfN..rZ.{.^....O.>..u........'.>....._.P8.^b...-.6.Cdg...jt.......h;..q..q..@..E..B...e*(.............%..#."P..r..4D...&.........x.oJj.=.F..8.X...k..a....M...\.5h.'D.Z:...g.i..%..u...p".K..Q...JV.e..%)&..........,#+k.l..-.w............[..f......?..8%....2j.'..%........C_k...f...,...e....I7I.2.....1..UTQ.Q}.w.k-.e.U.M.T#Z.}..9..L..}..L.U.a.Ikm.&........5#J.].-\.rSE_..4V,.j.:.r.....Q.........<..d.g...>~y..h.!...hTsOu.|...e0[N.(v....*.j#.g....]^...I<(.:...P..o..S<..c.~`S.........IE.A.o..j~..d.6ax....8..J....j..e5u. ..f.>...x...`>..!..m..#.1Q.g.5..5.L|F...g..Qp.f.z..J....].tr.x....*.U..9....%....h.)S..k..x.X..F....5.......,..{.f........0?....}}+...../+$.g.B;F....F..%..*.h..X0mA....hw.w.......k.E..H]. .#..}._..qZ@S[.Q..\..z".2.D

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\328__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.765528942799853
                Encrypted:false
                SSDEEP:
                MD5:3A01DBE93F20537150D1FDC33C09C12E
                SHA1:1876104CB68875245C1B0F28E6F45CB863985848
                SHA-256:D6DE7BBD0E24BDF9776DF91D898B06BE4E9ECCB238E4C05CFDFE79213D83D00D
                SHA-512:D4254E2A62E7396F408C5C7945844679847167FEA0C4F97D92B0EE7D44A8F180957EE62DE95E5955352B7607DE5035663ECE4BB89E9093C175BED82B360DCF58
                Malicious:false
                Preview:j.....,....s....._&...'..f..o:.R_.+yh.z....j{..V....Q..c.:<..x...s...0dH...v/e6.Z.F.X8.^r.............nx..S..Nc..7...q l..e...M.....{a....0..`...Q.M.g*.!d.'..<...H.X.....9.....Oz._*7.{....&.oSd$A\....I{.u....0t..I...t/....xoJ...@9....Zq......W......^..87.....>...E......"+:epCL.v#..>..R.....@.4.S...g_]N$.t.~.$.u.ft...?k....X(...i....A@..i...XC=..o..E.-....}.-...%..<..j..b.,.5.a.../..T...:J.&...sw...B..ri...jw'6)8~T........n.G...Y.7.....S...U..*..e..V....T...m%..^Y8W.#..nn.f...k8..>...x..6.........J=.{....W=..'. ....0l.T4.....j!....@.&.I%.|...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\329__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.611568841126338
                Encrypted:false
                SSDEEP:
                MD5:3282D8B2722AB351BF9B5C223083E44B
                SHA1:9293948B88CA23FDEA55C4B2C5BFB4F4E4BE822B
                SHA-256:C06938DC63C1C1A2BF32ED2FB07F04EE0F84DF58BC9F951FB401077D39A5ABE1
                SHA-512:C6985915005DB782C20AB0CA2BA892EEE362E553BDC1B55C122C2BFF40F4F9E7AFCCF1A41165CFB64A105C4B7DC8BFBB427947B77554543DF6F74B31B4773EA3
                Malicious:false
                Preview:..n.&2..7o..D..d.......s..&...C...t.G..x.|..x9&.YW..6.f.?..\p$. ..a......RD..?.......;...t]c.B..YV.A.i..]....8{....h.7......f..d.4krn}l.8/...s_..I.._-..UO..e.d..."....U.\JrB....L}.y.....D+.}U.:..{..0.Y.#.8...o...}F.M..I,.BD.4|....n...3PH.....B..e........hG.........b....u.E#m.E.c4OCc...>..6."p7..Hb.........Z.....s...Cj.,.~.#.y.O..hm.).:j.u.!/.YA.....b.Xp.{.u=.O.\..T........:..a.\.B-h.a...\.....W..0...L{sI4.....$...1.^Q+{.....W.7..5..p3J...<.<L..e8...5Y.@.9Vk.3...1Z3...+.....w.........L.;_$[.eDM.7..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\32__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1377
                Entropy (8bit):7.128214670140128
                Encrypted:false
                SSDEEP:
                MD5:A04CAE70DDB94F4B3397C652B63244B7
                SHA1:E704D709A4743DF1EFE27D17FC589118961B1053
                SHA-256:CFABB5EA7DBCC440B7FB0FA7DF5284A89539BD30D31F1C59C12C596296858134
                SHA-512:E7B4277E1BAEDB7111D95FD37088E8284AE98C7287D29FBBC79CD045D86911FE9F2DA7660ED91FE6336905D664A5AA42D5FCF14361C3819F08786B5B301AB516
                Malicious:false
                Preview:..yT....(....WR.F.Y..S.6...<$.D..*I{dH2..9.7..7.._H*#B|.|......z.J..f.u...-.e.T?..3...H=:.DH.nywn......t.D*..3.MT..!..Z..>.qx...._.M.*'..Q.-l..BZ..1....]..bB..]A.0o.....YEOHvC.....T.|.e`.W....Mrb......{...D...T.M..\.wG5cG.KP.j.r"....^.o.PH...r..l.9..|^..9..j .....J.)..jQ......'......k1R.v..9....lN...6.G.W..T....v!,...I.5.~.dY...RrRX....Gdh...N....xT...wJg...'.iFOI....*..w.LZO...........#$....v.4..."..Y...Y.iS..Z.J...n{x.u.5.thLS...[...Z.W.n........E}..$.?I..v/^v...t.G.........fw.....Qs<#..4......v...5....k..tLu....<...L..lI.{..6...?......r...s.@.=.B..n.u.Z8.).vn.<\d......l..1].....c.....X.....;?...]..rw.*.^..y2...x4Ib.....D4.?..N..z.v5.......a..="...^.*"w.`..Hg.{....`....J..l..{.b.5......w?)t.......h.#..... 5@a...w....ng....LO..g.;..2......Sr...K>M.....X...m0.9.=.p.$+..C.....S_sq.O{....m..-K..jx6J.qY^....BV9.p460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\330__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.526416284473143
                Encrypted:false
                SSDEEP:
                MD5:5A580517F796D0405786B89583E78A75
                SHA1:2AEA144EF50DC7900933D2DA40C04B4FA2FA503A
                SHA-256:451357536C74C006B6028162FCA60781250712C2EB7B64356ACD9B64B152816A
                SHA-512:A783CEB715942C75F749E5738190F362D87B4A79D5B379248A4523E40ABAA8E0A198EB0A1F49B1B202E61EDDCD8C28F8A37047A3AF13F16B9BECDDDB16299D8B
                Malicious:false
                Preview:..... ..Msp......L.........'..d.(....G.:.y....6..SZ.....v..._+B..C...4..yn3.j.'...;7.I.k.s*.>......W..])....M....Gh..`U.F.(.F..>......y-.SH...R.......F...;o...\v.g:/....H,.F..C.`i.Z.+.8..'u.}...I/\6...Q3....................2..~.TN.MXS.XIa7...p.....e............?W..*....&_.L..C..>1...q[..B..ZQ....%N..,>..b..=.".;..P....Y.].<tT..S...=..Q....t..h...pi..l....X.e..9.?..'."....D....G.Y].{y....6"3...h..D.*N.......S_{.Dj...Mq.;460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\331__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1297
                Entropy (8bit):7.093682025651442
                Encrypted:false
                SSDEEP:
                MD5:9F9393A1D7F50F0BEF3D9622E72BAF4A
                SHA1:87B20AB929979518EE24688F8659FB52D436569F
                SHA-256:674FB51955438F2E7B50414500D43743EACDEA02BB861CC646DAA95E7984B0D9
                SHA-512:A719424F549472CCC3241BBBDB7179B09CD14CC2FD0FB6A1174380519C6BDE93FF7AAD24E3B27E63C26FA34C169C9FB98813CE9CC2137759A048B521C197D261
                Malicious:false
                Preview:..id;...eC...o..m[{G[u.HT..y..f....P9...f......Ed:...j ..p......uJ.j.....d.#.LE..../...0.*.~Dv..c..'.l..46...A.f..Q........L~{......=;.2B(..R.X...\..8...I...9.........V.b..@=.....p....B...V$c_+Jm..;a...v..%.....].....)..~y....e..._.|v.Lp....xZ...6...=.:c&.)SH.......c..i.$%H....H..N.>)....<w..x.......o......J..G.k.#Mk.QV..`..U.mn...*W..W.f.0Z|.}......, ?,~.....z..?;>.d..T....Iq.bg.\.....'..hjn/t!........'rU...n...H..''.P....B...E.&...`..X....uO...,.....6......=...RQC...`9.{..:..q...c.....y...j.gl.....I..+.BW.Z....D.a.(F..g..)z...@%.0..B.k......l..Z.]...W....U..2t&.3.F....M7_J....Q..K...t....d.=0.....;...h\B.U.Y.[...n.=P...G.p.........5._....f`,$kO.....'....t...T...]^..#..H...?}......./P........m..J$.B,.G..`.8.(...|...l.A1m.d..S=Yi.....tk460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\332__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1894
                Entropy (8bit):7.46271760901099
                Encrypted:false
                SSDEEP:
                MD5:FF963EDBC8B3711035E1E914EABB8A60
                SHA1:0E135DFF66A316C65D74E04B55A312EF698CBAB7
                SHA-256:4F96F11CF35B24AAF30AAF55FEB24880BA058ED7DB8C9FD47FA69A9C3628D242
                SHA-512:911054AE77CAC2C21A8A9AC374101B79911BAB699E27D88029F2857D9307E260C1932AB420F0D4FF14EBFA18838508CE7E98369DB4C52A82A01654178A9D1086
                Malicious:false
                Preview:..^8{........0..U.....P.....=.B.$..P.....I.;%}.o..s..KWR4...p.g.G4.&......Rl'.............. .{L. ...R.D.eJ`.....q`%...CHI....4.j.......$..O}..._......p..{.Sb....Q.DX+n.D..'8.+a....<...........O.0C.2.c8..Ol!W.v....]1.....+..4.Z.....`.1...sn..}.7....xN6l..9.xVl3......._.d...d..i,6.m_t..s...M....i.R..%.u..`.....c).ix...N..r].[.....;.'.j.&..w.7..]..8...........9.N>....+.Sw.zx{.%.#.[...X.1.$Pk0.7H..#.w.....7....XtU../J`.."0_d.C.7..'.2....v....r...=.....&.btC.+.m4.:..<.VMb..s.@..-.......?...C4"..q.......~..n...M0 .o.c.b..*.b...R..T......K.....3...dV{...J..../7.....h1ln.}....p1.@..Zv.....m....W...gq\8.6....#.?A....6...|...zS.N....;1..y.k.m.....n..5......J.<c...YLLg...$.s?....%e.7./......`.. .*%..\.....am.L~%..]wU..S+kN....J.3.x55.2.1..,#H[<.H+.m.1E|{.R,..-.Ij91.JGF...mL...='....+...]..w.Q.....P.2..e^.".(@.\.k#>...\.R4.....k8....'..:.V_R.W...{...;..a..j.[B..{..W.....PH...hN.........87.:..^....`p...u~...s!.i..|X.1.1-.i6......yq.....m...P.8)Z..n.EYy

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\333__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1293
                Entropy (8bit):7.0573817950325965
                Encrypted:false
                SSDEEP:
                MD5:0EB95F959529457FDB5B8F41BF2DCEAF
                SHA1:C02359C19DCA8FD5B074B1D5184637376A3E9174
                SHA-256:8B5FDA973A19C8F8988B0630050BBEF507A5A803C4DA2108A199AFC9CE2EA14D
                SHA-512:C680E14282F0C1CE77FE9E49146ED12C6F56E16846391086FEDEBA0261B40E8F6D8BA3A3F5D17FD0ECCE0C3326B137CD76F74D0AFC0812B2F4C081884B4F0275
                Malicious:false
                Preview:.........(.K....B:.+%....7.aED.. ......<t......m.......ysw.'.....=i..........J)........N3}S.....O@..9..Bz..JU....a..."._.O*.3.,.}..................d.X.QvJg`@...L.".g.#..UC.6....K&G..i.....2.......'........7...<..|.Gi~..p{.X.2}.+.Iax.UhF..+..Kj".!..K4{K..Ch.IR....KT..<.i.g..G..._@..u%...<..K.1.`..pZBq..M-..A....{SD.u].j?;W....~w...8.K{.t&.O...R...8M8...*j&.F..".X..h...,.U:....o.\mF.l...+.."...T6..T..W.0.D..$t..WI.A.....K:.i..h...D$.....$Cb.>F.G1.".)v....7............E9.3.a. o@hW...J...|^........d....'.... .....R.<+.B..^4.M.@...b.!\O'..`#.*...O...FN.i..Pn.EqS.h 8...O..,.*...........`e.E....:.h.J.z.w...Q.1.......E$... >...F.....Hv;.7#c.-R..9..=. ....4..W.s..<Q.,...a-.H...........g.i,.|0J..i..8.}.br.......b......."..>0.(......~3..u460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\334__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1320
                Entropy (8bit):7.107097683225507
                Encrypted:false
                SSDEEP:
                MD5:49D79154FBCF6546DF305E1BF4162E3F
                SHA1:A01FF2C34D5EC892593983B0E973B335E4CAD105
                SHA-256:F6818427B6532182CD879DB31309E9D4E184A6A7E4C484B5BAAF916FFEBF1AB1
                SHA-512:B1AAF2663CAC9ACD497C22C91121D5AE0C4430042D230FACFEC300C45F2EEEE49A3E33686F49B47A6A5D901B9B32DD8CE30BCEF71203D42B6F3D99A725521F09
                Malicious:false
                Preview:..z.e.]aIy.....e..~..x.CQ....H..n...>...z.$.T.6%..!L.QR.......>...W..L]1... ...j(M.K....#N..N..."l.V.p...1=K..2.!.{..$.R.....fO...)>_N~...tB...>...7..l..d...n..Oh...*c........h.|.a[0..P.f.&..LC..##.^0:..l.o&...D.1F.......*.hK>=.m..a.YQ-...ih...a.}Aq^...g`c..)*.H. ....&..+......C..(.(...h..u..p.a*|..j..F..-x.p..g.W.uQm#.h..".R.P.v.._....W...D...............X......3...') %.<\.. ...:......?..xSV.|}+s.?...#.....X4.......=>..VR....>..B.......4^.5...>..'.\.T:.!..4py.P.9...u.:....H.l.......!.VH +F-....L].....B...L......R..pt.zGI-......]..MDv(.=[z....HC.ct.:....0.../F...(....b>..KZi.qLz.'.S.VO.k...+v^./8....o....>V..&.I..T.9..kT6b...z.V..............qf.......IKL.?n.4.GLg.@A#......D..-..fJ.s.....un5.U}Q......!.xh.+....#..b...fZ....Uq@8...P)e........K.{....BR^...Y.=460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\335__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):6.993899274141913
                Encrypted:false
                SSDEEP:
                MD5:554505D80D4E4A803F907F53FA8321B4
                SHA1:14ACB8B216A63E67B8C6FB7335609FD3D24D1D46
                SHA-256:E9C7A983C1BBF9C36E3EE941AE268CED558EDD15772936BBC3CE76D7E2F93CB9
                SHA-512:556779D4145F346C2A08D33AB6B2E774467CAEA6E410E91D643845513D94843FD1ECBFFA1E2787833B2324212017D171FCF17BE4356D55F3956A8443BEBE14EF
                Malicious:false
                Preview:....E.s.0..ZV...|.o...g...../2.C.S.Z.?1)...K..u.O/(8..<......5i.K.W`....t.V.A...M.n.w..1...G..2`.....PT.y....L.@.2.....%B......T....@JD..Y..8..=vM.qdp....=".x.j....$dj...2.......#r.i9.!.F.L@.pX^!.9.....c...._^>u....% ...#T.....+.md.q.....CF7..+.\/..4.S1J0.8.s.y.3.p.[..2...&y?!I.../..m:E.g.=t.&...)....]W.:R'.G1....w.....a......Z..#|..}`=;....w(...>......8.....|.......h.D{]..#.M...A.U/..U..Yy..a......y. .s."...(.t.......T.&g....3.4..Y.43_.f.....;.j..%m..%.JX..Z..X....E.4).^R.>'. .v....6..../...c...\n.H]`..o...s..d....<8\X..._..Y...Z.D .... f.&2.M'~.][.A/.8.........k&.hW&..z....&...=mH..(5.jW.l..G.T.H0..y.E..t9.C.9-VY.e.....F.....f..G~.ci`.B....'......,.<l6.^.....*EE....-.~460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\336__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.900631118327557
                Encrypted:false
                SSDEEP:
                MD5:A04B0984EC570E84C9DB5B5D0408EB0A
                SHA1:1D8C7D42A796D841E9C2C6023BB5F2676D24B491
                SHA-256:E62F7CA2DC173811CC25867A01939C02CE97D7ABE507165004A7F0F0A07C4D57
                SHA-512:6090FCEDF0A07EED26BDDDCC04FC4348E0A8121D2714324DF1A6FA111197EB467583675C5DD7DE91B926E7A3595D39DD3EB8B10C448183A5300A1B14F931F9E8
                Malicious:false
                Preview:..........1..W.[...J...Y1..r.&h)..@*.....n#X.{6_.p..=.....'.^'.....V...>..fa+z.dw.nF.g.1..o....U.<...A....,.....[R...>C\<.T.Z@.N...-C.m"...DO......9..m.).w._...7{.......'D.|.C..8:#\.@'6../.g...`|.MIr.D.:...b+.E7.D!.$..k......I[|3.<....c...?.j...u.^..r...F....R.o........W....)....i..n......_..V.<[..|8MxN...s...0nD....M.y.ss.A.-.i....P...8..Kz.R...owD.Es.!..wb.8..[.....u....s...O..@..r...bw>.2.....&..4..........(B..r.....Z..{^.S..!......w.9.}.x^..rz?..I.._.T.];7...q.=%P2.....[E....#...V.R..q..~.......g..}D{........`wi.......!.4V..,....lI....1.....LbW.>....z.E.f.QR..[W........y.m...,.......V.2c..$<..G...v....8..@..^.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\337__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.838724735423441
                Encrypted:false
                SSDEEP:
                MD5:FF4F8FE36000019AB7E7AB38161D60E5
                SHA1:7CE00E58C9BE8AEF8436ECB132737B724FC216D6
                SHA-256:1742B8FA70819B3E01A5AEFE8346694A0543EEED6FFB9C85BB3079D2E67694E6
                SHA-512:189B20073FA735F1E2DE18E52C32ADAB57838BF8F9E5682583A290EFDA171965E48B5EECA3EDD4141EA9AC0E54FAD90DBF6C6F77EE60D2A2D5099AD6E81D37B5
                Malicious:false
                Preview:O...~V...<..0UH.b$.(9.X+............w.=T.y5.2....A..y.*q.../.b.99......%.G..\.F.I..b)f....Gm.&0....?.J.8h.%..['.:.B.M.j.aHA..@..w...}....r{..*|...-5$....zW.t@....1;.v..Z.......z.S?..l.pl+.U....".V...md...i.s..v...'...U.U.1l..x4.....M.|fx.h...V/604....v...).....Z/.8.y.c....q...Q"...q...2.0......f.p...;h....c6......;.t..q2..y{3Uz.Ok3.RP...z...@..4o....`..TUQ..Y..........z.+.#..{..si#..a..v^....;.p....?.......N...OlW.....K....{.ih......TF..(.(.....X...E...Y2]z{vh.{u+a.../^@.....c@..!..8......5.S.4.L....k(..Wt.{(.R.=8....O.A`.6.]... ...8..a}......).PL.......iz.F.K..3.Zc#.....{...bY3xa.*{..}...HKu..J.'.h}cJ....3.P....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\338__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.9437637742269045
                Encrypted:false
                SSDEEP:
                MD5:A6B0E66EE2105A25A9BF29938988FF20
                SHA1:BD5B7CFB39175C1ABEC2361A5673883750C5B9E6
                SHA-256:9FC98EEB1E68133391977F65968457717D548B4CAD958626FDE5296EBAD581BC
                SHA-512:8689C8DAD0CCBB9082C240F0873C8FFF841CFB18C7540CDB7CEDAFAF87319537955CAD4132C21E004A54947784C6A94EC3C95386E22193275AB6D6AE9C9F75C1
                Malicious:false
                Preview:..X.;T;.../..J..q..jBz?.......m....~........).\..x<..h.@.v6..yo...h...W.m.G...P.Y..`.Te|...K..9..rm.12].S.UR.m.U.&.FEA..u^<....pC.o.2...z...Q.....m.V...z.5r.5..7@..j...I...<....:W.@.....\.......G...z..s.bd..:.L.n*.c;.......c...v.....N.....a.2?60.dJB._$..**qb......n.T..q........`....O0.*....Y+.}.]e...>!d.5#LA.C}..N.".1..1..b..o..s.;....L.a...$y.......e..t..........b..@,..2e*...b@|sgm...mDv...l.V\.P'H.=...4....u.C..M...).S~.`....+....k.3..a.......p.m;.XO`.D..>..>..-..i(B.....P.w......F.E....)ZS....U..d.NH..r..u R.........%.r.x..^..q...7..h1.........lekR..e.....yg.T.. `...`...\.:e...1..B&.0J...V....r.ggJ5..1..L1.0a...be9J_W.Y.Yhs..9.Q.A...zq.523...J..S.8.....O.L..........460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\339__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.870999389135187
                Encrypted:false
                SSDEEP:
                MD5:6C053EECC496698F4187FDDD3B2F3B34
                SHA1:7487CFA06C661C54261E63D602D3DCC442AC0454
                SHA-256:B752C1E6F5503E26B380786DEA665A3546B2584B64125550B0903CD26CFC1EB8
                SHA-512:D5DED9573A5E595E1AF49B725F7C00BF0094BA2DA88DE07DC94D6A6A850C42E19B71502CF6FEF34582BD72ACFB91F6508BAC8E187B7BCE4466EBF63D9CFBE676
                Malicious:false
                Preview:...G."/~.{/......5...".....:.....l.%..u....<..$M@.8....p0n).3...S..{.Z...l....:..5....2....P.o.T);...7)..z....7..&\$L.....V...ku....y.OL.....F2z..V^.8.\.e%..Y........].M.d68;OQ..o.C.........Y.C.-.U....._...Z.......q.hT.%....a..f.Z......2._...u.)....T.w|...|/V...K >.:....'......Bn.D`v.;.UM@...6^yr..=..{.....j*.....G.Q.>..w.~...3".#.U3Vs...f*6U.iY.M..!..L......6.5;"3......8....G.=....B./"O...b...o.!..d....2*..g..(.;.....^Q&.f.#p2...m.m.XO..a...kI._...z...."..'p...lk.t.5/1.W.... ..I.Zl.ud'6.g(:.@..`W...8".m.e..SV..%.P...<1......f....$.".-%.:U...g0|...L......j.5./&..y..$....w..,3.'.f....+.....P...z.4........=.M......x.!.l.=460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\33__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1251
                Entropy (8bit):6.999277317181203
                Encrypted:false
                SSDEEP:
                MD5:E4B1A03D061B04C723CE60E370110885
                SHA1:98AFBCD8C3CF046BA20795B495C297482DCCC464
                SHA-256:BE044D7E671D4BC9A18588FE41521BF497AA61BC5B5889F465D729A8EB882C06
                SHA-512:0AB4851A1CBDD502E6A059FF5FC71F08958E5FADC40B9BD32EFD495238FB8B7C0AEAD76CF245D5100D25C2EBCFFD73C22E881B7EB68B744743EE9941E0C67DF8
                Malicious:false
                Preview:M...%..t.%./AF.........b.}.3.c.l.h:ma0....b..2..$.....b>.rm!.A....(.....x9n.M.e....Z...............vA...Rww4..Eo.,`x..g.v@.V.N...$..j.X=s....*.E..<..&.:.rG...z.2.....B.U.'...3.....t[Z.."4.\*..NDF.eiAn...n..z.^.(..-...C.v...n.p...K..{$.Cz.I.Tr.&..1>.o.....rB....W..u.......i. ....=.z.m1....#..,.....mT....*...k...........[..9.*...g..!..s..@H~..57Z...a3.5.%.C............"Cg...y....X.R..qHA../........S7.&V..kw.E..bM;.I_..W..1..y..`#D..6.x.(1a}....Q..L.H3.*......N$|..k..X....&.R....-3h..T/..NF\.'..\.b........:O&......r.n......sM+)s......e...3..WfF....].~........*..8........d..V.<...H...4.Q .^.QQw.N..,.h..x......b.$@.n.=c.?.}<$.....?...p...^...M.=...P.9sJ.}..k.^4..w..f..;.7..o.N.\.../.......SF460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\340__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:COM executable for DOS
                Category:dropped
                Size (bytes):1267
                Entropy (8bit):7.0096999879876725
                Encrypted:false
                SSDEEP:
                MD5:AA6C2F46D8C0948C399E2D9B620B1D99
                SHA1:B60146A616BF73C41BA6C928C5B136AFB82395BF
                SHA-256:3A9187E36018AB04274B81385594BE20ABA23BC7A5A1C94A45CCACD99C9102CE
                SHA-512:171C5688424D85483C2EA686AF8F663691A71B2B2A1940D12FB67BC3F53652E798217F95E1BA6135B83A0200D83C9A1BFB0E76831F00FBDE898D5DFFB9CA8265
                Malicious:false
                Preview:.).p.....Y....85~[.2...}r.i..,_..u.@....q5..,...Q.h%...RK.[.k...1.......c..Q.HN.q..@........]..;...|..g..W!...<..v..0r....sO~..8......1.H5P...ys..`L.j.*.cq..I*~.f.H..x..g.X..+..*R...y..7.x/q&espX.Ue$..uW.&{4bO.Z.....3W...$.4..}..qx.k.h...*...DA..7.F.i4j....2...8....s$&Lj(#....m. ...n........Q.x.....S.,.L'.. ....m.%.#.5..T....a...!....\.7..$..bsji.~ .y*(...R....M..^.......b..(.Al........jm.?.K..:U....%7[.....E....g.R...;..c..m.4...-U..2..&u.1...)...E<..j.z.M`...).UL-..#.`r'....g.O....[!l.9fg.U_...q....I.b..".0 W.-.wQ...Y..7]4.sJ.........lVw.k...zq].R(`.<..[S/..])gZr.@R.....f.-@p.rX...]3.......&-..@..!8.O!.4.lu.vd.gA..l.dU...X..)...+sBCF.T.......h6...q!.V..X.j..YB..K..1.!.:..?J".w..&....'e..l=W..#)Su`}Y....5.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\341__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1665
                Entropy (8bit):7.3566158893021605
                Encrypted:false
                SSDEEP:
                MD5:7C97EEDA8FF4E48371239B266DF72370
                SHA1:710842455E4C05DF955D234513D6C1015AB4347E
                SHA-256:968093B6DD17FAC0E3D57B9A1C49A7FCCEE4D035FCF19D488CC033B2102AE912
                SHA-512:AC664FAD8CA564C92ACB28435C1FDC5AC760CB27BBC64A870894C9404C9FCD118EB1F57B3DF1220D15D21D81F8686EDB68C37CE3251A8BA10CE69C99CBEAFE0C
                Malicious:false
                Preview:........h..+5lo..dX}................%t_q...O......Fz(}7........j...;,1N+4..........62./ .w].V~.....t.yv.$.i.s..8..Qyo..."......&WK...U).=..4....Xs...!.(.P`..0P.'-v.....P..@.....Y...n.@?.!..}.K.i{.jq~..CTSk..."*#4s..E+...0.M..r..C.>..].xf..x.....V.._. +,|./..k.8..g...=On.....q...mv.....N.....&....'.g..'.C.Z......`..[.2 .....uB..!Zv....8~-Q*....2.V......9..'sXW).*%....c.l.....H..1..\uj.4 .<'=.K....n..Qc9.....`1..>.........[d.5.... .d_{......".0|.q.......,........$L........X...m-.8..<@..w...vyx.6..>+%.....-...XH...Q..:.z....3...{..)...-.6...{...X.qT2!..@. ..]*..V....Y.....".u..m&...2b%.P.a}m6.$.).&. /Q,.x.......&...f...At....,.*..0..+3..#....{.DN+..&...=.F.#..$|...Y.}N.&...!\{..x&.c...@2....OE].S......._f?.X.?._]..Vwe>6.w.Y{.#..t....NP.#........24,.N..u..*.J?v...a..B......F.F.x.h......0:.<a..K.R.t..l^.U..<.jO........fE.S...i.I../K*.'3.y........Z{(`....v...!..(..n.../.Dx.*...w.Q.%....9.9.>......0.A....9.. E...'n.z..ijV...D....q@...r.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\342__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1356
                Entropy (8bit):7.124825910054472
                Encrypted:false
                SSDEEP:
                MD5:5A3D71BA1B53B03EF4776963E998A955
                SHA1:9AE470301A076339786A71B0EA458E35965BCF12
                SHA-256:8F58119207327DE09BCD367E08ACD08CB82D5A583F815058864EC3F67D25B855
                SHA-512:70D5824B1B4580AA2E6054E12864866D703156E22656B2C7C159C491C147D20B77339246DB4BDBF5375B69ACE126EFA25716015054F511C8EC346618BFDB650D
                Malicious:false
                Preview:us)..V0....[d......?...d....<....X...7S.....{...b.YX......]..{.f....:..;....n>L..#8.....`=q...hi.9...U..M.<E-XG...4...2&.$.G..&i.=.X2.-d.......S..U...MYLR..6'v....Q...w..i)..xv.......hV(....,...4..z..g....%l(.Ji....g.[.J.`.~..xQdm.c....i....Z.v.]...k..[..&Az.U......@|..)h...M..-.wq...l5@..L.v..?..7.y^.V)M...kE....9.g.....%G..M..)&..A.4@.A1.3...Ybs.g25...S........w...(Y.}....nW.jiIt.H2F..y...!..Z..j...w>(u.s.#C..\...*.W..3.p?...<X...ho..c...MA.....0.m0.+...]......r@.....8.g>.+..%G..(M3..=..d.f-...\.VX.'.8P.....^1*..'L..[. }E..j...t....T T...z.......#-..|J+N$..*B...XY9.s/......$h.v!V..8.Vf..>....~2[<...p..j.K...9.....q.......k.J...4sM....&4 "B.X....N.....z?..e...&.a.m.<...8.4...y3....23..w...F..).X...1h...Z:.MZ.._.........{VO..*.F.@xl....L..Q....,...U.*!.1{.h;td,O.}x.f...y......O{`460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d915

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\343__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1166
                Entropy (8bit):6.885130634499519
                Encrypted:false
                SSDEEP:
                MD5:259BBEF889FC22F4E7FD0802DB2269D8
                SHA1:A4120CDD54CE526C16BA5C7C27A0699CD476B83E
                SHA-256:DE2B15756DC5FF13D2B97F5E3C83F240AE4BFB9CB1B05ED6C215CB248570AD26
                SHA-512:1449E5FCF49F93594457D95CE733E0B18A61FBFA5AD81B8A2C552EF7E98454F8A7F95E6D7AB67CF652B7D16F61BAC2DCB81E7091AE3726355015DA7A66E3559A
                Malicious:false
                Preview:....d...........[..}.:3.....a[........\N5..lR...J.......@.....P.n..2.~1.!...~...L...>...u..z#.{.=.=..z}..-....1.@......]..t...."q-6..*.8(....e....kS..B...S9.......f..`....!U. SU.od..(G.X.u...R..z.Bli..T...Z}...;..).nw?..m..a.T..y...[.%..L...R.*..m........j....A.d{..g....k..!B8..jT..nf_#....V.mE..e.6.s..~$(...|....p..uA...D$.i...v....>o..o..D...G.D......D....a.l...M8.1E..h5#L..u.......u" ...].]_.]I..zD/*@..K....Bo..3.L.z.t.e....'-.U....2....~..*c.g.F.m.!.*..U4..h...!,4. .s..F..#.....0..#..N..#.J...3.$8.c.k.._4X6V......Z.R.P..D-.P...i....C@.....Xg.fgn.....W...9.`...7..."($l.Q.x..,.y..*.R|......&.B.--R..D.......^....?.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\344__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:Tower32/600/400 68020 object
                Category:dropped
                Size (bytes):1174
                Entropy (8bit):6.922895379002459
                Encrypted:false
                SSDEEP:
                MD5:02A1DF23EDD9D2A2F2CCC46F5B47A828
                SHA1:F2AA3717241D62ADE08C0A863ECF6DB5B3F1C962
                SHA-256:C3E0664474BDD2664FB09FF52766C79C54A87427F96DB286881CD535218AB0A5
                SHA-512:8A46AA33C32D329F821BC0F878F9C98EAA7F694EF900EBFD1104EE5CA6FC3D63F68389CF369F14AA05AC0E7ADD2087AE7333CF9841BA4119C4516554CE03F3B2
                Malicious:false
                Preview:.......e...b.../.Z......vIg.h+[..S*..>.a5.dQ.p&.p.@......NVjwK.....2..v.C'a..!.b...H]Nn..B.u...+..XVx.k...}L.ZO...Q...O.~............YR...M.$.'....D...2F*Z....XI...."b...G..V.Y...A..*..n..... \....&.K.p...O.A.%$C.|."........i..i..Ce.lK...L.....}....3..t.o.....s.L..B/P(. .3u....M.X.\.&..xA........i'......N..R.)...[C+]eT....v.w.s.e...0....*..Kz.....xo.."...#...XP...O........`.v...`.G3..........{.M.5.."8..k..{.......Tm....5............V...{.3..u.F;...&..0..C.hL..x.8R...bhZ...g..z.TF........s.T..a........l...?.s....Vu.x.6.T.;..._L..=.....AY.y.8.he}.U.@.{.BC..[.8...~../H+Q......<B...3t..ju.@.....0.\.l....F......G..~..TlN+.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\345__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1016
                Entropy (8bit):6.649276725592477
                Encrypted:false
                SSDEEP:
                MD5:48F9F673072B5E8461AE47181B970B36
                SHA1:43ABFD7F4AA2353A56523CD266942A2D76E80042
                SHA-256:9A8C45F92EB900E6291E1558D57594840DEDE426B860389DDB3745037F8DBCF7
                SHA-512:1948135E1B62566741B84423EEB8F79CC98E5A01BE289B3D11650861EA568AC320FE01C46891067D07148A6A8FDCC97DBD3B9E04EF655D31E9CEE576CF4C737F
                Malicious:false
                Preview:P.:.Ua.-3....3$6..9..?.....,....~D.4a.....t.....w[;z&8.P...........<~.g.}..E.F...]9U...r.T.J..HZ...iN..n..Wi%P..J.".c.......bl.d.......wD.R.2.....?{.........d....A.XLd.=.n..v...1.."x gr@....Vpy..$.....z...m..j.s.A.}n%xk..x...G.O(;.4...O.BkS..>..Z*u ..-..,..h{N.../.A_.P...I.....l.i....Q$..=..$.\.'.Y.3..J.H.;..^g..d...__P.6..`.^..B"..O.4.b.......$.....I.o#.........^k..O.6.....[.2#.N.l.}......i.....&.nZ|.Jc.j..Uq.&...o...KG2M....'g .V@.)...Z...........y..s..#...W.....R.J...jx{460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\346__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1246
                Entropy (8bit):7.008631912326164
                Encrypted:false
                SSDEEP:
                MD5:5E14C83C959C0657BD711B4A573DB1E1
                SHA1:A99F7CAD7E34EC67DA582F04229DBE629612669D
                SHA-256:48570FE117CC26B59A77CD116162E0E3478E6166232771DC650C1A9CC9C968D3
                SHA-512:D33019A52B5006DA9C36246BC5D9651FC16455585378CE732BDA9E99E8FAAA390D073422124D2F125E901D4CACE9AECAED00F5A195E27152DFAFB0BCE279AA74
                Malicious:false
                Preview:_T#.1R.!.oX.t.m...^s...5m..M.|..K....1....opgx..(...."........E..P....e.CD..[.8%.../....w,...g.......2u.].N.M..`@9!......2.h.Hs...+....t...xA.Z..=.ts...U.>Q.A...F...<}.o..2...s..7.&.....(..W.....T...3T.)o....5`+^...-q.N:j.r ..{..R...lP5.<..~J.tI2...{..".d.g.....:6.s.dQ..+..+..Z... .t.....\s.*cz.nJO.yu'.PpE./M%a.-(.7..q.....-~lv..I..v.A....*?.-....q,}..9.......}..V.%...aWj.e.B.g....}eI.......m.dq....Oj...&...R.....#JX....'@x..`.u....V.:-.KyA.Q.79.*..vM..<..i.....N....I.....p.....7.bJ..........D..a....a. ..\!`S-..u..u.c.+.1...6.R7.%...gLN..+.`2...w..\...B....f....q.....P.... L.+..WLc+..x|.-q]y.....r~V..?s....}.1W<..=.UT...a.........r(...&..8..........B......#...|.Pu..(.....N..-.e0.|..h....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\347__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1218
                Entropy (8bit):6.957526228242326
                Encrypted:false
                SSDEEP:
                MD5:F3914862B9D2BDDE953ED14F2D5BFAB6
                SHA1:2CE3D576B890895CC80920D2E26B484CADF25731
                SHA-256:AD98966513CC3987BFD003A8C15626559CA806DC4E97268CDD85D185CA2D25E7
                SHA-512:4331DCF32EF500D47C0422E1D4EE4EA706DFEB194D144345B8FFE40FE4A645F4A4B85F67A01FE6D5D7B56477B993B29EF05BD99A09E816ED94EB9B805942243F
                Malicious:false
                Preview:..@..9q..z....[.UeB.G..)..E.Y.}X~w.s_.0......../...(.5..L..V'.<.........k......r.g...p..h[*?.N....-.-..%.HV...H..5_[.........A.[..x...Y..Q.R.W..^/jWU..Sp...?..`.y.E..y.C1O..Z.D........n}....v.f..R.....3..~yI.yJ....u..opS!...5...f4..>.....u?....*8...&M...P..p8h.S.g..m....).K..XE.7x^G.\....N...;....p.{......L...p.N.....^:..._.......}...:_...FL.......#1U..I...n..M.u..)...m..6..E..*..+{Sq+..0$m.1C.;1......0..Ae..k....p.......r..u...yb<%S..P..)'.9H....u...0...<..7....3.z.J.H'..0.DG..a..g....d..S Y.y..-.2..W......'...z..H......;..=......>2om.v......r.jC......X.Z.I.J.3.%7....>._.iY...lf.L.6..........,7..4.?f.^+.:y%Z..T...K.d....n.b.5.W]....[.f.n.CcC.."5bJr....?...)......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\348__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1244
                Entropy (8bit):6.976249383288215
                Encrypted:false
                SSDEEP:
                MD5:CFE8B4C09CB3CD474C471D32F38CA016
                SHA1:C41CCFC9439AD6C48CFBC62D1CAE209272D0D118
                SHA-256:D023144853C7DE383731C594B8D2A54A63A46C05B9B93E069921210726F783E3
                SHA-512:111B0FD760D4787D8C37A20C6899D16CC819AE9635805EF5FE2E06CBFF908B747ADF876567789672DCA4AC78FCFC4437C83BB30488FC6D82F204A17D770AF049
                Malicious:false
                Preview:..r.4x..x.Bc\.ZFN.g..u..........4..k..@.\.........y...Y!.....:)..e..!...IH.v.a........g/.0.. A...S.....!..K|.8F.g.1q%.....H...toDTDI`.Gc...32.C.f./j...(...C.p..o.........)QRa%.n...3u...'.K."vPI.7...H.U$..{:.y.4+.^.4h..|....P^.Y...v.@o.q~.Lx....if.+J..{.C9s..$.~..n#..W..a...x.C.'.....I2......b..k...<`3...?qq!k.}.07...}...$..f...P5..'dO.K./.LC5.,<\\.f....<.$.....H....$.(..>.xg'.......n....\..0ZA........Z?..}...\...,..b7...Q....F.<}rb.P....9...V....bF.6.....$.p..>kW.i.Ns....N......3wqN.,.K..=Q.ql..p... A...O.L..V1......n"....<`.l.....F.&.:i..d@.4.6....K_..2d..IZ./pO..vO.s............l7..^.n....%T...~.>.....Iz5...h...?..-.......c...9"..G.5z=F&o....H.~*.&>.j&..eh.E..+.i..X...X>1HK..3.zJIt.c.1....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\349__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1220
                Entropy (8bit):6.983238420230967
                Encrypted:false
                SSDEEP:
                MD5:C708993777E857B152D17FD5A8AF6FA3
                SHA1:038AAD1DCFEB4DC45479256F92D28890BEFB2AF4
                SHA-256:2C034C1E410500C214EB773F3C31B59B92CD1B53EC805D23E34A9AFD25771BF7
                SHA-512:B5F6E48165D77A22D7C12641A328019091EEAAB0E8C10D7F4685779C6C410A199C5798C58C1F036E3D3D4587E16379A702335020C28C4D3A6888711A30897F76
                Malicious:false
                Preview:.F...<....L..$>.Y2-...F}.w...y...O..Q,.Yp>.."%%.m.K..v...u..M..^..Zj~...W..)S.6......T.] Mf|...x..M|J....j...Q,..2.4.....R...#.v#.^B.[.*...b6....@.1Zu....Ot.{./E.,.V/%*.....Y.....xa..A.Xn....S.....`s.f...;0..O......?I.H..P..~..6.nDG[.=9i....L.)X.$....I...}...P.e......-...%7.$.'.g..'.y>....*.....>.P,+}...........Z.....j.......DI....:K..3L.u......&.g..oJ.....m.....3..~...I.....`.=$.r....Sm......JQ9...64.=...\].....u~.6.m.hNn9...l.....Z.]..%.;.?r.7R....MUCXx!.2.....L.Z.P.|.(J...d..Y7. ..i.M....%s..a.7..g2l....wr3...9..t..p.Q....-P..~;.Lc.h....{......@..f...i)z.......!.......h...a.._.4.l....|Qk'....m.@....ns...1t.9=.1........[.X1N.zp.9....!.k..i..p(..... ]..U.]DpA}}..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\34__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):7.035623471707298
                Encrypted:false
                SSDEEP:
                MD5:3F71BA1022F8FE1D3639FA1D4B516D22
                SHA1:82C4761A91305A08813B4BF6321836F48C2C1CC2
                SHA-256:812F2491AE792CDE248245AF6E19308F017514B1015E9A32C27066AE4A38D5D7
                SHA-512:7D858E1018A5F3B8931260C4E22F9B4EA42A0FF62361EA720EC1E9EEE4AED8CC238594A703E24DAF03EC910898D46AA6E99B6A40E979631E089536C97F0BF0AF
                Malicious:false
                Preview:.c&...R|...=r.......A...f.J/P."..4" m`...*..3.O..w.M..%...............Ag>.Wx...@....)z..`..If.BAm.<vn<.N...........L^?.k.*B@....#....X...*.....o18V.^.......F.4.Y F%....&...Zs..n.."...h\.C..7..g..o..pd...A.A...w.....Ww ...&v..^..N.iw.P.t.m...........Z.'.`..mM._...2#...@>....A.....K`......c.s_:o...D...dw.;$d...H...R..I.\K'.....<....g.[.tm6,m.}.cOk...y........w.2.,....r2.&.jVA(....<...D.y..$.B..`..{<.z.c..:P..I..`..g....H.:..e..."..u...Sy...lH..f....o9.rd!E........@.. .n.../h....hV.p....?.....2...E(......t]....1.0N.......?..Z#nw[ilE..h..N.\.|....I.Y.....K.......r!...Kw....-{....}..I.j....u..+...xV..1...R].5..m..........x...>...k..Eb..0P...h|F..G...w. k<......w.M....'460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\350__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.992707326141297
                Encrypted:false
                SSDEEP:
                MD5:B1A983F06CA9C50A918CD8A8F185A287
                SHA1:5CB75B9F27A7F9AA5359B00A2C4B06D9B6A329D2
                SHA-256:BF891B60CF3EEB64BA3384D57E09F004C48DA80E8002134116F3ED69E5B07A1E
                SHA-512:F314960A9E469C69BE6F2A6A22375380D806813B25BE29E3C476E5C913FE9BCC15A7EC813FDFCA8C1CDDC9D3A6F94A61BA99AD408609DE926EF22B70A6DB6CFE
                Malicious:false
                Preview:..........5......9P.......+`......a....N...,..}.o..;.~..KT...r..q<.'..;..n[..f.6g.y..$t......p....... >.... R@B...76.'.~g.......p||z.P.dd....*.......#.........w.z.e:=W=..8..o...U.:N..z?W....'=.....F......D".........2;p..W.P...*."./...jT].....M.:...}......bpE.H...E4.K..<U6.+..o4G..g..w.d.0.y.kT.7..1...a..8.#.m...Q......&'.f.V...v..U.Y...B.6.W.Y-..W..."..].t..!.....5..q.F.9P.vN...X.......t...g.|./...M6..)..5.{.=..h.......r.hn.!M5B..O..2.@..E.i`....RR].....I...H.F...[..y...>...I.-,..3O .. .\..t.`w ....p.Y.y....-....D.....+.i..$/.}...n...N..". )\.......7.9...Q.....N`.__..&./O............=...qi.qx....8Y../.e..z..D.Z@......!r...S[RX....(...k.~.s.U..[.O......U..V.0...0..F..l....yeE.5..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\351__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1216
                Entropy (8bit):6.933731467249952
                Encrypted:false
                SSDEEP:
                MD5:E9B5ED0DE7568789D7ED9577C2335619
                SHA1:139B9861AC553DD0000D1957131545E959125FE2
                SHA-256:DC22D77386BEFBDE7B3E7E46D9F4CB2F65292915BCE35A90577CF674C0A3C1E8
                SHA-512:1C22DD22BBF38492F1F11BE5F950EB483CBA937A10843A0ABCA64C374A1507798C491CEB4ADDF21DF7013A3A89303B718575278C2B87305BA67E2B65AAA463E0
                Malicious:false
                Preview:....^...r.!....IX..Z.7..^.8..>..H.s..p}.......L.....Z7.....a..Y...o4....[.s..h...8.....4.S.c...7g=.}..{.C.?.(J3(v..,6>..&....=.*.:..>..C./Yx.O9.c..Gy...i<E...U7...b....9.....z.d.%>.m.....h(.^ )4....*.#.A.............CX.?....x.....D.Kg&#.`.....+$.V.....(m.:ol4'.g...<'&+.V.1k...t...d.jM.%....d....y..|%;.wO.k.og...T.IL.^.HL..H....x0<....d.|]....D.....Y........\...MW3&...;_..c../.[\J..-s4_m.?.&...C>..C...+j...0Z'._.Ty.C;.M....G....Z...'...j.....O..5.....I......HPd..........0...P..`...a..$x...4[.+....=.FH....K.OZ.......$.m)..fD.......2...A.U#}.j....p..a.U{.8!#N.&Ok"...:...G>!.A..=YY.s........M....k{.9.O/).\..).rpf.1A$.......@...5X..'.Z....|.>1k.ksb........2[H460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\352__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.7509859788368
                Encrypted:false
                SSDEEP:
                MD5:8F82AA2B5B0E83567418C829624E7887
                SHA1:985E3FB76F9C563A7131989A275D92A81ED79907
                SHA-256:00A8C629872CEF88FDE0276CED1F3E84DE25ECABE294EC360BD3F4E9F59AD30E
                SHA-512:3EADF20F5C818B644EAF9262C373A1A2C50A80B50B446A27079393E5F6D2125071FE5B36486A8AB33F1D4FA110421C07753B487EE1D637E19ED2E33B4BF6EAED
                Malicious:false
                Preview:8.nj...'...Q".X_.....;..../0.j(.16.1*...=....!.+.Jx...Q.....f.s:...y.......%..u..L..3...f....()h.....{,...-....R4a...5.D..?y.Q..y...8..D.o....).{D..}.ur.u.. ."...F.....-0..7.]....i..iy.....Y.0.2s.(R<Me,.:......V|.>.u.....E<...A.d..~z..1LB`K.^..!.{y.@k.PH...\}%..<f.}..."m[)R.....@B....#..Y2...4.4..?.4..4.$V..f..Us.......w.r9..!.i,.5F.I.E.l.q.......&.......h&H7Gb.=.G..U.0.=k..;....S.$.. ..{-.......K<......K.B...._....e...X}.*..^...)K.q'..K.}d..w.l}..W..P..I..).....'.../.m......{j.^@../|....I W..H..........[..Y..@\..a....\8s._.w.......*.FU^.v..Q.9be..3p.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\353__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.6889811282368585
                Encrypted:false
                SSDEEP:
                MD5:F1B202B528211C150117013AE1280286
                SHA1:9753041270F526DB58522DA18567F372A800B0E6
                SHA-256:923F559B5156F06253BB5BF2C23CED88D6EFC0BDF10FEF7E01A463430F147DCF
                SHA-512:AE42FD0F79C5D88229F55F8D7947F2AA649BF4DCC86DC9DF26511411C453EE3CCF03B45E0275A5C023130F2CF4967A8FF553300B5BC2DD6FA1CEAF37F78FA74A
                Malicious:false
                Preview:..... `....N......P3...+...>?...pK........\.....T(...{q...s..S.)M.. ..n...nX.?.l.DsE...}...Ws......./..$#.c.x.k~..~L.|.........T..#.nn..q....p3`...a1.....M.Vn..{.q.<...[..'.oMZr.G3..O...W.T.m....)...X..sgv;..lEt.).{xP...pu...M_.L.....t...$l.....K..9..;.v-.x[.1q._....0.n.`....JX....|.B/....YS.E.BE..qPc...\X.....N6..Z......G..p..s- .yqn..b.(3 ......Wx.....!.......Z.....WNm...`.59;.....93....N......G]3^....z[S.TA.8Z...H.D.eb..Q\..1......w.~...x.U.B@S....D..e.2Nq3#.S&...!z.Q.uU...G.G.L.CY4....6.+ 460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\354__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.465080495902596
                Encrypted:false
                SSDEEP:
                MD5:43F21E980DC14EAC7EF5B47D3AC1B84B
                SHA1:ACAB356DC3EDD925C922042E6E77036B18451C9D
                SHA-256:1A9729242ECEFCBA1766DDC9BAC4E1E33DCF4F2684BDFDB692735ED345AF9A7D
                SHA-512:6192B0BD07FA38A1633F1977C91DDB82F0143AC2906A8E723B9D3E38638D1DACDCD874DF59B2A90F549ED92D064A23DF4D954FDF8099F5AFEC0108BEEC9111B9
                Malicious:false
                Preview:; r.b...l.sZ-)D..K..P.Yb.k. .C.......P....;...m.......R.<....+\.K......s.`..).8.....m....t?.H(..l...h{. ...Y..*]/w."..3cC.X..F...C..Vl..g.?}........0.*K*....X...@...b.q%.6.)...j.h...?.E...:.J.V.2....MA....Tn|."7/.h....x..B*)..F...Y.L.1D[r.B d.v.....6p.Y.\.|5>..D[........rI.L..y.z...U..)e..?.j..o......Y...w|!.O".#m...'57.k-..K..y......uq....f.bW..~...X9...E...f..eDJ....^/gzhG.{../...:.6%-.).j.....`5..\...5......f..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\355__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.946532417540235
                Encrypted:false
                SSDEEP:
                MD5:B0FD6EE990FABDB48EBE19BC297271F4
                SHA1:843273E3026E75ADF94C8302F8524F9AEA5925E7
                SHA-256:302D41EEEAE95C2370DC40146CCCE58C311F9FB91345CA96B4B4C2A87CC3E14D
                SHA-512:EAA8795ADFD90718864590DE98FE536D70A39C1D184E46BB4291E7EEE5DDEAD3AF2BD09FE83D19086542B1AAABE32515D7E90829B2D37793350FA9C79300F3A4
                Malicious:false
                Preview:64..R.\.w.....l..S...>QZ...dw..."4....N...[Q?...../..3l.......pC..R.d..B...D..Xc..M0h..3q?...eL..w...'.{....C..w.E.l 1.s..X....~...@...U...J;....k.gM....X....(8...5..t`....&.r`..{z..yvp.t"......l..1>.\b..`l......tW}.Z....?$..7Scv.P..[.K..>.!qoP...g.rm...NlH<.S.s..R..$Xf.o.I+Q%"y.V.$.?..$.o.....Q.......l.W0..#2enu.......N`.......DV...B.....>...-....*b...M....<......]r^1)..,f7$'.Z.6%v.{..P..ef....q.2.'...3....=......ag.p[.B....:.x...D.>.a..0.......)..,.7s?.pZ.)Z]..Ld..........:.%...$.x.....pZ.)......U_.....o.X%..)dex..........(AP..>...?.W.!..._..7.yl*"...#..Wi.Nh\..c..>.0..4.._yh..9.`...E>l..0t!U...Y7..p.0...\.JkU.-$......2#..XytC.6D:D.p.(.....XJo..4".uf...Xe.1..E460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\356__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1656
                Entropy (8bit):7.349663227563474
                Encrypted:false
                SSDEEP:
                MD5:8BB52CA75D0E670DCFA031EB1E45BB7A
                SHA1:6E155DCFD3A027A2A1FC895655E96E4182A62E33
                SHA-256:C0EE908201E45258859C0082E113988148265A388784535761E8EE5ABBB6C726
                SHA-512:CFA7154D66C7ED80D458730E59701AF6AC765A59E65663FC3ADE3800508F32E697B65EB494EB9D111174E52B821FBE526CADEC5ECD3A311D4321D8330D1ED849
                Malicious:false
                Preview:.L..V3.(.%...t...o8....X.g=f...f..'.K..D..I.....~@jCfK.t.AhJK........eq...[?J..s.......!O..|....d'.2v.NO..:...rrJ9....m>..i.$*....M*.....8.[..sI.......8.{R...o..|S.[.:...`..R.E...|...P.I....f.......{...D.o~..g....C....!.q.&E...*....t.UT.\.:...:e\...AN}.....-b..c..7(.G]l|..[.\OZ.K..4..2.d-:...R..S[.pt..Q?...U.......|O.&3........7*.Q\?q..5....!..?.. ..YD.. ..[7I....[fG&A|D#...^L.....E.'.......'....i...7....l...(G~."...z..6....{.1.j...;..(0E..b.."J.F......~w.Oi.....5.....Z`v.6.g........W......AE....n...........Ov"..G_....*..+..#...........s.._I2./..f..{S...M.W..d..f.E~u..".DL.WG<,g.V.....}R...^....M.,.w...Q..M{.|..S....E.....I.m....>D.-KO.2.9.Z...Yo.........Aq....9m0.Gl..J.......Rb..|c.@bHK.......Z.5..@'.....O.\..Avp..u.).EI0.!....=aQ.f}d*...o..K|+..F.... 2m.w.!...S?..r'.+.l...l......<..L....-...K.E.M.I/...`wp..]..&^.~W....Tp....d....Y.H.1.=S.9n.0....tW..&.....y..:...%.....B)8b..6e/;5.g.....d./...~ ..]....y...p...s...(.~.[..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\357__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.869013150645846
                Encrypted:false
                SSDEEP:
                MD5:DB4AED8B6CFB57A8C8FAA7E7A2C0948B
                SHA1:170531DF7DBC89450BD46147769FCEBE56372D0C
                SHA-256:8E9064981CD38A679C1FF1EE2C8FB0B8673EB3F1EDAC91B1B7C39F14B892BAF0
                SHA-512:868DBAA4631966CFE45C779A3AF719B20CD8715EDDA02BCDA202CF5362DDBF464F119DEF52B7700E1DF460CE01AB44D8714D50F580985B2D7AEBBDA7131D6625
                Malicious:false
                Preview:.iyk./C....I5..CxU...?..l...R...a.l...*.b..2<..6!zW..i2'E^...pE1...._..D......&<. ....N,..%8....,7.D..Q.J.....0@...j.M`O..,.R....VliV.]>p..1......a...!...>.Vc..z.*...=q......PE^6".C.......g....5L.q..-f..d...!%I..J.0......~....8D...An..!..X..A..{..C.|.3.......-...W@KY"...>;.4G.-.v%.....{F.>..y..Q.I.Y}t0...Er...)|....n.;.......CW.?1...v..C..\......A..x..........}..u.f.#..lI.6,...k...2.......CjD.N..>(.'yq.Q_.'.).I..%.#t...(_..L..5.#ll.7M...'L2.....9..?...^T'.IxN,OU.<..)*.:......\.f......:.+..H.f....>1..#5O.*...G.].Z~..d...%.i.@..0.m>.W..tj...=.llu#8..W.J.xhn..5..O.=i....#.w....tl........-.wS.6:+....]....l.....".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\358__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1250
                Entropy (8bit):7.003773240264127
                Encrypted:false
                SSDEEP:
                MD5:38CA99C6A1844398E75383FF93D2A15E
                SHA1:E24D685491658CCB78AC0618AFEE9342CA545CFD
                SHA-256:DC090678CA6E3606CB47F799DBE2302FA4192D250046F3F42A3FFA155CE2A962
                SHA-512:64D231675CAAECE0A9CF3B098232019D6440BC106A1F75FB9AC257DC677542A078252B5BFE4D82822E6C9831E8D279276EE42AFD362D03722672253E7D532D52
                Malicious:false
                Preview:..0..L&........;.d.. ".\.......J..7......_^..>.ph.*.O+G....j.]v....G.>r..=..Y...J.Ey..w....l.Y.:..?m.E..\...l'..-...;...L..~..(.8E(.r.g.35...L.g...Ly....3.C..R....:d......"c.X.L...3.3.."_....}...B......A/.C.A././?6...]..x.~...o.LHCB'.p....y..F...tK.......TU|.....[.Q...]Z*d.7..z.Da.....q......#....|9.E.a..."..Z.....H.. ..if.<...R..)I....p6.o........a6r.d.1.'.5......C(~..).$e.@...jt.|.2.....C..(.o.>.A0..#p$.~.#u.......h..m..d..T.._.=..}ple2S.M......O...H....vP.Ha.G..}m'o.D.9J&...M.I..l......IU.R...),....Y.$..u?4 ...D.qnY..f.:.7.dk...G..Z[.z.-p_...y.(kw-.,}..I....DN._.....P.....B..7..j..:&.."7#....|_..0l.S...<...D&.V...=CC.Fo.Wl..y>!&..y..u.......q.mr.Z@/...m}1.b(>.z.K.W|r./.f.b..1bB.Wl&..a..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b16

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\359__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1363
                Entropy (8bit):7.12329615308983
                Encrypted:false
                SSDEEP:
                MD5:77755D1B18E86C5050843ACB3732BEDE
                SHA1:80A27B1A5EFD8F65B28E37D05F7DCC3B66E04BDC
                SHA-256:D7F1B5D3DF4FD5F1E8549C4C0E6D871DA8DD96037EF944A310E6100CECCB8A46
                SHA-512:F443E4E4008601E3AE51736F804470CC3D8762E5B6DDDD6E64C08441A2A6C23A5651D0FD14B1032384E1BFCC7F07498C7197DFD2C53D7DEF669658D6E6A160DD
                Malicious:false
                Preview:GhL6..o.C.=<.Qgrl}...v|.bY.sdm....W.Y.....f....T...#w..K.asu7..-.ct%+...r.._f....^.Y.zs]..}..@u?..%,.9.F..#k."..G..:G.F.@..g.?....bD..p0..O...._x....pPGw....O..x...<.....c...B...B.+UZ.e..e0......_+m.........i...4...wL.SwgZ..,..M4...og..QS.K......."...0../.G..g9.....x..~(.D.6.Y.1+.S...O..M.c..K.@..Z....Cu:.(...fx.C....T..J.."....j..F3A.T...@../..O....._.^. .]}......r3r....@|$P....G..1:.B....X...].!:..,..p...P..J.P....).'.......u.;......0..%.).F..n8...pQ..&....^Z...z..7`.y!......xG8....1..Y......J....GT.....:/$C1.......8..F&.U]....l..M..w.&........G6..e&.*w...70.xV.de!.];..z....?.R.....zR....wd.@.h.....8..l.~.)..5...KU.jL..`$5.\{....N..yE...%!.... .B.o....o)..RS.u....b(.G|.r}.IbVgn.......NCv:........p.....<.iDg-..l<...B.i.&H.a...f..i.....v05..<q.!:P..x.]qP.........e.(Ar].%....'0.w$...U....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\35__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.947574048020671
                Encrypted:false
                SSDEEP:
                MD5:095B124909490E13EB624ADC05F07F06
                SHA1:8F28FB23B7426BC66EF2E1682B5229EC43CFD21B
                SHA-256:4865987F5EDB744AD263FCC972211A3F80187A911EA1287D1BA21677D970C15C
                SHA-512:AD1A13B3D43917545DD945C4DF3D98A7CF67B57860729BCAE1A55EE770DE68442402C158942059393A970AAF8CECE40A8CFAA7D1B28FD33555CC466600191B9D
                Malicious:false
                Preview:..Q.!qlR.....,......[....JK...2.5l..s.{.&y.H.vkB..h......p1=^wb.NV..v"..#Z..>^.0`.E.|.J..bC.....@!.l9;vV:....{......p.........{.WK.5m.S..5......J..o.....Mb.d;=[{....ol.,.hF....$&.D.Y....dSa...R.J..{q.1..%P%.....l.ec.4........7......I<..t....:..u!`1.uF...T..0......7.>......x..I..M...:.Z...OD.~...?..o.X2.......@CI...L....>0.J1......a3..n.\......e...B............l.yf.S....<c.Et.E..........P..HTO..!.w$!..f.6...*..O............8....h.7/yKo-.....n..../...*0L..a..z.^.5..T... 8U.B^......(..q...="......[.&7V.]06n..N...k.!...8M....*....{t......Xc.-D....i...(...Zm.G|OBh...7.-....zfY.\..$>.`/..m_..qU#"8....(...b..B....?..c(.......&..d..b..:....$......+.5.2. ...B....&......Pa.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\360__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.945431342374801
                Encrypted:false
                SSDEEP:
                MD5:99C75AA85B379624EF3CB89265CF6BB0
                SHA1:40153BC3B272BA40D17017B4184B52CD7FC8463C
                SHA-256:EB92EE31B0AF522A4EE1475A10B236C70F3162C375E585F784FB130EDF4C0E33
                SHA-512:5C91A9835A67F8151EA1E1FB5D663DA8E17D922223FADE999174370A53C99664AE851696975C867D447994F6147AFF8A0862E4E8E45C2E65C34AB69F34F7DF83
                Malicious:false
                Preview:..........p>.=.e....q..;.'...U,hF4c\=.1_.TQ...W..j..z..2......z2.a.s.Z.x..]..S/a.p........4...Yg.........Cn..n>.z]"..b.1...L.;.$I..B..7.d...7.^v.;...6..#..M......$E'.t...@c..t.5.H...C. .Y..W..c......._K>.CrECF\@...D......N..=f.NK...\.-..O6...'........?MWLW..T5....7....tl.....).0O.H.......N>h..w.../..3...%W..Dy.R..[u.x...r.>.B..Jh0..B..~.0.....9+a.h.9.....'.L......xF.+.f!.' ./'{.x.8.@.xE.9!.^X.L.be....l..........e...Tot.M,....o..'...xV....}6H...e........F@.}....W.m.S.'rg..w........uIN.OH*.c.4..m....r..@3..;Y.]..n(.y.qq.~...v.\.].mJl..AS .|.-.......E#.(9..7jy:a.............l`U.0..H=..&j.qs\cc.9...7.....;Z..W[^oP..`j..3.,....Ev.Y)...'.{;fSe.]$q..m=....OJ....%"...H.b.....k.Q.w..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\361__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1228
                Entropy (8bit):6.970879058967338
                Encrypted:false
                SSDEEP:
                MD5:F1FDDD1754F9BEAA05AD7B9F39B1E176
                SHA1:D0A0FF0624E85D35CEAF8F0E897AF70022AAB6C7
                SHA-256:9E8522D483D92EB5F688DFB932408130E0C38FF7A28899B13A102158E959F87F
                SHA-512:60FD17E5AFCDF252273719F308F720B9E8DDFF417B0A26FB35F9B495AD824BA6CABECE98E802AD61AC17620D25C29CD8EEA6EF6EA708A5B8A170A5F5CE34F5B1
                Malicious:false
                Preview:Z...o..N.0.#4..8.....50...F.0..i..~N...D........e....2(..U...2jT'..#......Y.<t...xpX(..dF4)*2..)yUh.ski...o~........i.o?...o...1......t.-z.1......Z)cw..o..,. r.kU.....M&&t..*..B......(5.:.G.t.....~...lh........P...u93E......^.vf..s..c#..Zb.h"...E#.`KL.....q.F..A@s...).jJ...\L..L..I.....`..q.......T..h 0....N8...B.Rm!?..?.c.5....:9./3d..9iMO.D:H...=6F.[2.........9.y"?..>v.V.Dl>..H.)....:d.W..-4H.x.0.}.v'.B......a......@........[(.._..q..6..ur.+.........X..a...@......n..5...cF^.[:>tL_t...;$..Z..<3.N.....].....Pe.&.{ .....e..u.%...'|w.JE...{%....=..z...V4.^;+$..M..H..=.q.(.z.\./R.Q#..Hr.........BVl...U..T.?."y...1..&.U..a%zd`.y7q.|DC...wu..N.....H..EXL..<...+.x......'.b..F...)460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\362__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.956417253886977
                Encrypted:false
                SSDEEP:
                MD5:585BAE65B4FBE9423357EC9146DA0397
                SHA1:01712BB1D7A608D7F8261329473C6F84C0271032
                SHA-256:9103BD8796A81F4646F61EFE4929F49730FE2FD8F7C8BF11299E0E165EF6F46A
                SHA-512:A9D2A9EEA6127A96E1620473E06603721E6948FD35B9246E5B759CECFD11DC2BFE68A29C846ACDECCA51504412C7563A85564B5305F1028B5D59D07BDB3D2317
                Malicious:false
                Preview:.S.....Z(f.X.o.....&\F..[..)0.....:.C.....H..H.Y..D...b.........F.X..Pm6*..~r.]..fof.T.F..R.-..FD.bM.;.-..~.Nb7'.5I.1..dql..4^0....j.g.if`.:.0.Y..s..p..<.....^....T0...z...A..K.....D..F.\.]....G.W.c.......b&.!m<..T.6$._m7..9. wrM.'...9..}yb.........5!.5Y......."f......t.=!T.S.....p....\O....Sm.G|*..z1......3./...C.=U.....h.#m.7..J>\..\?.9._...^....w~..q..A......j.`.>..<c.gl&=.>1+..7....A:.....^....XEW(Y..).P..c...[.-....i....;......^..(._...m..P.$P.f....[.X....5.|.B.p..pV..Q~..?!........Z.|.1yy..Cf..7..i..n.uv.${...[)...nm.....%.7:9.v.:...B.....1...D"....z..|...e]\.t.T..lXG..B.....|..Y/..F..I7.|JB"*..-....<u.>...9@B......D.V.^a...b*8..b..#0[A....\B.._.....f.@....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\363__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1229
                Entropy (8bit):6.9753741268620155
                Encrypted:false
                SSDEEP:
                MD5:BA75B1925705BBEB48FA8F8918685CCB
                SHA1:1397C22F65E160E883DB4D3054FD56096DE3A2AC
                SHA-256:9F15D9D94C38505F3777E5E0E4A13E2C2F1ADB2780207A38D94D85C7D3DB3BF1
                SHA-512:D50E2AC7F552CF1F0495DFB7B71E309D883FCAD263B4AEB8881000CCEE46E06DE8CFFBA9FAB65C5D9CB191C9DA574293AD26811E9915FEE6091627FDB170E845
                Malicious:false
                Preview:..`Bf..:...Z...@....S...+.h..@.k"...k.....V..M...^k...?.?p......,.`.h..XQ..E1F..)1...f.w.6!..<....A...p.`p}g...1.a.>..8d...q%D.....c.6...AQ.@.,.|u[....N...N6.{!d.%\.!.....%.e.7..@.....A.....Lb..c\...|.... .\:.7....'......f.c.C.)...S...Z.....O.m..A.~..H.<kTM..(...<.c.F</....b~.`L].?.......s...u...x....S..,7.[6>.=...m...2p<4....f.^Y..t ..U.X.. ..1............"....h.....>*.......y.........`.....u.9t...}.\....Y.S{..gd.....W..Z...}.H..n.d..c.p]]Mx=HHq.j$..5.6..i..._..X.?ViiPq...V.?..K.R...2Jif.A...j..s.$......._....t..9."..Kc..n..#.|{.......B...Dy...._.J....V......W......vz.~dzZF.O......Sz..t.;l%........y....|h.s....'F.6.r..N....R(.%..$a.....iE.B.%....n#.r...3......Y..:j\...>uZ=.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\364__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):979
                Entropy (8bit):6.506023673100481
                Encrypted:false
                SSDEEP:
                MD5:841A2F196EACAC15938A3EE984902D2C
                SHA1:E44FDEFDEAF43C9EF1312423DC2A26F303F2A84C
                SHA-256:61ECF041F7A2672150A41CC0E1796288A03ECE40AB863E9BA1CDBE7A3CC89C50
                SHA-512:05694834E10E43F696B1B4F0808CFDBBD1E924B2EACF6A947BE790C0FCAF8F0C524BD81362AC5B7D3C3A17168895DA6D0A00C11CAA35D47788763BB4B8AD9280
                Malicious:false
                Preview:O.jr...=.>..7.h..'].f4`4..8K..W.uR...@L......#.e....8......../..5v...q..L^..@.b.C/.t.N~.~.....>.....%&....H)......o..t....M.h.(0.c.......Fa.Tb...J4.}. ...{.j..Wz.9AM...+.....(`F3,.8..y..n.....R,P.e.!{S..bDGv.).M..2e:..9...zl_..!.qClru.K..K,...a.v...4.> Qa.2.&]EI..Z......~.^....u.H....uq.k:....D+.$...Q..%..$..t......%.4........]*.|......L.+.:.;.8.{...se~.K.d!.6}IXTY.zY.....z}...........P.B*..".~v.L.(...............r..\..].'...@..^..D.6.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\365__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.728315216228433
                Encrypted:false
                SSDEEP:
                MD5:E06BC4C44BA5B6B4DDF53805551EC883
                SHA1:7B2C787724171612009E9B508501E46E15A83EC3
                SHA-256:88B90B13273B64BCDE2358B3A1771833CC03AFEA87CF7AC7D59C6EC26DA7A80B
                SHA-512:C8E33D69CCD242B0F6F42E2DCE8E6651DE0844977EE053FCC43B4E5B2F3A5DD7D72B22740EA9C23E4C1F76C9F1334FE5B841823FB2553680A2FB12E1573B6DA5
                Malicious:false
                Preview:!.%z.f....sY.....n..pr.....9p. F.M.R.=../.B}0/..5...,..p.*......[U:7....0..U4...d#.%..s%r..&.nD..kP./...K.Xz...-.......H..rP.$M.....L6,...=..S.....Lqv...u.y.1D)x.......L.......Z$[H...a..s rj..=7.g;.o..4b..b. .Q..oR.....a4.....S.....db...{.R8..|m...r.+..F....L.}..4:.W...=U.4....<."m.uw&....p.?.J.9...D.S}F:........M..R`s.q...|9....xIB.d5K~X.TVL.,.....m./@^.,..r.ld..]^...B.u.&7)...o..3f..Q..$...5..n.D...aif!'IB..N&k..p.....N.cC..|"..Y..tF..f......|.<\}.."([...-.....^I.W...I...,z...5.6..6!.....YS..2&...gz+'.Q..@....[....0_.Nc.Y....WGfP...%.@..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\366__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.642995207449742
                Encrypted:false
                SSDEEP:
                MD5:451A6AA86C7F1D73161F517616308AE3
                SHA1:51AB72836678DF6AB20CB9004285A5E0AFD3ACE8
                SHA-256:93F7E000380AB543912750D2F8EE33AB587A95EBF004D55D5462D6AA0412A945
                SHA-512:FB78B274F89E6C7BF3A2AFFF95608346E64ED7C93B78E98C0CD2BA74EA8A186F267AA57873AF99E1E301C78E7BC93D027B5462DFD2EBAD99A1BF2141A2BFA70B
                Malicious:false
                Preview:-.M..=R!...Y.^|..R...E....i...6....J...?E...:....*`9..<o5....m.,....T.P!.jEC.H}f......f.s...M.s.Wp....Z'\Ln>I....<o...6-rAS.S.pG..<......o.D...%!.gj.....0.2.{..I+.t.B1.G.b....d..&4\Ji^.........%.B...:...;\.%.3..Bb.\.>..~r..8gaj^......G.s.].y9^.6H...Tb.{....T.g..9.k....s...R..6.Y...6sn..y.....d..PBR.z&..m.fr.x.M..<.........G..9...nJ0&..{..>....8......g....7KI..?..v....'...S.vV..c/..w.p....&..E.D....F..V.......;..o+.Q.f.EF..XG..1&..%WDIx.OZ|.....I......&.U.)....T.w.A..W....5zG..WP.V.+.,....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\367__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.426474963959693
                Encrypted:false
                SSDEEP:
                MD5:833A128DE0429AD965B7F17E32809DA4
                SHA1:4D0B78EC69B154D148098D3785509E844C1DD1D8
                SHA-256:39617FFA2817D78974F009A1649925F16CDE86EBC862CB3906C78BF0AD03C216
                SHA-512:15DF0BAA8C056BC60F536118D97D58B71C40164D99B67D6FEE4654CF2AC0F1E0FCBAC6681CA8C7EFF284DF4BAB121CC2015D6694F0EB4111BE390D3BB13CE561
                Malicious:false
                Preview:...^H..;.y..H7T.2.5.7c}.<.X.....e...\.nv........G4..mV.|...X.....`EI..W^.J...u......S...xKl./.$......@_. .-Y.).s.1a.,&.) <...^.m....F......p..K.....j..y..?#O%..d3...@..6..%c&).5.kX|...._......E........X.|1:.:.O..<l+.T.,.'aF..?.9....joQG...\.G..;..6Ko...o......m........y5.....#.A.F.%....iO.P...`o. Z1.|.$..-...1\..,gZ..w..5.; _...au. .].*..W.2..rh.d;......7........`a.:.....6.......V.m...h.8:...~..9.,v.r..0.6.\..z....5..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\368__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.971153521125067
                Encrypted:false
                SSDEEP:
                MD5:E8FE83D9556ED30D509300CAD77E9481
                SHA1:14BE647F0584E8B12343C913379C69FAAB84831C
                SHA-256:300481C6B747CFD1A537F4ECF25B8F0E1AF350D74AF0FD26624DA0E6F0B451CB
                SHA-512:CBB3AB39B8115E247BD34AEFD0868BA1176CC3FC8D7813C2C428A4DBACD0A94C79D0DEBD77218CBED50A7DC6C183FCD28902DA960436940D0D27AAE5F788411F
                Malicious:false
                Preview:...$..T...BW9/"6.....y.*B.=..u....586.S....).....J7.k.n%Z...9..3......0.OP!.....<.'A............9.....".).....n..S.........uF...z..Gw.r..d..D...pwF.2....Ht.l...Z..b..\.........VV..n.......Gy/.o..]&...@I ..l7iK..4..Y....j<:[..`....M.s2QJS..Q3.bKcNo..O... ...5;A.v.f-|m.Q>^.....6..G...........(5....#j.`+;f.j6uc..}9+[..8.B.[w.ug4.. ......b1)X..^. %`El".vc.PG....].@...B.7..36.<ze2..?-...!.......|T8.Y.-.v.....#..Jr..I.q._.v.y.......7-...i...E..5..T.9\......".Z-.....@......8.y!...=nO....g..;...s...x..'. ..>B.D..J).~.2..5....O....x..Z.Y;N.#..E.]..Lr.{_...2?/..6..A.Mj...;m..U.w..........2d..j6I.. ...q.+....@R.............a6./.m../LX..$9C.*.T....Z.*P...=.S...SX....)u.K^.i460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\369__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7318736828751256
                Encrypted:false
                SSDEEP:
                MD5:81785FFB1CF1671E04390AB66FF7C4D7
                SHA1:5FB82284B41FB52B27E76FC20CBD39969267F987
                SHA-256:F8D80A73A3699ADD492ECC5C8A9FDDDD55B26E967FCC928494C04F8D3F84F5A4
                SHA-512:DB77C174A8BD6DA55A620EB429918BA5803B1A0AB41D924012BA6FFAAAF772AE96E2F777385928109BFBD0DD8B4D73CA5C5EDF284F64154063266C791C71B486
                Malicious:false
                Preview:+....f...1...q.d.9B....T...}.........S..|w..5&.<<..8.C.D..........h..........C...\G.v....(...z...w.0dh.....UW....U.CaT.h..rE.*..G.RTE...`.a...%..he.Pp....oM.P.I.....l.U~..fB.d.5.<.e.]V..OQ..J........D..h.2..WDV,...c`..-....!X;M.[#P>...s.v|...CK.S2.".;..4P.... ..S.4.C..).` ;[.b......_.T%.+.....f.a..\..7..^.....n......$.=;(..r..no..A....+..N.(.t.9..%..F`.Yyp.a.^@.....8(./3...W/..[.$a..&V.8.L..W..T.yL.9.L.M.4.).p....V....].K..^..6.D.S.y1jKv8.h}..z...cm.Y.uY>5..H.nLc.)*..@.b...(.m.~\-.[`W.[.1..[...3..9S...>..n.../.6W..+O..`..._...U....i...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\36__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1234
                Entropy (8bit):7.002776582170027
                Encrypted:false
                SSDEEP:
                MD5:398D4E4ADAE5D8878A5A839A206EA62D
                SHA1:C6A07221F0BB2E530C3B4EBCA1B07D746E84DDC6
                SHA-256:ACAEF89DE90D373DD10D87C31DF5664F17CF40D1A8C4418FD4AADB3867DF2854
                SHA-512:AF60836B2858EA893035BE22F5E0B074FF08696E3BF54962887C75F1664355809DAE916F99FAD568C502FAE1EDEC54924636A2BC2C96A89C91DA0F1C19136F65
                Malicious:false
                Preview:W...0$...g1.h..-..?.F.1...?A..;..=.h......:VQ..C..|.G.....V..y.Q.d..pt......b..m.......G....u...[`../.k.*X.....L.C.nF..|c[0..k'@..Fz.%.o.T..).w.].k....^b<..>P.6l t .....1P......RZ.F..a.U\.....o...a.rC].......`Y..(.p.....r[..H.p...h.`..`A.<....x......{n..]`E..(0.P.&j\..O%...f..7..>c....H.rTjC....x..OR.?..r8.l1..R..a.......r.4F...2....Q..)$.,.....B&.K....$.f....g......S........r.{....*iF.F...k.v......T...#.j@H........#.\.8.^...c....\D ..E-.....$.......1>.2....<.5e.M}`.*x.kZ..mw....a+;.....B...-bR. ....&h...7."..+.....g.;.....m......4..;m..k=..a..'.K.....|.....\..eB...).Kn9t.hR.Z.F....> ).D:..f.Em.W!u%.;}3Os..6.......(.u.y..~.NE....l.:A...........Q...h...lO{...S.."460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\370__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.7054001136821135
                Encrypted:false
                SSDEEP:
                MD5:02F1098551AB666C0B07CFC977132272
                SHA1:E95A527FC4ADAFC22B4378912D40C2E53067654E
                SHA-256:6066001DD11C476A880384B2D79B94BB45FFC6B213D9C99CC7995A76B154BDBA
                SHA-512:84C9E6AABAEC63D26F9DB09DC0B6D09CD812503FAB49838A90241CB782DC1BEF67F2E20AA3FE7B3FE91940C1948E0ECAAFFE59E7E1115C39970A1DF0D2412BA9
                Malicious:false
                Preview:+........+..VS...tN......%.s..fN..W.ZUz._...Scp...........k+..\....Wt..V:m...YcNZ.[^."..X:.s.x..gH.YG.Y`.......uq...1_..).!.B.[... .6".qb..T....1.d...s|.......v...^......gXX....7.]..i#.....Uf......X..P.......k....A.:.L.kW&.x..Zr...LR;.fS.U]..l3...['..u...W.v...yr....+}.i...q..&...A5...}.....C-k..D.WM.g..F...1l...@H....uo..0....(@.........:..J..8.C....H[.c.....D=...e...I.[..E......}.\........&....J..`c..f.-....*x.y;O..hR9....r....n..yFX.......0c...c67.....>..1_....9.>.... .xyU.>yD.w..}{....p!`...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\371__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):958
                Entropy (8bit):6.437728454387519
                Encrypted:false
                SSDEEP:
                MD5:217BBF2E05EFCCD6EEEDA48C9578D3F2
                SHA1:8974E401053BFB3489CBE6600ECBE82C1F216360
                SHA-256:44A3A75236F780F00CC4985BD503F8D3C858F8AFDCEED893C0F30672FDE373E3
                SHA-512:EA93290B533CBAE41C03A13F36AE1C56C7CFA6D197A37D0FB318E550A72EC58AFBBBE72DC153012343AA95B35559F46C6FD4A7A978D5244A182203515F201D2E
                Malicious:false
                Preview:.'...}h.5.{......Qcs.O..$.....i.......i%J..lnc.%...V......I..1.7.'.4p._. ......*.....?.m6.&..F._.......M..GS3^.o9..#..1J.k+..`.`..N...7p.._....i.../.P...%FP..:.....il.S.+fgq../...4..?..H3...h73.....p&............s..m......4..p.+.P_NX..y......e.....5.3K.U"ry.T.k...p.r.5..s......#9..*........3#kcq5q.$...K...w4mD.'U'K....Kp$_}..P...Q.Z..G_q.y.$.|<5.D\.....y._..9U).e..MH..].x.q....T..m4,...H#..n..=..[e..T.Bw.@..j.<u.0....cxJ460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\372__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1376
                Entropy (8bit):7.143408684750449
                Encrypted:false
                SSDEEP:
                MD5:C035D9CB024A06352F9A96BA5DB78654
                SHA1:DB2C5F2E50A6F70C21F52896756DE9A8BAC74A60
                SHA-256:A38A28E7C66A1010BABE78184D2B3E231264C4427ABE8601B3C284666915BE76
                SHA-512:C179A687F0766B930BFD15FDAB400B334D7AFD03A6D3BACDF64F37CB7EEEEA71D70906F023EF1F3E7F98A5221AFAF1C6E77BF74899061F06BE222F31760F12B8
                Malicious:false
                Preview:-...Zk......W..S....o.0..9(..!.}M;..]....B|H.&....4..M........f.jo_v..V.. C...2...E.|.X0`...{..>S.0..!...E...s...7...GC..$..i...O.@q.cG....Z........E.V.._..l.z..:.d`..#|_q.....52.dAuxF5.......o....w.......:.....8...n .Q..Y..2.e~[.V{.....}....z..Z |B.X(`...N~X....I~.Hm.UJ\w.......i.#.+....,.......?....7.x:s...]RS...i..EM;.P...j.. ....Y.J./U..E.sB.9c.....f.. H.....C^.....k..8(z.E..~.1#.....7r.z|..<..i..A.o.....(....1....4".Z......G.s.1<j.s.........(X.../'..........c....@X.7Q....W..b'.~R]lE.]....A._......p..@.m.0b...u....c!mi.m5.iN.F\.5...._.$.V.S....2......+...0..Y%^4......4.f.`...@.........?..mz............Z...-..k...g.1.iU..;.....3.r..dRi...rJ.T&=......8.....P....@....5.."4..R.^...8..p.Y.CZZ.!2....R.dVm.#BkS.W$.l.+.t yL..yLn.+.m.}/KcnT9{W.*D..@V..Zgb.>..-}.*.5~...S'.q.!.......4<U...#.bG.z...........m...LV.._Q.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\373__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1710
                Entropy (8bit):7.395783804588139
                Encrypted:false
                SSDEEP:
                MD5:8E3C82AAAF8221E5A3F4DC8FC080D25D
                SHA1:AADD948D2860BDCBE2E0B3FD9F09578185E2855B
                SHA-256:A124DB0E69475AFDD366862D4D4EA7364D960EBA578C79272B2A455084345DAC
                SHA-512:0670456627C4D6F908B04440E10247FAF0455FD3A3BA9525BD9B41E247D874435BB785267BF8CC70EBC5C84DB91525930FC01EE58130B5740828DAAD1F1A3979
                Malicious:false
                Preview:.=.1........4.:*.Y..D..i.q._g..I3.;V...o...K*!....@yD......\B....x0...{.%....>a..i?u.....d.......#.|...JN..*"qR...R@.eZ.D4...A....QY...S.//F..C....Kq.8.Tp?..K..`^.".N.......h...7...'.6o.o.....1dy..L\..]v.!}......U<.T.4.Pd.R~w........'E...I......*u.Q].d......!...KPn.J..\B........":....<3i.r ..w..YW;..Ou....(:.4..:[....W..OnN...9..&.>.........b.=....;..jt....#I3.V..e..........h3py.....>.....h.......x%..K;d~'..a.m.Y.c...z.....L.2.(...R...S...(..t.f...N3..N_7...0......<|ZD$.f..3C.U.....!X....W+.-.(S/2@...V.]h+.Q.j8'....#$..[.o....-.h.=.d$.l.j8(.h...[3*..N....R#;.....f.\..wY{v.......~......)r.m.Z.Y..9..U..Pc...L.O.0y9[..t.sJ..k....G6.k$!J..&.. ..P.c!.5.........V..)....,.[7pN=.C.,..$.A...*Y.....d.*;e.)...u.;.E...0..#_x......}.'*.D..}.....1>..ok.....p".x.OE.....>.cvN.|p..?...(.\M.7wg+r.).a....+...hA?..:K#..jI.{.b.......N.7....i`I..Hh.6...6..h..:?5l..'W..*....9......C?v6.`q............v..j.....E.......#.._L.XB.+...k...XE.,I.....`..a.).

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\374__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1157
                Entropy (8bit):6.876925681500935
                Encrypted:false
                SSDEEP:
                MD5:8EB484FE2AB3C031E14D7C903B98F519
                SHA1:C2F499BC10D5D8589505AE05F03C6C9A95416093
                SHA-256:682CC4E2831BB7964D8CB54AE3F08F744532337FFBBD2EF436C9176FACB37113
                SHA-512:CBACDA1B9933206F2CEB744F3F81F6D63C5BC7FA3494E0EA60DDAAD2E20C7468CD8882A2FF56D62E7FD7771386566FAFD2DB3CAE70AA5CEB260F7542B2DC515F
                Malicious:false
                Preview:].Y>....e..C...Y...f..5n..E..).5..+.|...!|)..43:...B^.GM.qG2. _.F....$.S.P_.....k..F.].).._...}....y.2......2u.h..}w.(.!`...6.A.sm..U..._...O..u....^./.../....++....\..F..`.0..H7H...#.O3...p5V..1.{. .AA.A..u..1..........9...*h...qM".."...[....Ge........pyqE...Q..c..Z...\.g....3../|...gt..b...5!..U.w..I..-..H......{..!.w...Q....9'.Y..3o.".."..v..E.h..xw.c......h.{i)g..W.'.'N...6...{.U[%.....I%r.[...u;,>...v..]&QW......EO.-_.......#.....9...d.v..+bA.(."..T.N.....d.LZ.......[..fA*..#.J..r..?....i.L..].....Z;......"#..m..T&.ju.zu_..\&...{...N......jj.0..5.~6i.=`E..B...x.Y..Q...m]~.E.....o....+@D?.q.t%N...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\375__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.751068381330511
                Encrypted:false
                SSDEEP:
                MD5:3C8FA3206A07982AAC1FF3FEC76756BE
                SHA1:941C108D80946C3551A6F28049952561FD0221F6
                SHA-256:CD7177F53DE7F938228EC7BB2C9004BE918F5AEA9881E279B40EC0B8998FDE20
                SHA-512:AC58B828B3E9E961913219746104F16A8DE1E5C1A8A342400574DF70CDD30AAE63CB2E0B9784DDF6B9C1B79C1F77343EC99A5B87F0A3D46BAA646C752422DEEA
                Malicious:false
                Preview:-q\..9...)....I..~g#.K7.....i.w...6.1(/.Rt......v4.Ky.@/..z.S....)un.qi..a.>..s."A.V.Wv.g..0..*g............X..Bkkq..?{`......kj.e.|3V.X6.._...1e......x.%...p\....*.V.......4..N=5.{.^.Y.b...i.%%..?q..........y..#RM...........%.Q.5..}S...C.t=..r...Eq..1.b.........?.....VyR\...G*_LvH........}....,..>..>...0es!.D...~y.i....."....#....9.8..>A.f.....S...D.\.J.$l..llfV..r.f.F..R.$.fN.z...e"....5.:y......3..e..`A|7.....^.......y.`{t&.G..m...@.E].}.....0..t...T..cy..wA.._..iN.....B..1.Xa...Np...w..L@.....8.C.wo...lP......i...d#tl.....^...^.,x....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\376__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.696748662309375
                Encrypted:false
                SSDEEP:
                MD5:196A2646875A8735545F56C853B9FA78
                SHA1:29932B0C031AD30FCB0051F22F991255777377A5
                SHA-256:EB85AD32B8A46B3EA960E662929635AF2E682F65EA98552845999EE2931D3E5F
                SHA-512:126C20986012639A801FE24B87C41A6898D9A4B5E6B2E08C5E7A4E576FCBBE6D084DB04FD48B20FF9FEBE75DCA7C565104A2B22FE643A11AAFEEB9A5B44F622A
                Malicious:false
                Preview:)...o7.|ED..M~_XC.C.N...jM:.L..S..r....cx....NH...o.v...(...f<.%.........(..a80.....P...PF#+.....iv....d.V.kR.).j.m86..t..q..q.k..Ir.....]F...?.7..Ap]z).<.}..BF..I.Q..4,....b.Dy3K...j...<......w...".U.!....C.=L....&.V.F$..'..@P...{m..D.-w+.........O...?.a.Nk9..F.iK6.|*..2...:w.P(Z*............e."....H]I..DC.d..c?.......|=....(.....K.>.T...,?.......HU@.t.....|.s-. ..q7.Y.'S..)..%.H=.......h.j...C....Ht^.%V..VT..O$t.....l...q......q..0.nk[.%y[z.L.....oC.......U.8UF.GY...1}......n..B.6.J3G%+!^460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\377__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.471616532135244
                Encrypted:false
                SSDEEP:
                MD5:63A540CF7CE10DB9E4B43166AE663432
                SHA1:B07576BEEABD9C6154E27AB2D2576BCC9DA5110C
                SHA-256:EDACCF66868CFE3BCDD997ED3376FACE1933281547068A28C2F1D78469C71560
                SHA-512:4CB3A985EA92B8484CD3AED88B2F9AD56CD697BA34D685529AF9304E3198F8B0025B63F975B9ABCE5E92715A0BF25C0F5C54F790593FC1FC9069D850D68B8337
                Malicious:false
                Preview:.O.Uh...G..l..rn.A....z.......w.....~*.......L.!q7./P....r{..._....;..$\...x....Za`.b.;j..".-R.QtV.(X...,"+8D..O. ....R...L......m*!.4~>.HSX$..GQ.ba.....p.W.......CQcU.#..a...A3..W.*.q.n.y..9...fL..s....1.=f1...WV...{...s..PE......q9...k.c...b4q...:.../.z/h$.6Z.<J...~.\B....$!U~............Y..s."Z..l.. .F.P.'L2P ....>.FE.<...s@z.p....d5}......1.s...).F.V.G....f...J..n...|. |..JY.l.....i.4..}....0_3..msq..+...3.......H.+2460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\378__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1802
                Entropy (8bit):7.4711713366806425
                Encrypted:false
                SSDEEP:
                MD5:5D247FB0B38BCA7D76AA72A92E89E3DB
                SHA1:36C28AD05027EF30E931AE426E3CD0D5BD06D9CC
                SHA-256:C8E12E088EAD9236FBA3B1EAAB311523017225639EF968F0BE120DEBE0768634
                SHA-512:65549818FCDBF2A203DBA03E8E1DD0CE953E8AD67B72843ED180F2F931B9D7CD19F86BCA5E765618D955D2A8C09A28A28BBE88FBE45A3F8B959B31EEED01116E
                Malicious:false
                Preview:......E..}...&......!z.o.....ox9..6\...`.............%......Z.F.....4.\..nPP..-..{O..T~L...$.>............SR.e.a..2..=+..w..b'?f.....8/.6.sm..6c..K+I....RBr.a.....,..Q....?.?.s..Jx7C^...#1..-7..#?..B.!.G.si.$.kL.Xg.Z..&..F.%!..n.Qp..#Z...$..PT.....k]..C=x..c...;..8....0.............MX..~..<....M.v.+.~6..Yl..b...G;...T%O.....=n../.7....1.hHO.^.]'.B/.SA.G..2E:.....9l.......3.>K\.X..Sr.T&.%^.P.u....a..K.M.p..P.3...j..P..TUb.rV..6.z...j..G..3..[.M.N.....l{..M.~.&./..5J......X...e...+.c.UY2;.<.I..........<.....c.&>Q......\dn......IZ.Q..Y.......N.g.;.....Q..)h....J.V9..K'g.....<-.....7...:...c...)......8G.y....:s@.Oe...uu;.......r...V0.3.._....M}....2.7....]..)F..... ..d.J<7 .:{.'W.C5....Si.t..MP{^.!,.l..p.d...%."O.]K=...q.F@..DW.)......>...J...t..l...i.b'O...y qE.Z.Y...xO.........O0.&......p...WV..&RM.F...H.<D.T..L.i...`.,.C. ....z......=.WW.5O.u..I...L...j..^.(.T.3..-....._..I....ax...f..!.{..<.)."...G...9...Y&.P...#.'L.R..C.T...

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\379__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1238
                Entropy (8bit):6.93855158542524
                Encrypted:false
                SSDEEP:
                MD5:D99E12DA6E5AA3237FC6B682868DCEE8
                SHA1:2E4894EC6557E9D26232E3F9B1C84A7C42455AF1
                SHA-256:5EBC1F93661D3695C0850F12C61BDC58830B96008D9E615B36BBE5C3008F32C5
                SHA-512:DAAD9B93DFC73863BECE8801A252D56A9D896D5DB2073C981BD7250A3C8B4023B549E8DE00B876F0CF1CD62DAD1FEE5DB4CE775C3F18A03A5111F523B11A55F2
                Malicious:false
                Preview:.....I............u...U=0..............q.t..7..H...oY.|.P......;_.....9'.o.=;..v1a........(...5D..o..u.md..c.....d...n.,..M.x.4.4R...W.WT.....}1.}7\R...us.x.pm.HCLy.........S.....Y..;za.C..l.c..@...e01Dg.g...Y...9.D}Kd4.f:.0.{....b.Nw2R.uQ.00.....d....X..M.L....6L...0....zh...E .G...wE.v;....:.i.!;.`.$...:..%.1......pl.....n.]..'F.@.....<....eRA*..8B.........H._......z......./.....q.......K.5.n.....J.8.\../.]l.|.[.,M.g2.C...6Fc|$....Z........_.9b..B|...[....|....D.c)es..l....u]y.<I.`.+..0.7..A..........zG.F....D..?....3....yaH...%J....7~.GqA...%.....D..@.3?b.yR......+.C..H.........}...5....X.../8y.....lR..g.N.d.h.....ui(...).1_.u.~....7.<.J.E..4..........\d...G\_.....H....3...WZ460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\37__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1357
                Entropy (8bit):7.129520183279831
                Encrypted:false
                SSDEEP:
                MD5:A9369652A3C544C50CAB974192B2E232
                SHA1:5D4A5CBBB791B796553EEBD50210BE23CDC5910D
                SHA-256:0425717B3A44A3F3A2005AEA02F00D04BAE32F4BDBFD91A64492680285B73B4D
                SHA-512:FD67FCF27FA8C305C0696DA899573435AC6A23744C0CBF167DD5DA8953FCE6624A92792FDB987B4BE33260CEBF4BF820E51C97181B94DCDDCE39408E674FDFE7
                Malicious:false
                Preview:.o....E....t..;........=j?u.@ .....K....^.'.cH...... ..h.q.~....;..).W...;......+9.q..gq/......-.)>J+9.C..eW..M.....s..Wj&>......`.....A..f......(.]...i..O.%.&W..L...p..6........=6.h.../.....j.G.D........6.J..EB.R.M.'...E.3........6.4H.ifP4....|..Ao^...~W`...<..VL<]1....".\.o..O.f......6..[vG.:...../..E7.\|i..)...n.<.....2]".F.g?..V./.%.....).(....&...skv...jG......m..F.g..(..,..k.^.hx8{.^L.........B.Q,.(.._-..%O?.1N.%..;.....D.$...@.z..]..SEau.m.5.n..&.......L.`%.Jm...LX8N....Zpp.~"..l..9...-...7..a..qV....#.......o...V..@.....>.,.Z...06,ZF...M[...9}.jWx.Sid.n.!.....Z.yW.D.l|U."..O.|..tK.+c;........+.4M......v.....>...}.$.H.Vt..6%FQ.B.5.........Y.Q.5.../SI7U.g.?...K[.Kc?..N...%.2......'~(..X....t*.G../..`.`6+.KL}...`.~YG.8."N..mF.P!S..M..\w..........o=q.z&./jVK....1..[}4Z%..?...".+.Ng..Wv,w.....T.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d91

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\380__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.731505739935805
                Encrypted:false
                SSDEEP:
                MD5:07D680359A51BBE065828F6D72C049C9
                SHA1:F03887367A608A1B6BC84ED760BF3C68E2FB8CD9
                SHA-256:2B6884FDA8210FBED7FD8CB08CB5AE3F33A6EEC15766F945BBC41B984F02A0A2
                SHA-512:41EC505D65891AF3ADB6120466875D7B8CB8219C41ED518ED6ECB12E030FCF18839C2719ADF351DF7C8D0F1F32EB7551AB44FC190F3678B669B5162F8DE8A5AD
                Malicious:false
                Preview:...alf..a83....Y.......k.s.G.s1...8?..hpDl...&F..<,..!!,.dk.s..T....},Kc+.iilrj.hb......2.....qc#ig..2.....U..+yh.s...hR. .&.P...B.T.N....)B.....~>.&.]l...iK3......vq+.z.S..@..J....7...+..D.K....~..s2...p.....`.y..o.`Z..Q..c5...u-b..D/.......|.LH..D..%.....e.r.!N`..w.M.m.u.l..d.a.-e..<....1......b.pspm...F.....iF.....`%.vz.u.6.J..9...R.b...#.....#...!.Ftv#%.l...6ru....*s...Q.h7.u.y....n.([...l..d....F/x...K.C."CpJ.n>..F....,=w.Ld`.. ..c....:...U..I..h..0.....Y`..tq{...R....^....S...m.`.g&.....5.N3....=.)p.'` X.6.y^.....&E".r\...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\381__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.686548794383483
                Encrypted:false
                SSDEEP:
                MD5:0D0D752282C494CC5F77C160123E28D1
                SHA1:D4EE10C3A89658BB0CB7179A24A34AEAF171DC4C
                SHA-256:F2EBBDC765F3354B4A7CC0DE58DA48405DF3224A6C3697F89CE02BF89DDD6B10
                SHA-512:28B27453F4F4C5CDEF4A2E22087B6B4486746B6477B939B17EE44FB31FA962D6E51A4EE89459A00437618A28528EDC8CD0C7E41AF5C493A399481DCF20A95135
                Malicious:false
                Preview:.&...Wi......i.[C,..I\.....L.#..s.X....>Q0.3!.....}..Rx;w+....~R...LL......0.gg.w..dL...jr8.I......c;...$..).........cA...."L*."b2..m...;.@...].?6.......+9..:s9.u.V-<.....Jn.]."....{..u.-y...6ut..DSp.t........g.....>e......j..l.&."J...N.....(._.kd.x|........."..\...).'....:I..WI....k/......&...yn..}L.A.F.GS..`..)...."..i.a.>. r...m..jQ.G..1@..^(.....^....W...>(..7.Z....B..e.....I.}<b.t..".4..E...HaD.......!..3.5.v.....&.1H.....J.....KP.;.agX...........E;.=Y......v.x.U...<..6....8....._....m460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\382__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):951
                Entropy (8bit):6.4655826116238355
                Encrypted:false
                SSDEEP:
                MD5:4557E143BF243A6C0D8A4A63121E3AA7
                SHA1:8091ED448C0F0A26523587F36C6554E750F39F19
                SHA-256:C1EF0FBA8020E6E3A9BD07DB12AD6033C738B4C4EC5A1BA282BD8A8473730F70
                SHA-512:3D7EDF8A11325F13157B2A1DA8C20035E21B9098FD0A75F170332D3E00B67945243007F6B0375C9AB448A556EBC7F6B42596BDC042D93769590BCF78B4BC15FA
                Malicious:false
                Preview:OfZ..] p2....1.._.A.Rm...........u'.v.-..-......o.+.c..I.FsH...G.2N..X.Yx%.....f...S.K...K..,.E`.~q.......C.0.T#.lx..Y....^tt..#....c....!a>.tG.t...a...y.*B*..|2....O.....Z.b..<.$bS...n........mvi......;.6......E......m;dnA...q..6u...R|#[IT..N.....qv.5.cd..m...8..p@G..]..?o5....4.~.C.)...z.l.....J. >....L..G).;...kH.T,.LG[*.s.$......Qv...M.U..c.9..5.;.].z.Ny...|....b...X..F...u...w..m. ...2...;U=......e..8.Z...1460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\383__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2844
                Entropy (8bit):7.7301014537658075
                Encrypted:false
                SSDEEP:
                MD5:CB3762A2CAECDC69AD03538F70FFF8EB
                SHA1:E08E77AFFEFA4ACDB6F8013A85887DC47B838F8F
                SHA-256:73791B04A0D3DE5C9BF7E5D9A634A75A68A6E80BD1E091E2D9A9B8AC900C0231
                SHA-512:3A7CB0EBCD11A6FD1C9F1B9F446418657EB84BE9EE9FF8007E9DF999D68A951B9B41D5C460A14C37F008437581F7350CB3DFC2D1CBDF889F20F1DCFE0CAE316F
                Malicious:false
                Preview: .<.[..[.....;.PJA...D..F@?.`.C.9s%........e .V...f.....O.."2..........&B..K.Y..8.e.(...V4....8...H.[...JZ+...o....v*....H.@.-..O...._M...:..A.....t.. ...D.....VB$w9..eM.t..j]..$U.9...-..E.I\*..,...R"(*#.....`.D../zV.*@[...0"...6!O..B.@.<..-J..Q..}L..sqa.u.R..F.&.c QVK.....;.R.........c.....;...=.*./q#x.`..;Y[....o..i....3..j...bNDT....D.....a.)>.^......,.\....h}~&...d~~..Q..@t-.l:4N......Fad...ON....+...b.(..}.u?y. ...?..)........%....`!.y3..#]'.....Vq.m2dsg.\..f..(..A..$..=FE..ZT...:a.3..v...VJP!...S5...YE.L..{V........{,F..H...z`.P;.E..VE...{.Yv..;.[.<.......3rGr.....m..#.Kz......1..q2QEH...\.4.f.hD./H.;..}...@.[l..^..>..)'U.\...<.....?...Ww....>q...B=0X.....C....m.p.Z.D}u..k.w=./.V...l.:S....8.P/^.y.5S.d?.....).l....\1+_..#....... m..u..gRbo........eN$Cl..1...N......9.5t.[}N3........."...[WS@.l.G..KIt.QUy)I{..QD....9^L..b.PB.@e..[....4.............n."......s..2.L....b;6M.y.CGZ6...!K.ak.h.j...N.t.0c..w..|..(....|r.P..8..#..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\384__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1225
                Entropy (8bit):6.913835407072922
                Encrypted:false
                SSDEEP:
                MD5:652A602385A514D24F3FF67157322185
                SHA1:AF27ABCAC58696C183D121589930D50DF31A8CE1
                SHA-256:DE09996CA0C9A1926C7366E9CC7E28E3A6A6D4A41A4FF19D826792CA72806286
                SHA-512:6D6453129AEBD281B80B8F8976DEDF82C7652E4134C26E2DC42F4A4745E12396F555545CF90575D79C6D90BE82315F9C2321833E070231455499EFCAA37F14F5
                Malicious:false
                Preview:.....[.x.....N...vTWH.D&.Q./..e..@rYJ..^^4NX..Ve..m'}Y...I'p9!g. |`,.H..m7.....@...d...G^.Z.L.f.9.......3.&I.4.Y3..s0R..O.........Y.h.f\.,.#T...E....7........../...i'.l{.....JW.^...P.x...fG.d.......;......[..w..BT...&.......\...u...7....5.$.h....0wb....|P 0.....a......B..y...&xk......K.A%..;S.C'.)."JM.`L......f..@?<.&. Q.d.hd.(..$............?b\,.y.ni..|d.0....l..&.j.#*.di...{..K.O.a*0.51..1M:.3...t...G...y :.OD. *S.=c.A'b...N+.......0F.t)Z.={........e.$.zX^..b..f.H8.....=....G...[[..8{..^b$P.......n.,8..&V..I..7...Q..Iw....r..a.f...w.}...K{vR....32D..8L..fj..`-`.k0.rd......XU....*..LS...].,Y..r.>....+......X.....;.iW..,........x.pR..u,0.c.]..Gr.:.S....4xc.r...5v......Q ..l..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\385__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7515570427853495
                Encrypted:false
                SSDEEP:
                MD5:DEA40F487D7967B9C40B998416ACEE24
                SHA1:D44BBB232FA0F7F8E55BB33AC8E980D95BE5CEA6
                SHA-256:96B4A42F7F92181FB139AEDE5B22B1DEFC46DA5BC0B4007A78C3D71E1D5BEED8
                SHA-512:1FE2F1E4C5B1FD6FC76EE4301C1054C32837087FC438339FE47632E47BE07CFFC3143795F93300DD1614FDC3D0FFF899406ABB4A032ACCD5FA5E7EF3CF220AFE
                Malicious:false
                Preview:....UA.GQX.%Sq%Q._..+.0..E.]kbA...").%..z.>eCx.s.X~0.cQ+..x..q....nK:.E^. *=!.1P.A..?.%..i.:.0...>..uXJW....v......_?....6.;...#...|......g!..c\.: D..B....x.t...s.4./.u...P.....>...G..%Wp0..4....A.$.NF..`.[...BE)..K.......I...C..E0nwh.....=..!RTx.....!O..p.l.Q.N.....T...%cN..U..b.>.8...../.f.l.)7..q........B........g.[......?I~8..OR......F..M=iz.O.#.zR..6...j,*...x.2o.<...o..Ne)nL1+.....v9...}.n....6d.A#..+...[p....0b4_..C.x.m..Lp[...?.Q..Lo..N..K..&...aL?..__..u.'...k..9%.....-....Y.0...>*:2.b....E..!m.j..6.;Y)......SC..ay.?...q<e......:....J3460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\386__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.6282180204846926
                Encrypted:false
                SSDEEP:
                MD5:61516EC2E0A8500B20EA3840C3F3D073
                SHA1:CAC1AAC805DFD7E0415045AB18A726015AC9EB30
                SHA-256:FA049920E43AC6EC7B8451F8AEEBCD5C249B5ECFC21D6EC1D9A51182CCA92806
                SHA-512:48D8DA40B973CEF07B0E662A9911AED86081906185008A0F7BFE07D94CFD7D7A08BB04AF31A5457F029BBA3411BBD775B7FA58B3F3337055DF6330C97FF86DE7
                Malicious:false
                Preview:'C5!.ie..m(LZK].D.....S.:..?..h..$.|]...o..3...,..e.=..I........3.\.2.8......!.P..y.A}..Dt..F.......e .hKPL..0m.2ew.}.,.....u.......NN..Ag.....P4o[eZ..D.7..K.$b...D/.Lu....j...eK.5j.'...>e.mvnjT...wX<L.c.z.K&hi.:G...pZ..2.=......,.V...qc1.F.t.P.k.vI..._&F'.U......h.7.#lk...AN.L..#..*Et.....H..1._.e..|i...u....}...C:.b..S{Eza..h..M.bm..E(....O|.....|Wj.Ll=..4..89..j$.X...WEsR.. .X`..8.Hs.....$...a..u..-......*2.*.w&4#t.{x.m.......9K.R.I.`..X|..Qyc/.....D.b...N..!..uo./.{..e..u.9).[...t....m..J=.e.O](.v460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\387__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.502718567316494
                Encrypted:false
                SSDEEP:
                MD5:CA8C88D70BF269425842339393D31A48
                SHA1:BC03EC36A670D4B5D7EA03241274AE5ACDA7D77F
                SHA-256:2E3F8C0E9BEAFAFF8A41E3279C1C053E4E31E796E0856E5E4ECA0B15DEC95898
                SHA-512:635322DE64B67DCDD641F126DF0DBC9C53AE9759B0D0C5C4DBBEF947832FC98A3A069DAEED55F9526A8A143A1EABD9DDC06C0543EC5E81375880F19276151389
                Malicious:false
                Preview:.m.w.;........F..Y...nY..K..^..j.....M.....x.l..R.9).j...?......."M.s.H.a..."y6*xG..3H.;ri.6......s..yc?(*....~..f...5.vQOI........o..0...?..l.m.$..zV...?.I..%...........~.O.>.6.......W....py0...,......v...G.a.: .w..b.)..{.....:R...Gkw6.gHC....N.'...}..<...Jp.......q..._.j&.Q.B.s.,%...9..*..a..Ac..&..KWB1!. ..F....N...+..St..c.C.S.a.B.A..`.,[.q......9.b&...S.i.".d.:p,:.&...+1.I^..S.....l.).x...BId...T..)b$\....VG.S...z..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\388__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2617
                Entropy (8bit):7.682295259932973
                Encrypted:false
                SSDEEP:
                MD5:7B1BE307FC82230D2D82F4776F4B4771
                SHA1:E1B3991C3451703F65465652DDFE82C75A78569F
                SHA-256:94889EDB595426549BE06DB77478B018E39712E0423A980763CB6EACE66773A0
                SHA-512:CE5378451AB75B086AC7834ABC82345EF23060527B142ACAE83056B4D3A6A63D847E7F1E882B998D1C68DB08F3ED70008D4BCED38D877E3BF1CCBD7D9A5185BA
                Malicious:false
                Preview:....t.!w.9....f"..6b...r.X..:.u.....?.&|}+...8....a..G........H......6....kE[...Y..oo. tH........C.Qs|.....bC.p.......Pq...W._b).b.....O.+@-w..=.^,.#..j..yD.Kq...k.......!#.PN.#.c.~^..1.6.].....O.B.....E..q].SwQ3...=.t....L....V.Be..$b.y..<...+'..-....Y.k&...\@3.9.c..Ja.i...n..i..d.eN.jv|.....'R}{..............p..}..E.h...].qf.h...tnM.s.....G...q..E[.,.E~.O....y....r..G..!G..K..~...T/...^...]...T.Noj}6./_."..]&.=..4..Ci..5Ei.6mI.}.\.-.qf...#.;.zE8.SSU....+...r4.R2.....f..EX..%.=b..=^G.E...S......&.OY.<u...d..y...z.i.VoJ<.b.......G......mdI..JY......P.[....@.w#....x...PgR.OP......V~Z:...o.f......a-.n...'...Z......:<.....Ds...n..p.C.h.q).....#6.@..z...o..D.....'.i.Q./L#c..E/.[.....?.9.-CR.-]K.w..Z6............Y.TW...%...^..f.y...,S.Z...(.....SH..q6n.P...zm.&Q&..D.3.qIX.}...`..8[B.`...v...BF....7=d...o........H.:<.e.%....C..P..{.N....k....`I..o..X.a....3..p.....y.R.5.e.(Uz.e..N..v..E....i..G..8..X.0.+...T......mP..D....{\`|.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\389__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1802
                Entropy (8bit):7.432959068572675
                Encrypted:false
                SSDEEP:
                MD5:588B86BA692E233D6EEEE0F09CF3C878
                SHA1:5175045E39813152866C39BE4CD07F05A84A57E0
                SHA-256:490C01794B9DA60FBD83F46BEDBB964E59CC69673E4F83884174091927ED3A79
                SHA-512:9089EEC17C671BA18F45685B92E2A69732108FCC649CC491BA254897971D2E335537C074B1F9276B09D7CC752477DE4B0D16789CC871492C391AA56AA29C8626
                Malicious:false
                Preview:x@?V.!k..X.r..[W.k..U'..c./.^O..W"?....Q....4.vn.^._.....yd_......-OY9.N........|..J..D..x\....t.b[..U.<.....:........z.N.a..z......~...Us..F.i...*.....;S.n}.K.n.2...!...p..LFqbZ*[W..%{.fAt..Ki...........[Z.......B...`4...~ p.oD..g....[c..RmO.~9.....x|.1.}..O..`.D....-+>A.0..4dp2..J88.7...."....{ o...f....f..7.j.....M..^..y.....a.....+]..q.E$.u.......L3........@.`..!~.L.p..2...,.=...?..';...S...Q.y.....jm.bw.Z.........E._X.iJ....'%......\..d....b..&...`.!I..*.D#.&DjF....fs.C.ot^........O(.....{.yWm....}...-....cM1...v[&...(..^...I..p.Fx......+...k^..Q..."..?.p.)SMVt=.>.S.Rd..I...O%j..;.+.....1..-"3.C...T...NS...90.+...4....(......5.Rg|DPd..0.7....\....{=.f,~0.`.dK....v:..+.f~.B..FTx.P.......{Bm.=.=..T.L8.a{+z....:.....dN..)L.l.rA\.I.......r..-....K.;...>.......Vkm.}\.7...m/X....."..:....2.y..|e.3.n.....O01'3.....`=.c+..`Q........F........^...!....G.*./........)...zl|...N>...........c.?U-M.)._......7.|q.{.....z....8.(i..2.zo.}...B.kF...7.7~.*.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\38__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.888233785542969
                Encrypted:false
                SSDEEP:
                MD5:265B4BBC099BC9336179675322F89052
                SHA1:77B7A149AC5BEE4FECB64E3CE6C5864C20D9ABEB
                SHA-256:5B52DB1C89A7DA3DE228969C3B901DCC405EAEC3C6331D9984DBD644838006CE
                SHA-512:DDC5C7CED179DA38037DD794AF73E6A0CAD5397F5EF44C305AE2A3D25F8C0D46D80586D3C178D836E8AE559F0BC40B7DB42A371E963B12FCC94257AC96A62C92
                Malicious:false
                Preview:-........./N.3c...c.."......U..w.....'.X..2.a.^..._.S.e.V.....ZE_.B//..O.....'..~..c(..x.,...<..R.iq......&3.4....c=......M.U;....:....L..G.~~...r.(..Jk..&._.....l:pu.....4>.y..;._<.\...l...y..|f.3R....:.2.2......W..(..../....A.p.Woh['....M.K.....[.m......._$.w.)..u.....a..Xa%..u).eRU.J.(t..+.t\./....0.NW..I...".-z..{..wNL0./~8....wE9..j......S.O1\..[.3.D..$.&@]C3....+.5..R......hBl.&....0My...........<.gP......8. ;....,;J.}.......@.....{...M.M.u0.O.!h5.]....!..b=...v..yGb....xtk..`d..]7M.zz0._.4..>.A..-D.A.&.N.pI..q....e.x....\.u...<.~.IT.M...M..c..@&....z~..S..x.\...S..!...9(]0.f...?l~..K.p.L...f<jl;..!.M.-.nv..Y..H`w.T.9460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\390__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1015
                Entropy (8bit):6.615113336993792
                Encrypted:false
                SSDEEP:
                MD5:3FAC5950F9875B9E11B2B1F025818313
                SHA1:965C4165661EEA24AC6F1E9049BF782689248CAC
                SHA-256:BBEB6520300C8D7132208647337ED2AAD714B7127DA6E14EC4EF95EDFC3BAA3B
                SHA-512:C11962BA02297DFDAEEDBBBB38F129E459F555E4A47237B585BEFF4370AC50CCC67FDF5DAD870F0B709903DF7502663A18ED7EDED8BA45F75EEE1984D9387B2B
                Malicious:false
                Preview:v.l[...pFU%.]Q.q.T.....f....`...)w..^.3.,..).....g....#.k...[B....!I...c..$...L*+8A./.s.o.......+.)p.z..P.C.....#6Z..-:...F.0-.z..dI......j...A.W.`.:08R....n......k.u.8.As.....F.T....o&...H.?/.......s\4#+}... .v.W....:.O/V^...<XB.ZaF.8...V..}J6b.G...{.kRW..0{.;{.*........o..v.T.8yJ..-n..LGZ.3a.B4..r..U.!..Z.......i.>#$.K...VT"...j..=..N...O;q.f.....y|P.k.....T3.=..*...6.PA..j..#M....9f..........U. ...b.E.e.C....\........k.k3A....P..).T..T 9.a.pO3?D.8....X..,..a..(.3}o.mn.x...4460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\391__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1181
                Entropy (8bit):6.873201665271666
                Encrypted:false
                SSDEEP:
                MD5:BBCA63AAD8AFEC7D3F39C176AE20D982
                SHA1:93879E7F0602FB7101B6ACFD3D38FE69AC04888F
                SHA-256:38A9527F092E25347B97F83AA93D7A8D0D8FE7B749971E0A96132862D4966000
                SHA-512:1B56237133847AD70008CAD211015DDA78A86A397DD899E2517A1BA3CDE7D645C798733642EFF47DFF302152F56691131A12471D13EB771C5C8436C8D8971B0E
                Malicious:false
                Preview:r.@..RI..S.^.......Ob.I..)..../P.i.t).7L,<...%.g...Pqlv0....-...K.........^.e..+@TJ|Y2*..N..k..`.;.hS.T@....;.Y.....6@P}..........D......#.....i......5....m ......_}.!..5..k`M$G....*.f.x....x.P4.'.n...B..-...z..'.kf<..#K.}.....kd<.G..?........i.........?..F1...5.hO. .}..>RN.w.EJ...A...h>...I...Cj/..Y..".8..q.E.e.~$[..,.4(....y..T3.Z..-,g0.KV+'.> .P..(4.."..o......oR...eM.`.......9..6D8..[aj..-R#..../..;.gxy..O.i1...IJ...........u{..)...f.b._....4A.e.`.>...#......K....?i3~!.)....+.g...k..?.s.]}U[mJ..7....7.$7z'.........l. ...f..Vp.%[.3.....8.7..m.7Xb.v...ir..g..?....M..!.X.J<....... FY.f.m3...}1.....F.....vO..b..3...U$ ...aV..7.B)...t1460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\392__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):6.768376404071087
                Encrypted:false
                SSDEEP:
                MD5:6C797A31E515EEB1E51FB943937A03D7
                SHA1:C3AE879D1CCFB11DE40A47174C172D4DBF9E3470
                SHA-256:C9CF2A0D67911DEB3A1CB8C11B33B87C9DD16B293E6685427947C7C8B1E5816C
                SHA-512:DD15F4977C952685DA8B54D1519B507573BEABDE4FA0397E6296D221DA51A893071DA1F15F4C6D3F37E9F1EFD89ED813713494ADBEF43C9D4F24C7B229EE3CA7
                Malicious:false
                Preview:...........0.S.kp..Z.e....,I..>./.r.A.n..6.Kw.g..}...q....7...0X.L.C.b.3......Y..0..UwJ...2..+E.Q......_ U...B.V..i.......1]...S.(..R.K#../.wX.^..z....'..5,.!'nN.\.RG`.o......%,3...IT.*..*;.c..l....X.w.T........FR....t.........Ki}..+..X..1l&m...,Ko....H[s:..-....'\...h.ogy.....n.v>}&.D\.c...@..h~..=.4.h...B.yUU;... .M,5..C....I.....=...Xu&5........Z. ].f.(...L..-.R..A.YS..J....;.;.....s.g.a....H..u.O.j.d.......E......s.kd........-U. H.o(....?..4*....a.n.'.i....N/y.i...h.6.Dv...)h..M..[9h.a......F.^..K..X...L.Q......d..S8..l..#.CI....fn.j..-b460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\393__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1041
                Entropy (8bit):6.626533513192206
                Encrypted:false
                SSDEEP:
                MD5:07E904B7602261ACE8FF1D4C4EC590E8
                SHA1:7EC71322D07B238EAACDBCA893875C8B690EB22B
                SHA-256:2D1E3F69E35B6F8B19F702DBF5676F55E40ACE1D31CF1F8441C267E1072EF093
                SHA-512:53606147BF912133DDCC6501ED2355E8B9AE4E93BA732B10121DF0BF57B7FE2070D573F92B4994D17928F57D5B3971290B741CE974CE30D7CFCA2AFA3F9E277A
                Malicious:false
                Preview:.".f1.:...[....q1R......=C'&.'..F.z..M..@..&..Ge....(...r:AZ.r........m3<..l...{bT.d.`.L..9.s6......o0c..P.k.wi...*5j..E....,n..w.~...LmHjh..".^..ZY...d'.c5.h(r.@..... ..........n.yF....:.=h*....i.u.4.}z?.cF.......e......l#.9.{..J../.8..AM..N.a.2..\j..qK&6;).c+iE.!W]..[.~.r....]O.Z...O.NWcg..v4...+....`........Jz....6.....m.6..Mg.......E..JTXn..E...xcZ.F...B.aj......Nb.B...9.....A....1.a..I.'...J.bN.F.......>...AiwsWsT......L.%....:....^..... .+.8.cJ.akM*.Y$....Z....G..(...T.4CJ;CV..3T..n.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\394__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):955
                Entropy (8bit):6.445424673800322
                Encrypted:false
                SSDEEP:
                MD5:88FB02B6DD629D9CCE288C10E1382146
                SHA1:782594CE631D87AB720934876B9F7AED249E8401
                SHA-256:841FCAD994FBF5DCE29D48305DD7BC6BBE7F1BAF4DD474B5AAAEAF973EC3DD73
                SHA-512:06A29582D78596AD9A1490F0FC46A3CDE6349861FAFE72EEAF0162550DABF3EA381B44229C462EC0DBFA4F5E24AFC5C04AE7A99F68DE24505A05BD3076B0EABA
                Malicious:false
                Preview:T.B[...=..L..Z.. .[...,.a...Q.e.4..G.....K}Y..X].Z.......~.K.O..W...X.2^.XB(..=%.[Z.y.......,.C..V+..w.EZSZb....O...^.0......K..0.....B.iFh+vS6..,.{.G. ....J..{g.S.h.......,...NKR.I...|..Z..Yh.5.t.1..GQpr..V..#...y...R ./.V.\.$.[.,8.i.....'S{.qQ9U.7.K8.j......eaPz..H.M~.I...=vB<.|..8+Z@.h.1..._....k.....1mS1..N>tx.........@......d..B...O..j.y.hp....N...[..2....i>.;...y?.$.....6?z.yIf5.(..-b.^:x....G}.e..C..y......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\395__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1236
                Entropy (8bit):7.0039875070077064
                Encrypted:false
                SSDEEP:
                MD5:BA90EDDC75DDA411222AC393BA58F9E3
                SHA1:F0E7039EF6E1D875BB34730B620FF11A54AB851E
                SHA-256:58DCC686A1E1DED505B79CB6B299B965BA33B3393B4E1E4F97D13578F21043AD
                SHA-512:B09BD31ADED0ECBB9DAD38D975B74D325B478306E901F6A94FFECC6D4DAD04AA65C69CE9FB1E9384AE62230AC18EBCCB71E55203F911D173AB158D4314C1E56D
                Malicious:false
                Preview:...6p\RB....P,{(...2.C4....7.h..M.c..P2...N......I."..\:....8#?;.).Y...%.2...W..l.-.B].O.<......u....o..k<i.'...s....y..D....~y..LM.0.._r.Mk..;t..=........'B.y.DE.R>.....#.....y....4>..m!w..;5.........z..qJ.....JJ.z...."...xS..|.....:Z......2@...........R.WT....'p..1*...4a..].8C*...>J-.G..p....W.,...Vx.Jz.j.....V.V.5...D?..5.....7..Ku|..L.H...[.9...Z....`...A...}...1~..b.....s....:.K.*.*#t...u.[.G..c......o..G..@/..9....*.....\..m.TD.QrD.-.L..Yn(P....9.W....z.Z}@@D.=..%t.H.*.N..&?(...j>....8@".ma..fI.2jk.x..L.1o9.sb.rf..._.<...%.]....@l..TK4.7(...d....|...m.c.nY.-q.OM.[.^k>! . ..N..RU......s~...#.p...a.i'.....E..V......Pa.....ym,x.....<.s.'....0.. nEf.yy[H..l..t..|.kc.S{.L...!.d.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2fe

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\396__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1080
                Entropy (8bit):6.71174874331258
                Encrypted:false
                SSDEEP:
                MD5:71A676C3213D891F56B53890507BDEEC
                SHA1:0968702F6644A635864DA5F2A8A12175FC3A948B
                SHA-256:176752383EAE01CE9DBE414E5D8825AB7F3F78E8AB8E84478F12B873AA3E8C2F
                SHA-512:D8C299D757495083E5C45EEF5F65663BBE43F4DFCD4AA24F02953598F6CFBDEFE247E8222EC058F7726882EC3D69B9405A3E4A94AAA4FFAE85CE9E451E036715
                Malicious:false
                Preview:........j]....|.OG..deFPT.....`...q....dt..y.I...E........4EB.M.4.f.p...&u.%Xxi.+.;..&..Vn.._.=`4..1..t.oH.F.W........0....P...Hu..L.}..y^k.$..5)._`._.......C.b...L,Vng5..)+...N....l....^.Q.u.!x.....'B\.6^...HjJ<sC.z..<.FC....v.]........Y..b.|-.....E.&.."u8+.D...X....&..6h."..S..iL...L>....`....)|..T..&&5.k..J...ZnOH>(.62.8?14.....`{t...3.`.jh{.......}5..E.R..|t.r,..u....p{.A....D1.[=..Z.3.T2 ^x....d.u....5N..n..<.9..[8...i4G39h.D...=@.R....."<dQ.w...l.Z.J.p..kFL.kOMh..>.r..0^...Tp.S...D.7.o.8.6.V@I..9.C...y.h...l..._'.B........p.g%z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\397__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1037
                Entropy (8bit):6.657666462148313
                Encrypted:false
                SSDEEP:
                MD5:DBC9295098AEFD972D83332E1140EA23
                SHA1:9B79EE1EAD567C1B5B4E9EC37E6CA5EDC51381F8
                SHA-256:704F32626E27072CC3A831D4AEF4E2E02F96A0D16DE8674641AC6D64DE97E1E3
                SHA-512:C2C4B3A4E71DD52E13B09A521414E186D23D6E339C31A99345BBFA41739ACE0E554204DEBF387663FFC2B671DC93E43020815AFC8C6BCFE539AF9C25F17365CB
                Malicious:false
                Preview:......D.]q.0.............p...........0.#.g@...!...l..)BPO....0.f.6..gy..4T..+...&.....%..5j..< ........<.?..tt.y.........O...F.g1./.O.7....23...p.GA-XZ. Xb..(.....Y]..........'.(..a+...]l...f\...L0...[...|z..<c...#_K.e..}.IH!.1..b..ts.........S...c.0..}Q....Y...gm.A..2q.T.Z[..G..K$...G].....L.k;.S.{`..e....]LR.d..$..21..j._7.K...n.N..W...HA...4...P.4.........._b.u/.~..Q.=`n>.............c..jcq..*Nc+...'.K...l.g{..,...Skl.....;...$.....K$.m.>..#...$j6.+..J}..,...Tq..U5....I....t=l.S%!.HQ...a.,`460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\398__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):955
                Entropy (8bit):6.457154066247715
                Encrypted:false
                SSDEEP:
                MD5:8F9CE4D76B5D45C86B1BF02275A04B6B
                SHA1:452F163E9DE9EED81C35674F4883745C8A1F04B7
                SHA-256:7C302EB1C1C69013BBF1DEDB7EFEE5C72C9FC2B4C216391FC7276183EC1EFB4C
                SHA-512:6A50EAB42C3D0D99C50727264E802047EB8B21963BCF08CC4310C04671DB06BF8D97B203D8CE23EF5B678B246BD7CBF098BA5CCAB090EE9D0E6658F03E148F1F
                Malicious:false
                Preview:......d4!..H..z.az.5...u.9.xV.)..N.-.T0u]Xt.fN..I....T...0D!..X..............0..j@.F..0..8...............q.q..Mz$gD...@.Y..F.l....U1...=..L..C.....@....*.{.....1.R....q.L...X.nz...x..:v....w'fv.....U..W...j.^....x.bd...nX....sf.V........={...ft..1.Y.A.0.........nv.I.....o.....v...R.?6Q...xO..|B.U....5..?0.`j/..j_3.o.. Hb_......<B..M.....U..F.yj.K.F..i...x..%V{h...=m.Vy?...j..2.s.*}.....'l.y.mw.y....... ..R.nx!..N460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\399__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):6.974328534730734
                Encrypted:false
                SSDEEP:
                MD5:FC7ECF213C5CC4B808CB9CD20220059A
                SHA1:C1DFFDE647CD1D6B6A299E579D1C138480BA4EB0
                SHA-256:B9B319DDDE6EFE08C74D60481B86B6C73EBEED92A922CAEC222792A5CCA2CAA2
                SHA-512:FB320219C5394B24A8C8E3F303B350748A150375CB387FDB57A7874F19491B9DB47B5FED1DA77EE43FC9DDD91F9DACD4D5EE01E26264C2DDE445CA3A4B14F428
                Malicious:false
                Preview:.TE.................KEd!.g..HT...$...6..a...Q......)}.X...#..0..........H.n......E.D...U....&..})..Kvk.).W..6|..tJ.q.|V..t........P...2..W=.7...Z'...?[..GS....u.A.W.T.l....>t.;Z..I..OX{F.y...h......W...N..K).X.....653.......!._.n......../.0...|r...mcue.s...Lvy.QmV.2J.s....Y...5.n.c`...z.."..9 5...%.G@.}.R:...vp.g........{+*.^ouZT-.Z...........8V..9ye......X.p.~.#.......OFg.K.....>..k_m..m.va...69.i..96-.V.......yM@d...'.$.....hS`.v....\]..F.'.....6.g.....O.P...../..Du%Wp.......on....C.sz.0!...@....V..^P(.....*.M.R.3.X.M..%.gZ.r..xP.N0........uZ...D.1#d%.2^.u`........."....c*.n.@.&..R.[3.........P.`q....\.l.Y.\.....4nA...S....R]M.)....\......9=.4!.t.q%.L1.o^...*..sI.Q.U...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\39__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.977156581660772
                Encrypted:false
                SSDEEP:
                MD5:47F2CEB03DB18FF62FABD9D6E375CE68
                SHA1:ED7C921FDD7518723218E73C756C367A3FA64ED6
                SHA-256:47F228516902CAA046059E7539740712E1DD1A3F8CDC1DF1DD8B17424DB16055
                SHA-512:B8BAC803DA3023EFC308E52234EF90E5A77C0C26E4D1A841C840A9D91A3FE2FEDC3AEFCFBBB5438E381E14E9165DDE9EEA72039D7519B2A3266066C2E80EE5A0
                Malicious:false
                Preview:........y.\.E.k?^z..G.T|RG.c.Bn\....+.T7`.d.U...Y*..":...:\S...&.?..jZ...!...w~..4.LH.>.c*x..V.V8k...7.Cz.|V..H..J...-.W.t.b&M..A.O.D.=.q.D.Sm..W.f5...*n.#BB=E..(..y:.....j_iR.|.......`...Zk%.y.P.7.i...[....'..'7k...1.m.<.I9.?L.Z..h.J.\..=.?.Wv<.-..I[...._.....U...E:.=.J.D.\.7......~.*DDM,y.....h....u..........#...X.....L....^.0....l..MP...CI......$.....#:g.O...17.I....R........./.".Q.\...C. ._jb..!..@...BT6..R...,.9.....[..6..{;.(2.W..F=./..iU...k.(p.d{.N).^6.8..7W..CW|.NG... ...p..,8......eK.$.v.<#S.N~1A....;.A1M.t....X...BA...vk.;;=h6...Z......6..M..U3.\/..f.l.Y.@......iI~.ySn.a.l...j.y]VGO.Z`O.TCa-,'...1..3u.}....-.mD...Nc.....q.Q..!.;..7.........gj...%.6..)...U..8...<....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\3__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.645846290136815
                Encrypted:false
                SSDEEP:
                MD5:770E7D22349E9618637F1397C6F1D202
                SHA1:61C4DF8FF7E23FCDEBE3E84E3EA5E6252A313AD9
                SHA-256:57EA1DF9438594E615BF04CA7136B0F47D427DC9961AA9D45537CB4AD482672A
                SHA-512:73359CE28BF53D6BDCC6DD615D0DBA2444B518DAACA22232FBD8F8830BDC1DA0A1191AB717D7DCF623A221FF3B57DF2D967AE60C545AEA3FAE6C25B6E96A3F0A
                Malicious:false
                Preview:.}.......$.....*.X8..h..._..P.N.t.Z..hT.*...X......_.PJ./4.(..RO.L.V....rM..S...t.(.~$~.^Q=9.h...|..Q-...P..Of..4I..hR.z..Y.V.....J.-...G.Q..^ky....:u..4........?5A..\+u..S..Z.h..i.wi...-...._.S.O....`..$..VB.....m.....R..F..A.`.....7.VNQ..B>..h...8..k-k}.+...._..p...._....1....j.Q&.M....\F.$...'..Eau...aJ...T6J...l.......-[...J2.P7"Tu....I..Y.........i..D...\.O.f.9'..3.F..`;6...986.M4:X.,..K2..=...j.}q..3F."e...=/..53...|8|.;. .Tj.1dV<.6...h/.@cS~.z#.PIUf...m#...T..%k..|...fY....@.sI3...I..].....S..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\400__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.906825771159186
                Encrypted:false
                SSDEEP:
                MD5:6F348F34CB59849FB725806C27F5090A
                SHA1:60E8FEEEEFD1706C56A66DA070F35EEDF6BD8071
                SHA-256:0119F9637D5B0A5F3F8B0D391B109E8E80A2331EC671F47FC79E01AA1E855745
                SHA-512:9BA70DD55A77F35227823A6BD6236D2EE8B37DA5FD81AB6F7BA1CE00C0B7C7E5CD9E5C8D64E1BE01347E53C7AC6D4F695647C1CD03CAA5F98566D71DAE17B483
                Malicious:false
                Preview:1Xk........<.A.0....rG`.%..x.m...#......G.X..K..@....z.}..#..w..2.%r...../.:OInf...........?. H.v..V.=..GGs..d..X..|.t.....K.&{.//..57..?......%....U.T.z..@$F..%.....\.....Z?..p..3....a.........".t...p@.r..+.K}....#..D..%...6...LM..S;..ib*.#.....l..b.J.........n0...G}.J..^.H.B.~..xb...F.~.Z0...t....G...o.5.l.g(..Lw......>....T......AD./......5Mt....x..(...r.F.(.k0......X......Ru9.....E..oi|....Uq..8......'......;...;..?'.....s..nX..f+...71W..p9.......+...u.?Qh...rT.U...n.Bd....<.M..8..^.ppP.UL$P.......C.H...E....H..Yq..b.......8i......6VBRO....U..)=.....{.....}......P..R.C...3..........h.E.n.:5..m~_R...mR..]460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\401__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1191
                Entropy (8bit):6.883290544760493
                Encrypted:false
                SSDEEP:
                MD5:6616CBCA299F9E6F8C1FDBDFF63A4A0E
                SHA1:04781D773FC3B3D6DA6B8AA95DADD7106ADD192E
                SHA-256:F787860E30E459E9F68D8BB042E35CEAC10EBB4BA67BBBC5398E6F0BC626780A
                SHA-512:72EE8B050C1E9530C576E0C1A894D4E5BDDCA41558A021709D55ACB37C95E649B6D85A00BD6E18A45ECE36EF44B8E2FFE1968236F27C547CA654BA47353DB5AD
                Malicious:false
                Preview:.^...2!...R.9"l4NF.}5........U_.HN..W..eU.oK.Ki.).D..l....7.P...*.3.m#....0..2.......J......h?...'...Z..O........~..8..C.v*+Dn...._?1..a'|b....+..^...c....i.p....l...=..[...@......!.~>./.K.z0.X....e/.....v.].........i...p..^y.~....2.....b.[O....r'J..g?...lE.w..h.WG7P.....l...o....1.......{..u.W/.%.u.$.....g...}...Y`...6.(...Y.*z.my..o......&e.^..j.....^7....../..j...4.T"q......`...Q.*L.#.Z/..[...&.}o.y;73..|..#x..B..8KU8H.bMe..sh.94....i...1..^...[..t.j.X/.bwNnj....2..;3..B_+.wC[Ze.......7..$........i..].em......sh,a;k...w:..A.Y.1o.U..l.p....g...C'.t..#.;;/m..v~......UF....o9^.rcO..Y....H...%[V.,.e"@.H..D.J)_.8.Z^t.@F.'...-...F.B.Z.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\402__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1022
                Entropy (8bit):6.637326544596365
                Encrypted:false
                SSDEEP:
                MD5:9EDA7ED17AD65C8ED7EC948B6A50D597
                SHA1:35FCADC1A71A1C927764F47D790BCDD52AAB6EE0
                SHA-256:14E4B8322A863E98149DC0A64CF847D0812E874CFF8DB43ECFF06571B7A14F8C
                SHA-512:254106498419967E41C7CE40C1891DF666FBC4EAB47936A54ACC5207A91932075B776B7BD8F4ECB970BDEA320A8A031ADDECB48F4E093E6D90C2820BE0C55E7C
                Malicious:false
                Preview:....~..."F..}26.t.qz..Z3.."h^.E.)..7`.Pkn.j....9......Ys.s..g...om.1Z.j.3....at.k.u. .`.{.k.bB\7.`.FY......C.. S.'.h7..)..m.y...o..(.F.U.D..Avp.4C"...q.*...yd...........AkO..&6.W~S..V&;.X.[.I#........}....+o......H.....P$._A.r....3.[.p.\.#.^......J.V+.n...|4.......F....1.....>...|.1........m.,ml.X...)@5) .gt.!a.).e.i..y..}.O.......d.VQb.H...:c~..D.....K[K..l..IY.hO.<&eG.0C...{..M.(......4Ny.s..$....A.......S..i>*.Y....@....T@...'#.e...Z....y@..."....f..x.Pi.*.....4.D".g...O<.CH...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\403__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1256
                Entropy (8bit):6.987942469535667
                Encrypted:false
                SSDEEP:
                MD5:F5F07804F97739B54DEFE8FE6B8503DD
                SHA1:D48C56A7970AA35117B5A6FF796B0AF086F5BC8D
                SHA-256:B4FB393A25019208D394257B194A5ADA04978B97D640F6EADB2411806179CF35
                SHA-512:B64E4D1F2090144B6036BFF618BF7FAE4E0FC65D99C77353D82BFDBD4A48C706AF43124C0A26E325D4E984F16011C2CF21AF791758262FD64B45AB1209D4E6EF
                Malicious:false
                Preview:.!.=E3...._......e.......uFL#...?...I..k.... p3O=.!....}<*s.DK.[.....u6..sxL..f5.0.8.o..V..Yf...YE......Cs...."...{Z/i......sK...Ju...N...1...LU1..J...Y.#=.~.q^o..73.E...}.\...F.F.R.Z.H!.t.I$e1.D.q.......`Y4|...Q&F%9.......7@^...'...........l..3>{....s?.h.#..;Z.z..p..\lN3.n2...|.N6.......B............K.".....^DQ....C.T..W....&.....g..........<.c....h..Z2..O`I.........F....oT...(........y.... .f....F>?.L..b/..)r7...@U.......>d0f@_...nj..JPy......H..i....|'.D.v..e..;..,uQ.]xk....R...*.3.;.F.&....l9..e.D6..:.%..sA8....2U.c...B..m.H.5..q.v.i....96r&>.=,.D...u...yB...N.JOY.u.2..Br......./tRr.Z....r........./...j.....Y..e[$..c....4.._e.I.}...~o..|..2.R.}.@..7...D...h......U.k....w.h...J...._..( N.j.f....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\404__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1250
                Entropy (8bit):7.002049457318674
                Encrypted:false
                SSDEEP:
                MD5:B5A7170641C6CD20E7507CAC2FCF551A
                SHA1:BA0E745B5F37C0C80BBE4976A66A940ED479BCF9
                SHA-256:188E2D8C060B9016B4B1293BD803D9602F0B610CF6E1F56EEBEBCA78FDE3248A
                SHA-512:DFA407D592FB9D08B1E6B23A24E8ACCCB7DDD8632C0B7DF6F6A89129EE9771EB55DD6266E1DB9CB90C78943D4F3B70A2C1B8901E3D2F62EA6CFAD0EF9BABDD68
                Malicious:false
                Preview:...........^.t..P.>G.#.v.I89....+Aa.DujM.....W...8.d..Qg...[....}L..90x..TNS.c..T..'.;..N{.F.p.R..K...|3.=t..P~+br.<.&.../u...S.....<.D....F.......fU..D...........J..Bj.o.......&.^..$..wZ..7.e.`..w.......T..u.\...W.[#[m.H.Q.._..F`d.+...=(..s.].?..QCn.A....[.HR..M0......wO...J)..X.Nl.1.}%."'.-..8.4u_Z[.k3.....8.rz.$..Y....]....,E..\|A.0.!.m......$.{.]c..!.".S.b!.C.;U.............."...nlz....x.".<.X.......j.<.'.6.J!hEg.I.. .G.-...^..nl..[..<.>h....\..L....Cy.:)|.g..G...=U{...=}x..o.......E.>.$....W>.G......~.....5..bz0.2.-......f.WW^}e..A.qH.<..y......(a..lVSf...5....-r%9..jt..-...F._R.. U.KB.f..1....#..E.].S..U.........E[...R..56m..T...2..Pt.....Xh...Q..O.a...X.b.p......s.(1$4.....N...../k^.4.)]...I=..6B460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b16

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\405__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1307
                Entropy (8bit):7.026043795012152
                Encrypted:false
                SSDEEP:
                MD5:697F8A0127455A514DF7B068B84773A1
                SHA1:078BD228D1B981260B5A8C392FBAE1F256EC9831
                SHA-256:14DD4E1F4DA3405FE18F83274CC1F0A5452A36C3F5EDEDA1CFAAFA72986858B1
                SHA-512:E4E3EE01587F80DFE9EA52FA40EB44D203F08F3B9CF8CDB84D2031E7FA1111B192C6E5D8EF55E3CF04A3E155C64629E9971C87FDCBADDC920C5E716150B3B32D
                Malicious:false
                Preview:fs.@(*J./..'..7a..0....~.PQ....Xc.L...2G?..V.,M.Ly...p....w......^:.N..Ul}.C.E.l:....G...f..2]f.........T...c_.B.8.c..4.#.i9.3...(r.......4.....}.a#9..3..i...D.&D(.5K26T...(.j^.30.-.............R..f..x.:.+...ET.i.>mF~....6..3p...s.R...]Ci.j...1.j..Z.....).D.w...K...q]q.Lp.sO...j...U%r.Ul..0T..`0.....m>.@g'Z.'..{....cE..z...."o....).V.....$E.!..p.],0=.}...9=.......s.%*.].......'f.E.tlF.X......u.k..z1..e..S..q.F~...=.k...4^.:.R..#g61.t...$*.f8....@.).cb.|...Do.Z..=..k...=.@.E....c.x...g..=:Vr.k.J.>...T.....t.yY.].DM.N....A...!r/. 9.>....-m.=5t..RZt...w`.|..s~.M.....V......9.h.GSre......R..b\......(.\....C....IE..!.......#.. .\-..6..L9C.....Eq.&...m..RH.i.........X...o6B....Y.....i...hc.{z...W7.]........o.^...@....[2%..jO....c.r.u.....t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\406__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1252
                Entropy (8bit):7.013275285497581
                Encrypted:false
                SSDEEP:
                MD5:01BF4D88067DCD4AC2A0A3DD2D497EC6
                SHA1:0B8E2BC0A51EEA8BC02AFE8E385C2DFFF77ABACD
                SHA-256:04A94F3A1C8DAB2C3EAF5859D2DF1EFD36F2A6EC976E3416871C673A190A5DED
                SHA-512:84F088A36046A0E2FB1CE606A0EC851CCB23C333F70E75E4CCF3AEF12E53F7F9DA6149D9409899EE1E8C724F0B16E80C5247B8C1008CBBDE1E0344A89A94643F
                Malicious:false
                Preview:........!...<>..^..".%..O .Q.`.&..Y.q..........\..>xKehH....q.v.dyya..w.K..2..>Q.....)]j..>~.~.4...R.......$...V..{t\^.......".;B8...I.a....Pl.O.........[!.K1QVV.!.........%I.Kj*r3./..B..P:.>.Z?=.V..FN>.w>..o.V.j....ni...@..nU..^.D..#w._.......z.4a..N.P....g....{w.Y%.....\2...f=h...h.../.k..)...[..3R..]....~..m$.,Z....P...u...L....j....*.<".l.>...[S......V.6.)..;.)-.U..9`.kia9..._.....R.......A...0..SZ?..H.(...Q,.c..}..gU...Ag7..2{.!.|.O.....:.:.]C.m.v...../.k$.. ...o....-L$zn..&..h^.9d.........H....b.^.S..f[.K.:...>.w1/O....`.P.r.@l...rID...^..-O..v.'$.......-...!...$$....].....S....n%..8i;y.&.bSo0.0.u.i.....?{o%..B....J..h.1.j.#.....81...6..=..."...e.....MT).|.=<@...~..p.(...x.u....|q.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\407__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1086
                Entropy (8bit):6.733123873651739
                Encrypted:false
                SSDEEP:
                MD5:E89A64FBA19337D11C218123D1FF0613
                SHA1:C34AC9C9972251FE97A864B784DF2FDC8E7CAD9F
                SHA-256:DA4E9F8B9799F4DA8E5C5165542200C76D5707AEC8DBDD538BC3981655525BE5
                SHA-512:DE550F784491C3962964381AA10D373A9FFF7AF90326B1E9A9D17831E3D3E52075923C4E68C71D4817671F0D31AE44C9E236E05E2111F063A699B11735659531
                Malicious:false
                Preview:,.`.......}.rg..A.e.4kE..{).GY`...../.AG....Dg....g..<_3..6.~~.y.]...~.V~G.C.9.......Xu{.p~q.x,..B&f*"..y.S......I._VM..rt..:....o&.w=...8.....e7B>..e..aB.=.[....0.d7.F0.....E.2..}.9~N..-..Y.h.).....o.D.y.A..,..y.I. C.3.`..C.yw;oQw..B7..}..C..z....H...pP...|..{...~....+..['..>EPI}/.>P......Z.I.1....|.#.(.6..........E.k.N...h./.PH.V.ng.7nG.@w..`!6......w.[b........)..2....COQ.G..c.|.m,./I..p.l.........a.O.j.7g.OV......c{nDm.Wa.gV.,O....^.:O......{...u...@..s.P...wG.W..wg[...5..4i...]...2QJMB. .MN....$...T..I.l.Y...h.`...V..C........?...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d9

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\408__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1040
                Entropy (8bit):6.619771902562502
                Encrypted:false
                SSDEEP:
                MD5:187BB1A91DDE21BCA1BD6B473F0B8292
                SHA1:A02CB31A3290015C9A580B9CFBFD482CC32FEC0A
                SHA-256:6F3AA0508C205865680C1D8E09AAFFE99A0796F029C1644C535C8910898FD181
                SHA-512:97BAC17AC6F00A353ED6048069E55D250F2EAB5E804AF703B88DF47B5C93C3896048273AC067095B9C353DFC8262600EFEC3EB701C4269976CA591306B27644A
                Malicious:false
                Preview:.!......"'.~tk.]..<.b.....Y.f..Q.46........d...p..iu.....Q.$y...MJ.TW.A*...+.5...J.}...+.3*...<\..T../..=...2.Q...v.[.#...7...|;.......5.F..'.e.V3y-.6..s....)$._w..x.CV.R.e..G6.,.....7{..|.`.;w....Q/.Q.W.....j{..8n..{.5..}.b.G....2f...O.../..8t.F.~..`...n.=<l.N.l"..0Z}..C.T\H....&...n,.....|.5..4.u................N;.`.Z..I.G>fF...'...R...=..(.e...R.aO...N.I.K....u[nX};=..#N..2..z.Q5..T|..X....4...7{`E .H..y....G...}...d...f6.....XA?......&N...p#....V..4....#..>....:.c6.p..(..o,.4s......e...E..V460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\409__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):954
                Entropy (8bit):6.451809372572063
                Encrypted:false
                SSDEEP:
                MD5:9B7685892909FB614E65149D3539E0A7
                SHA1:02C21A00392451CCBAAC1CCABE18A366C747A6CA
                SHA-256:10CE8E75DDD4EDA92C30057F149AB89E14FEAF466ABB486966C96BCDA5FECC82
                SHA-512:C719E3E11A0C95532DE95E2C58F53C4BAF59B33B5A77E619F58B0EEBAB41087CFF7F86200812CC3352B2BD85817D42D8FED7592EB3D9321984443BD00D057880
                Malicious:false
                Preview: SI"..... ....4..f..)}..T$.M.3k...D]...%.....?F"..>6.I...y......B...0E.eF...vn$.!;......bN.|g..xzX2...H",.[.y.*..@.P!4....[m...RV[."r..|R.....eg....0....%.'F..!.;.......Y.l..M}......W..}.W.5.Dd%...@..`.).K.O.........l(...n.pY)..z..4#...@.....k.e..<........D.V...2..P.c[.E7...LK...._...e7.I.{.B_U..c|..O]+....u.6......6.]{.......=.P.M......9..{q...l...#.L.....k.F..E.MQ.0..o#.c....r....n..).>b..\..p.1.F.R[.@Hq..<'.V%.]G.6Y.n...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\40__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1311
                Entropy (8bit):7.0630553183008296
                Encrypted:false
                SSDEEP:
                MD5:FBC2232F014F8CD9377216E79B6E25C5
                SHA1:AF78230FD15EE3C5F872F56C468A97CE778B1AF3
                SHA-256:7913B77E608613FCB95B5F1710E992F6CAF62D238E11A1BD463B09E89910D205
                SHA-512:1E48F381890EB6835E2061AF584691EC93194F79D5C026923E38E6BA33923935A5F5D8F47DACCB408536B0110563F786294B9FA4EA4F23A90EF115B1208BB799
                Malicious:false
                Preview:.[...(P..`1-((.d%)l[.1.....{..:.(.X.:9.Zq..~.?.>.F.(..d.<.....k..|_..3...~...e[.^.u..UQ.jZ.v.`..,......a..<Y....n0..u.|.7..G..u.O...d.~....!..V..b(&...{.$...X_...&...y.I..."",zz...nU/..29..,.b,$p.^,g~!."...E<A.... .....`.I.p..~o...C,...f.r=...R.._....m...e............_....>..<...Ww..^G.@.....t....Vhr$.Drn.L.C..}J.m..9kA!.S......3z^.B.....e..7.E"..NQv.g..u.v.....L...uu..|...<..R ...QSB.O.4..21.`!.V...T...Y.)...u.5">..y....]....^.nlK..l....}>.5.v......K.].y..4`@J.)....A....v......v.Y."Z`i.6..Zv.~........,..*.......L...9..,kEoK}.y..X..?b..iI,y3f.."mm..`s..Ta....@.rc..V.......V.[..b..S..%.}...j..k...T2......O.............@b..........}E.x"V..a..q)4.b.R.}.F..[K_y..4l.uWx$.?B.g.]...........l5.yO.K.....Fn.y)...H.I2N..<.....}.D..Z]...N.(l.U......c....Q.....e460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\410__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1762
                Entropy (8bit):7.422903567420857
                Encrypted:false
                SSDEEP:
                MD5:8FF8E170EEECB782C193E2975C9086C7
                SHA1:1322DF0E4C2EC2733638E62408F932FC47ED908C
                SHA-256:65545F0CBB878CAB3B943DAD5EA2BD8D68F411C98B2138688003B95303B4DDFD
                SHA-512:7F64CC90291FBFCA040E1347E018EBECE46FBFF0A6B0F44C027E32A0C2715BA67CE0B7BFFB4688C3A58E64F0C91E7390D23FD57367C874F7B2880517EB365C37
                Malicious:false
                Preview:.l.]..cO...6x..}U....."..)la*.....,#_...^<.\.%....P..F..+..\ .'E^..pz..(.o...W....^.$m}!._.Dv.#.,......[X~.5.0m......i3...w..J.rd./..|*"..>.....m....:.......(1.p.j...9L.df&..+..&u....).j...........e.Q.5..<*..4#......m;..._It.....V..;.....6...._.$9.x....5....[..4...{XhK......ea.r.+.+.f...|..>46.KKZ.,...0)...K...P........X...D.m..A.......s..v.n..Q..O...f.Lv..........C$^..\R....A.....^....L.DT.........HK......j...l.K..c..Q......M.......E.n...v...o.m......'l....>A......T._.Kr.0>`z.q......{0.S.u.._./.x.@..6..Z.b....2d........g..+......\..:5B..MH...;....)$.|........]b...n.u[.sX..2..^m2.....X.:I..Wv.m..aH...U....R.Nq.I.....N..v..9=....Yw...H.%.Z.Q5.$.....&..../..#..e.....We.._.R=...N......lIUY^..p..i.4b)..e..../x..Z...J.f..5..o.y..{z.,.No.Z.90........I.TR..iyd.wm.......Q....4x....?.....^.'.F....m..y"..V..........fg..Q..G.1...T.....'..?...y.P......9.*B..-..c..b).z...{B8w....f..(...=$.tk 5{J.d...f.{'..f.....Bs!...'_.F.YK.~..O3..[B...Uj....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\411__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1175
                Entropy (8bit):6.868433885367847
                Encrypted:false
                SSDEEP:
                MD5:482010130D071A4433FD5B67C25A81AA
                SHA1:84D050890B88A67AEB1266C71DB9E8C6FEE3037D
                SHA-256:6ACE6BA0A972CC552BF275C8F140119B379C24280C452F051E1B43FE8772B90C
                SHA-512:C47263F6F51A27EB899ED37F9176D811FA34673A87DBFC0ED7C26DBC98174318F9A6C1DF4D6CE8E0CFDADD10142B0CC05C1CD2F30EFB52539171223B8C7606D5
                Malicious:false
                Preview:(..H...je...Xx..4=..O....W:.(...v)B:...*.l.~%_..b.>..L..Y.Se...|....e..O[...B.g.)....Q.l.a.a#s.e.`i<2...C.......a..N..T[I..!8...o.g..*Q...;!;..)..b......OF....fCD.MH1...|..K.....i.E4......%"..!iM../..|d.?...b@.7.*;!.f...R...0c|.ZD^_.0.}.....u..JC29.<.{p.f..Uk.Rp...p.. .Awh4..F.....r....I.c1......#...IA{H#M-j.0...xft.<Q.....2t.*....X.../}}.....16....O.UxfC.X`..t.c...+N.k..u..WJ....-w..xz.f(y8E.g..y...X.o.*........H.....h.n............[G......?@...H.1w."..d_9...U......uY...I...<...RW........II(.Z..E......8.0.......3.V...vBwhh,......n.-...t.|..&L..@..D..x.%..1..C.b.J...o8..H..@.$...v....L..w...V....{3..G|.n.`^V....et_..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\412__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1169
                Entropy (8bit):6.941429093460161
                Encrypted:false
                SSDEEP:
                MD5:C3F5D45AF6B0D04B9791CF3887421538
                SHA1:FE4641BCDF05A4A1435D5481FD1011885B7DA237
                SHA-256:8C9456B79DB37742489178B028F6EEB6E56F7D96B29E72ABBC6E14F83A86B862
                SHA-512:C87C3EC0D8AF15B01740BBCFA4CAE8BEB943BE6EAC2B5ED8143D0660752CEA4FD9EC0C94897FDEE1C0B6972C8DB6294307B937D75AD335AAB5D8B52110F84AC7
                Malicious:false
                Preview:9&b.F,..}....G.z.....[".G....y3z8..c.....a.h...I...c..L;[.MF._s..o.}.......S.....k2...)..lo_....I...NwzW..z..j.>.../....P. <...3......K....6=nNR.9.x...EA...,.Y..-..uyP'=}...Vl...-...+...O`.~..z...i.....VK.'....s..3_...E%...`G........N.!.F..N..A...q.5....@..J.}...m.G.V..K.i.`....J.D.O.t.)l...%F.FbT.K...Z.$..U...V..qO?.K....N.Ju~.!.&Y..GtS5!U...(.J...c..q.3N.N..(..OCCx~5...?U.F....S.\..x/a......z\...E...o.V@..._*...y=.{.G..~.E.E!....xkA..?./.Y/.Q.h...!.{......h..l$P..p.?^..............0.(c%..,..g)...n.u...#...~......).m.S...p0..r#. .l.oh..4.V.s....%.....].....W....~..{...t......,.p~N.Z...p...3.......^....X..N\.......k.*.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\413__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1261
                Entropy (8bit):6.9531418549327215
                Encrypted:false
                SSDEEP:
                MD5:5C1E6095F4C005601B651F255344E6ED
                SHA1:1611DEDAD12964278627CFF56EA1C1A3391B6CAF
                SHA-256:B192E9F8A4FC5013399C46D33BACCB5B44F126C938205A7CE38AD5FF73F28796
                SHA-512:77BB7297FB6764D09D43CC813891315CFE34C4AE51D9260FE85528289C2C00DFF9B0FEDA522880CE08B7EE0E1E5E88E01048408E5F465F96020EBEA8FDD7D3C6
                Malicious:false
                Preview:)E.r..lD..;..z6...|.....98M.M88<..KPF.L.dS8.~H2."....v..9c... ...g.w.I.;.[..&n.4....G".!..<..B;.n.._..[....:m.....mQQ<05..)h1.ZD.H.8..?)..5.2An.;>u.6.|.......V..:r..pf...b|...x;..zA.N..~E.........KY....k.I..b....f6"3.4.....Xe...jz6...h.OI|...!...5....3....dh.6.U;.a...OS<.<.....@.f.MP..}.'.L.4./..gZ=...............r....f......"%_.SK.8..b.Ua..?c.....P</..."..nc)=s...pj..I.G..I..p._|....*.....:@[..8..d'BLj.*..h@..Y..f.R..Fm...._1.2.[..x......::0..;.Dk#/.6.h+.S>of.E.._.^.V..J.....h..{X/...f..d.2= .LD.\$AN...J..C.n...G}.@.?>pU..8.hGm.....B....&..4|+....\.T.!....6...as.J.Z:..r...-A/..-....3..c..Fu..|.{:.Kv>.m..U......UhS.x..iA...L...;..+..G.G.(~.c....4.BoC@a.f.'.T.x.]d.......j.$..+.b.d(L0.~}..r..I..b.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f6

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\414__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):6.71666654595795
                Encrypted:false
                SSDEEP:
                MD5:14B7C5BC8DE205BC7AF8B5A89B09D0FB
                SHA1:D0DC18BED51E477299FEC75257D227A989DFBB75
                SHA-256:96D3DAF2F46BE334EE3435F009392E266AA47F0ED60CBDFA23E36BAE3423843C
                SHA-512:574345EC6DC1B35550BEF4667E9119FB483C6CD21114E36EA7A00EE726E530147D17508250F1FFF870F9B567DE24AD2576D7CDD5E2269C78D5B5C13885B4E345
                Malicious:false
                Preview:.O..Z..@.[<rM...70..U.v.1.2..^?/.=LqX1-..].-Zr...]b0....#~..b?.id.+{~T...M.....T....Vt@.&.lw....{......^.V...@.0..Y..>..s>qS.9."9;.&.^.... PT...Q....!K..h-2..V.Y..b..V.,.)k.S..2...]..S.!......&.+....D:.O..8 <..%.F..<a.d.5."...6.....aD..x...H....'.s.....T.tSY./..l...T.......oEd....!..)....M..f....@.@.E.@EB..w..E...."...zd.........{.d.i.JR......qk......a;.~;..".$.v94.4>*.)-%.j.5.fT^y.FO.=...zHH....1....J..}..=.9.a|..U]..i..@.p..''.7..[...Z.9..\....N..k.x...+.@e>....-K$.8H....d.{)9N..._..r..aEG?t.N...d....M.P........4..y.....Ya(d.[.. O.~.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\415__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1041
                Entropy (8bit):6.661589278273647
                Encrypted:false
                SSDEEP:
                MD5:27589669C6DC4357E5120C17D53FB551
                SHA1:1EB54A9299C79E461C807A012DD85EDFA873B2F9
                SHA-256:3C8F6EB7CEFDC26A73BD4484B254922DF939D0FD4AE6ED983DB25B839DC3ADAA
                SHA-512:316A283159CA99EEE5FC75975320ECBFD813E880B4DB19EEE874B19410D80E963FBE343BEFE72CEF8B1CF6117CAE22D502F5CCAD96D7B08A7F33CB5F29014E8D
                Malicious:false
                Preview: ...uS..}.S.K......%.a....."...fx...vrn...L`...,....Y..8.(.ow..4.h>!....P........]....e]T.UMO.............(P....r....T.N..P}.&... O...y....P.....U...A.. r.4.@..=.46.a.....................a...`yY.....f."...|....Q.M.%...pk.......Vlg.......Xo"rfy.y..T./...1O.h.t].....z}f._.e.....O..O...T9.Z..F...>.!.vl.....p/....a.....xE..=T.....u...NQ..]].5CB...6..;..}..K.j.k.<R....g.`UD..d.b..5.Mq..eI.H..D.h*..1..g.C...m.X...^&.a)....l\.@.*.........t..]1M.8.%..K(d..T8Gh..b...&......dz..,n..|B|Z.M..G^..~3K*9`H,b.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\416__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):962
                Entropy (8bit):6.518352992477979
                Encrypted:false
                SSDEEP:
                MD5:2ACAF31EC9411904706EF4E7B9128C07
                SHA1:CD91D8A1ECFD90BCC04475032D512E0A89BD1EEA
                SHA-256:540304208FF8650ACEDFD6A3C6F8AA633A1EDD40AE281C93E4D7C4A986F8AFF5
                SHA-512:0AAB277EBDC5F17CC275490468CD9ED8BC6EAB270BAAB5F8B8918F0237BD70F7AFE28160B6DF2430531599DB030BD89C74F3F2536907759B05E96F9C29A7ED57
                Malicious:false
                Preview:....v....i.e.}#.4..@.........Sm.J.v"..<f.l...............6;.d.1J..@...@..[.g........~&.....B.m8.:y...I.0.x_gj.....P....k.lH.~S.......)8n..h..+.~..]..{...@.f.S.~.c..c...3..+^.N..8..+......$....c.......~o<."..\4..-...).<........(.T":oO.\fn.i...Y....G....~..?........).u.....>..f.Z.I.C>...d..T..MX.H.f/tr.u.A.d6..C...j....9v.. .....q..<...T3...tD...F.-.o@..z.,;*K.G.w.:.m.g.hSHkT..q..r..u.......{.L|...W.4....s.b{.i.T".....<.CvY.Az..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\417__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2142
                Entropy (8bit):7.573635608194744
                Encrypted:false
                SSDEEP:
                MD5:E61D2E529A3EDA3095E7F509701D89B5
                SHA1:D380B74BE6D84FBB933E177F70AD1ED34AAE2BA4
                SHA-256:96ACC43D7362F7882DEE46A57096B5AA3A51FBBFF7ADEABE451901174FED8595
                SHA-512:02BE67B95D5A0598A46C1F88E55889FB097E5FEF68D577E8407B265DBE9D1A60C3D567C66D1B1B9F35C75A793D711DC82F4CEEFA74982B703A395C829892B48B
                Malicious:false
                Preview:Z..U..J{........e..O...v[).).s.c.dgfA.D...<..+.....L........eh..&.q&...;.`..L`.5..?.....a6....../..}8v.n..ir.B.l..#...Q..h....o.c.o....>....ff.,.f....5U......^.K..irr...u.^G.9."..\..e..]s...K.......B.....kX).. .z...~..wL.=....yf.(U8.Q.v........chs..7.Jpz....j...v11W.1....B.e<....F.LE.&c\oT......>~......6.S8...W....uw.7.;....c...7i..F..#?..[/.=.*./..W..LB.d]p..*.....MG..f1..Bu..Wp.#w...).W..f.p..,V..n....i.7#....U...w.VV.l....r...fL.v.....{V.V.:.=.F.=~.(..{.0j....L.K.s.Z.Rh..cj..Dc..=R.?.BF..zaj....h[......l..p.f..D9.3L...$~{7.*..MG.,.]@.S.+.,y.iQ3wR..+...w..N..[....;..(q.m...:lw.\K.....JTC.._~<...J.....u......A..'.H....$+...(f.....$S.......p.@..O....T;......w...v.=,..>..<.=....U\..?..B...%.*C.F.N*k..zc...6...e.^....M.....s.|.Q...r2...<...%......{..+.S..Z%....{5i.Z.../...M ......z...f......T.p.X...X7....q.D.........2...Q.W...v.XYD.......l....4.Ng..........sp..6..w).u....<v.-nn$NB...}(..2."...^x...pl......U......3.s.....:.,..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\418__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1316
                Entropy (8bit):7.06209786440084
                Encrypted:false
                SSDEEP:
                MD5:C50D80A3E9761EBF29CBA50AAFCE89E1
                SHA1:F573982D82C8E1CC216E667BBAEF4949195D288C
                SHA-256:8E644253135FE5A0086B9324C8AD15A8CDC44DAD66BE2359D0183B3323319A0B
                SHA-512:1B2F6B714F953FB5DBDF631B6D8F4B27FEA6CCF40D63CA2B4C49F1A1877A4210ED34D471F6F834375E7CE4EBB79FF98706622DB1EA674457C23847E6E4366772
                Malicious:false
                Preview:{.}.. ...?.].....A......(..;.P,Y.e.C.0f.3.xB.;.x.e<Ju...6.#V.c|.D1B.1..Q.@...7..-...2.%+........A.. n...L..N.>.......!@......[.4....Yd.aG.`OYwk....X.)*........JpK]c;L...8$po0+Q.....&I..+*........?O..E..2.i.X.^hS:.O.....(..u_C...m..P....dJ.T..."{z!9.F+3...h?...K.9}..C.UD#e..R{.*.).{`H.F.z.>../.;.....,.x../P.ts.H8...".hH..=o..Kx.F.hn`..zr5.c..Y4bL.F...%..L2'......Uu.....`.n.=(.S...$.D..!..RU..D.....T.HT.e{.`...k.06i..M.2[..>.B....j..C.m.)[.z..`,Z^..!.8-) &...A..S)..|......1...y....J....).kab..-.I.i5.\7...a...//..x...i^..%/.f......L.m-.MQ...+..g.gH.&l.xa.?.x..P...:S-.P.......[~HL../|....?E.nS.......8.l.W.!v...g|2.p.b.1s.,.....p..br......AHPrsD'v..-.G..x6....kW..o.....m.t....N{...,KH....wD;".f>...~..=...o.>v.&J'Y,.B....m6j/....ew.C../..$..Q.c.....Q.q.+.M ..G..PN...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4b

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\419__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1787
                Entropy (8bit):7.427398540651463
                Encrypted:false
                SSDEEP:
                MD5:693FDA651B70621269F66573F5278D67
                SHA1:981FEFB4D919F5518984844E1083FC6111DFEE51
                SHA-256:4E3B369798D80D66746C86EA6679A9DD56795D9E7A67CFD7751DEAD37F9D92BA
                SHA-512:3031154B1245BBFF0178D1D2DC8501C683CDCF310C8426BBA3612A90B81122831C22D0B79F956FAB34B4A615CCB302423D029E3E645B1E7AF3AF9C154D8BA0D4
                Malicious:false
                Preview:....<T.UJ...r_.~...~._7}..u....GG.(Q....A.N.........H.>...d.N...z...TYX..h.O..P. .+7...W...~....e/h.cr..%....85.!.r|...'..qS.R...'.....uG...<.=...X.5hI7Y..3m..........\.^....F..a.)...1*.~....7....$`J....+.c...k...u_..T%.gZ1.....Z...WytR+..7......qK,h.%.W.W.n...{V....p.1x{.?.gT.T..I....q.:....7m......a..L...m..P..%!==SQ].Mh.g.e1]..9."..+t...h......OJ.......P.n}Zb.r.S'.`.}@...c+.G4.%.@^..%A.k..55.C..w.NNd..wYh.#W.p/I.?.r.&..q.........TZ..y,....~3.......{>..Z..e..+!...ks5..(~.SFH..[.....T.3.66...=X.?.-.[..K...P.I.n(..{1.x.6.....=.....`....r2R..-.u2..9z.-..-.(Q%.0..J<.g...;...!%...Ec.9.F.`......>."....t..X.l..3z.....<..S.UH...s..ph..=.........6.Dwqt(...:3...LG..*.y....$...Bg.1..1...v......N....D....O|...^.8n.a.....$j.`s...BI.....!...d&..m%....l..s.##Z.Lh.J......?K.u..m[F.y...k....i.c....,..(.$<......P./.WK......v..~.m.. .v..-.....C..Xs.^..O.....G.O..'g......9.k.o8.j...0.C."M.~,..r..|d.[(.....n..ggK..3:..@.c.6....&).P...u.7M..f..6.A..+.!8q.2.w...`.w.o~I.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\41__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):3407
                Entropy (8bit):7.781416336402898
                Encrypted:false
                SSDEEP:
                MD5:A512E1F486D6CA827427E66905DD7337
                SHA1:A0911941D771CDD3FB26E226937E50FF1D78C01C
                SHA-256:56B825277C5963D3C78BADC43DE06A1618F6C0CD0F672B982D79D59208DF8C95
                SHA-512:8D670C438634E69AAAF0774E34D65F17A641FD85C9D471A96B2C04A5DB20058C2866ECCF1783C5BB32345B16F5287A8053811748F7A0177BD142D2040E53729C
                Malicious:false
                Preview:..9....|X.6...#.,"z_ ...p...%......-.......5.TU..A0(..q.....K9.2=:.aQ2...we.T5Y.m.O...n..".....H......".0..PZL...hH5W|W....!-.9..5O...O.us3.r....../km...Z.F.o..u....<.}H.8....U|...b...f..... .....Gt.V9....p&..os...@'J..Oqid..q...:.....K.V.]...h.......U..S...:.s.F...E..g5.[.0....R...*.jr.....:..E..P!-SE.h}.....c..`.c..n..>.O....L)@h...,....bM.u..]..Q..Om.`..d..C'..k....C ...C....+...?-...RL-x....+>....*.5..?.p.r?..+.Z...'.j..5..Z.....Y..W.+u.....-..].].t.9........ .hS.%..T.{...l^..^...E...:.q.....Q<..x|....4...#8gU-a.i@.9I.#..Ev#R..v....y..e...6..J~.j.......L.^....r.%@...".Y..{.l.v.*........5..:..b.8.i.K.8...#.1..Z.U..o....\-.U...i........)...=qj...&.M.3)I.+.&..Gd.q.L..U........8..,..,s....pO2E.9.a..1....7~B..."?.^..q[...:-...7..-ZIM#.vc..T.A...\.."...S...uA.#J..It......4j.F.CM.c.U...4...nS.....+D.Y..~/a.l.ZK..l..2.......f.r=..[$h.q~y...H.4S....G.."....{..}._0.....\.%..P..K.<.......l....]..!b.n..\Ir..o-P.}.)..-...]wW.b.y..Kr...KCj..?.I..bt

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\420__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2844
                Entropy (8bit):7.707525167450552
                Encrypted:false
                SSDEEP:
                MD5:94416FF3E39486CFD8EA4F4F9AEFAA53
                SHA1:D033B7C11728CDA2DFF7125C783F44FF6535072D
                SHA-256:3C752F54672F3A70C65C0C12533AD3BA1B9E28256628F8C37B97945C9D242722
                SHA-512:1DF60B898821FFB84704F97426B5A0B49D13C43D49ADBFB4B5958CF529CFDAE05CFC4AC79304F91E7681C913BAD3F00FE90F357BADC9B7B7C72D8D86EBC92814
                Malicious:false
                Preview:a-5|..{..]./^...u.p)....-z.........c5UX]/..h....=cv..".....^..g.@.(^u[..uv.k<.<.9.......... ...n.m..b.B..^4r...<.9fU.......od~..+..........o<4.'.....S...K....1..3=1.S.. ...+k.3.} .8..:.}Z.4[...^w......#@..tH.......m........L~...y..VD..M...I.n.K.....+N....6..."..W..zmkE..r..u'4m.$.j#.uw_x.....[`>T...n`6..q.. ...I.;."....&.hY.N.~...l.[..X]..fa.X...L'LPA....Q..N5....]..S...R.L.....q....zr^~..lx..{.E.f..ci..4.3..|......1.3...5.O.f.@.`1A4u .`.AT.Y....,.}.s.f...w...vy..;....I-S.lL..t.1.~-........h...5..73..(.A.i...i....8.*.!..a.....z,t%...._.....I)r......W.....1R1?.N...R......\..D... b...Z.PO.y.&.......v..C.P...'.....y.._@...,%K.>5iW."..?.8!.Rmd.L0..e.hh.......1...B*#_C.....4LQ...`p+...ngRH.N..+3%3..xv.h.&.."...8..h.4..k..u.F.N.J.v...a.Yr....B......1\....o..x%nqS.........6mnL0U......`.f...9.....3...S.p.k..<%.s..do.Ee>..i........70.4...sL...(.Y.....:.......\0...x.......8..rTe..r_.4..K......./.......C.|m<.k..h....+......{"7..z....."..Yum

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\421__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2308
                Entropy (8bit):7.62665060594272
                Encrypted:false
                SSDEEP:
                MD5:171C2320E0322FB38381F5E801CE5395
                SHA1:5E7BA35BA31A57A8D85532D1B40083FA4356DD39
                SHA-256:DB2439729EC68345677F6F32889AD5E7E19164D90E389F9E0ECB1717D304ED8E
                SHA-512:0FF21280FD96D4C77431DFC730C73EC1A0EBCF84DB196ED2EFE290D7B18A8903C7B97A50FF669D42C9131708415623E9C5B2BD7731B587CA3AC48CDEEE194605
                Malicious:false
                Preview:Fy.....6....#...e..'#-..:6....!..5...s..I...7......N...0.....~.{ ..q.D.........H/.Y/.......A1..K-....?....L-C..".P...d..6.ol..=b..W...{.{...;..iT..Aj~.........n!.E.?G.1.2.w..=`.AU....,....._o.c............Mm%[.0KN.T...8,.K...>.....O.==C@.xt$y.rB.c...6..9"<YB#....Fr-J...C..V.r..%..H`d..}..K.).?.^.I..Jm...9.....~..S<.F...kJ.l..2 ..p0,...5.<}b.....r..K....m....++.....;^....x.z......g.n..)e..A..I..F.N.N....2J.IU.s~~.Rk+..|..;S."OCW...N..$.....&.*...6...Nx........e...[wY...J*c...B.UY.z^.v] !. ZC..5..R...9FB.....vo!..e..s.mh..k.......E..rz..w...H..[...&..p....7HLR.L|.1<..Z...0.....mB.,......U(..m.w.0x..[.n.B.A.=.....K..f}.<..p+...".CI`M..@..h.%.v.ENz(l.[..p..t.p$.V.D.y.7nG.m.(.@.D..OTC.]...O.hC...\.X..Vmq..j..I..b{.=.&.*...C.;.....eTH..bJ7M..x........>+ [eE5..............^.E.../..s... .... uLh.M.6V.5E.....z..z.......".j..+QgV..|.s...i.&.)..=..Y...g....M...9..!7.........*.#.=[.(?2O...(./......X..Q.)D*.B..""r..EA7...._y..g.2.........!.x.X..%W0&."O$.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\422__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1159
                Entropy (8bit):6.879587684526498
                Encrypted:false
                SSDEEP:
                MD5:7BB87BB6ED013EB7C2964F75570ABAF4
                SHA1:A21842C76AC36DE0214471045D647A4F84494B94
                SHA-256:6D02FBEB1FC60AFFB022EF404F813D1402FE061DD4D0BBDAE5026E9D0FC84918
                SHA-512:05DD13EB19AB017392ED1954B0CD2AF5DCB89765F8C4FD1964D8D4366382D128E90AF6920DC764CA3F1E9E922B19DF6B460DA709894A67DE62EFCF6A29A0CB74
                Malicious:false
                Preview:..H.....yg.d$B..]IL.M...[......J.o..F...b.Y..H.t..%..I/j..@.p....ue..d....j.|M=C.`.G.V...%@r..-T...)./....A.P.<`...@..$<..S._T..2......:.^.v.....7t.Q.Q..1."4=.|2"<....j.|.y-3 m....(].Fu.....2.JS..pV.....P.D.Y.V...'.'.C.....jI.DH..].M.8...v...nP..kM........I.L8...S.bd.`7T.tN..........q.=:..O..'.......zW_...}.J.....D+.}.:u(...h..._MXd.J...<....i...`..r`......;H.S..O....v'I.V@`...y...>$..#rJJ^m.#e......S........1..CC.....u..x.,...Jw@.K..Dxvx(O8.C..e..............."..=@...0$......y.FA....60....}0...f>g_...4.V$}eU.P.5x^...)`.>..........2A}.{.....c,.!..uW./6..k.....T#Wo..........jv.~.)!..cE.>._...@.F.. G...z...D.Q.9.|....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\423__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):7.006703974320744
                Encrypted:false
                SSDEEP:
                MD5:F43EB02222C1A8B0A5F7984591231525
                SHA1:BA08B782B658712D5E1ACD24AA0154145C653010
                SHA-256:F27219DDC10AEC8CE24307DC9C827167B245AE122A8C6A691BCC6DEA04B8088A
                SHA-512:C8B5F006A18E37C117093C676174C13DC5D4B2A6250E9F716DB05E9CBE99938ADB02485A900EA832AE859F64B694389ABE309776D077DF29A80AB54ADFFDC453
                Malicious:false
                Preview:....|..>.._.z...S.IEW......U.....f7..x.Z..J.uz....Cs..........5......|....9.G..~....X+AB{hB+........`.. %.fH.Y.V.y.r_...~&.w@..'~.....hj.(4..D.AY..........G.pA..@:...K@.Q.....j....L..\Ub.M...S.X*..tI..3....N2Q.c3....3/.^ADy. ...6,..t.O...D..FQi..P........3(ql..E....7.q..1g..&O.<{k.r}.*...@9..-P.4}......y.h..H%...74.....r.,k.7#-..}...v..!.V...........7.`......b.Z'1...'t......Yy..y...{dCr.R...n.....g..:.....3..QF....b}<;...c..^...[x.!.i....j.>..&).... .....g4Q.XG..a.m.....>7...1Ny..(@....F$.....].%1[:.i..o... $Ws..V..).|....]g...r.\..PVHH...:&.+..C.tJ...R....t..(.m.X......S|.zG7......+)s.s.=$..a).(.....5 .a.sekL%..Y..4....Ffr|....."..r..C...[..!...9.s./].....x..QG.:.t..'.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\424__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1240
                Entropy (8bit):6.958515286929291
                Encrypted:false
                SSDEEP:
                MD5:7500D1C2915C865B67453BED01E5B4FD
                SHA1:23FB9F852DA7A06B497BCC81F52685459A2BD92D
                SHA-256:F117D135A2EA885239AF5A369C06EBE4C301F8BDF38F8F604BA9D8151BDF2871
                SHA-512:5B66DCBFF362D3B426A80E4A9637E180536E9D2E0B35CFFD5C09A1CB4CC73D2DDFCBDBA1A6107F6805C0F2BF5F72BE90E24110A4E9749B27C193B8B4E2BCA7CF
                Malicious:false
                Preview:.P.W;ed.A.48.&..5Y..K5..+.EO2..X.j.J0*L+...K>z.yh./H.h}..t...'aA/..8..W...A...A.O.6r.OI..H(..+V...W.!_.7..^...y.#x.{R/0..M...x.~"h.g..3....GEg..b.n.r/.X....`H..|.81..Tf.!E.........q..0..f.;yf.n..l..7.:yXrL.F....k...V`.....`..I..kWb...0.$x:..L.lU.}".5..3#.S..}q...~..?...;.!~..E`..7.|.a.zt/....z...1...0.T.R..~.&....mtT......i.W=}.M..g.{.n.YTYm.y......S.J.]J...\O}=.l..N..av./..o..~..L.~........1....k...V;....R....m".^..W......t:.9sM^.5.n.D.[._`1...ss..BNNK..s..w....2..R..LR*..}'v.F.Qb*...,....m.G...8d...$..h..+...i..,......^RXdW..a...:....W&..y[S.BNN.)...6Lm"..N..D%a@.....E-.....k..# .To..T.q.2..E...B.~.ubfsD/j90.&.,.J,.li..._.2..9......r...H...>.)p.^5...U.V.o87...&....k...,460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\425__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1163
                Entropy (8bit):6.889509794264592
                Encrypted:false
                SSDEEP:
                MD5:50BE3EFF15E2B0A0717BF53287BEF008
                SHA1:75BA80FE4CFBD86D3345723E481835BF2C795830
                SHA-256:C4CE8DC5BF1664BF9C4F2C5E7D747A2150A4BD477E5373791855E4628DC032B6
                SHA-512:0BC70B1A0F87F40BF859A4BEBAB97184BBFB45CBE8F5789121525F13072FA21F871AFAB8934320D13325AD9734C84552742E49767EC267C8466D6E98C778945A
                Malicious:false
                Preview:...d..w.N....O.q..i...0h..M.FB........S(.1.m"....h*ais.x..bg.Hu.9.ys.A.....1LX}.+./.q..P...D.qzA.....?. .o..H..V..:5{..5...w....h...0.g.9.6w.6..N...q...M..q....f..E|m1..T.>..K=..l+...,.;...E..Es....;.p.N...L..u...k..B"H;..^+.x..h.$}..W..b]E....(.4...:.JU~.T.Y.;F..H.>.v.&...N..St.....V'Y.%P.J,-..Dz('}..m.W..]c.L....1_..z.h...l..u.ns...Z(.....K...r.. ._..W.......W.wh.d..KI.....b{....{.........M...[.....$.|>}R9.LyB.e.....R.c....G%/..9.f.b.lKS-Y....t. ....n.....Y-..@..G.!..7=y...H...;._PG..}..N...XR..-....R}%......_..'...hWJ...q..'..3@..K..)@MH........Zy.YJ....K.;.'..{.47.>.....!..B.x...^..u.^]^b.cV.-.3.F..qb.J..-.m.+{k..%.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\426__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1229
                Entropy (8bit):6.991618239686385
                Encrypted:false
                SSDEEP:
                MD5:7E007EE4A715B6DDA4377C891B3AE419
                SHA1:D6AA47636C2E613B4D18FA03559CE76F54F7B164
                SHA-256:37CF1ED53B5C1522F69FE7094EB2F74D3263CBA251FF2267BBCCB07642555306
                SHA-512:ED7C806D65841400E6034761B79B2A8713694F1029B5C0D860D1A29759C7F77B20D1D8119368E438DEB5867449D4158FF868EBDEC8EB491FFC017A3666EA70BB
                Malicious:false
                Preview:R]..ah0.8.SI..=.[r.....*:.....mc>..sc.1).Z.{..R..!<y.3..x.......#.kB..1....)Jm...{-.....(.|..L...m....=..U...<A....n:Z.OF......A~.G.<.z...7....n..@..E.t.t......v..T.f...n5#...\d..$4k..P[U..9.M...C... ..m......9e.....a.....*.^..Q>...p.{#;/..^.Kb..}?n..#Fj.{6.gl.....Z.Y-.:.Z.{..#;e..,us.{..K[!...=..s1.....%.7.!y..)...n.G....kiO.......q>.[....R8l........T.jC.|..............%..u&.6..c[.,~.n.#.l._..........Pt8....;..wq..r...1z.[.../-C...Y...>....8....=.....$...z.X...!.9.d_.....7.E.B..@..;..{....._y.+.3.@..-.D:J.u.}..........h.;..45N.!....R..p[{.&f .1..,...i.....O0.BG..l..l!N....AYO..-=.b6fXM..M(Y.7Za....}..z..(. ..`...k.%..0..'..F....e.w.@v.&MB....|..l..........J.\Vm.rA..A....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\427__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1088
                Entropy (8bit):6.704868940635003
                Encrypted:false
                SSDEEP:
                MD5:90A1B232EE5A79FC28CB64F5DABFABD8
                SHA1:5C9879E3602B88C47DC6DCF892FFF571A297A7B6
                SHA-256:9E5E2A3DD1771BD0A920077C3D87CC9CEFCBE8D64743D30CC16935D022B041E0
                SHA-512:DB060E14B342EF3784A5B71C55B2E6CC8AAD93C941FEBEBE31BB57D54D4E78AE268D4191A439CEFC3F3066D47D60B9BAB089269B11D90E9B6EEFA10EE3CD0CDD
                Malicious:false
                Preview:P@...~.3..a.8..(W......}...,....T..|.....6.....!<.u.N......q.<.}.fRN\...M.....uF#HE.k'bk......E..7`.7m2.9yOb.eG.....?.=..~..<..N..+.q8.~L9T....>.8X..a..K.....E.8|..K.....S...d....@..b....5]/8'....3)Gt.........aW..1<:.%.T.`Q....?z(.H6+.....,.Z.4.)..T.....G7...|V...6O...8.....^.0..wdQ....g...i..).L.KL..pIT(...,..=M..n.m....*."....... ..9..2......OE.~...*.w....O..>.;....3$4x.x.5.C(i.........z.3e.P..-.-).....(..d..9."...q...WZ..a..=U.. #......;..b$Gf..Z. .....vp. .8...Y..>.....t.g....^.....l9......._6..U...u.k..c.;hi.0...=,..s...'XM460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\428__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1041
                Entropy (8bit):6.651617562705115
                Encrypted:false
                SSDEEP:
                MD5:C42300F0DE3F3B8C27B1DCF9F8B1132F
                SHA1:2DB94FD5176E11ADCF469F93AACF16178A3704D6
                SHA-256:FB049358AE9515296FC723BED49AA777279A4AAEAC22FB7664C091DB25DEBB77
                SHA-512:64E93AFE85725110755D904BC3893D5DE3ABEA1305FE14E31CADB34A4FD8A6D2F0684C39163F38709AF88CD16E499C765AFF941CCD121CBC1119A51F6C8C7B02
                Malicious:false
                Preview:...>U..j.....W.?..n.<;..*....j.&g.BX..4...wQG....k.P...0a..q.Q.0.=:....7.a{..i....w.a...M.G....J].s\6..............vY.ym....x.....-M....a..)=.~[..V8,.x.=.[..kkK..U..x....?.....O.....G..j.g....[........q;|<g.....M6}_....1.gA..2\P....E..ffu.q..t......s.c...N..[.o.......DT.x!.......L.$...`..L.oI..]&d:.H5?pb.l....;.$PN.8..._...."..B.F.s....C.UD{.. .6...J.....r;....V.....g.7q........w..H..q....j..].K..5sQ...{..n......s...Qy%.-.......dd..B*'q.;2x.i>Ju..5...|.x..{%...F..4.vD..yX:....X3...Iy.u0L L..l..MQ..b.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\429__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.4588488218939215
                Encrypted:false
                SSDEEP:
                MD5:0E33EF242A6CC371D2D46B60BCC28812
                SHA1:1BE33AD6F0F173753AE60B0279B0279AB9871DBB
                SHA-256:B6C2E4FCB70117AF43A3101FF73E61AE11C959659AC770C4F1E6F12C35A7FE4A
                SHA-512:4086E7BEE768469DFEFFF9DE746F3648CFAAF6B401E30F5E215A6B4526B22B6A84661F00F84A03051F1F5293CE80BF5D8D0985B3A7274B1D68C2BF3F3866D9C0
                Malicious:false
                Preview:R.w......?.R@...z........S..5.4y..o-g8.5.....b.Fs....z....V.(.~2.&&..0.O..t......%..-.'..................!.g...uDRk...U.i.Q...a........O....p.c...y...F..!{_Z./..d..w..I._.D.7#..5..v......[...y.....K.........b>8,f.........@.X.0.....A..F."....@.7f.4_y]V..r2....W']oj.<..q...,_.....e...V.<....My....%.vDjt..Gj..B.4V.\..g..7(..a<.+...U..J...&..O...IP.9(Q[.k..:>...B..>F.M...,.&c.y.Uso..h7.6...RL.....\XEeof_..1..|....Y....2A.[w.=460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\42__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1295
                Entropy (8bit):7.0524448055365685
                Encrypted:false
                SSDEEP:
                MD5:2C29CB112309F66F93D00CF9AA7C6057
                SHA1:065B615E98B86983FEF6754A49A710DB86A67787
                SHA-256:64CD679248CEE953E076B5B1AEB36792D338C8828317C183D4D5092F1DDD5D22
                SHA-512:38F41EC5455719A4007FA7405C93ECE4A4A8E2D3EBB8AD55445B51D9649B009911EB6E1EE1112017C8BAAB088192F09073151532ADCC587FD85BF063ECC66BFA
                Malicious:false
                Preview:............u..'....\....d..f.`+s;$.....O...K|.."J...=.3..c:.H4...{.....g>G..U...;$..Fo.^....;;/..S.'G..(..c.. ..E,.R.t........ksh...._i..d.p..m.0.W*......;6../..$..T7Q..1.&-..l;..fk.U8h8.. X.}>*....NO..>.$2Z..C.&]....87.......XL.c.G&.[^.....T..H....R....@.m...o...E.Z=......A.Oc2.-H^.._...R .n*.`....19...a'#..1H.C.t...j.....u...rI.....u.....m..|.%W.R...[.UkT......#`..;{9...n...1w.<U.m)H....PQS].;......SP.f.vS......}f#k...K.....m.8y.....+.On9..U.f|&r....U....tU<.FUHEE.2.-.?^.KEC.."J.`.!....{..[k..t%.F^$.d4.F..{.p.....5...zM.1....S3.......}..7._o3.n%A.zFp.YC4...+ .O...)..... 8Q\...=@b=..U.{B...m.....B.....Lu..uV.N....L$.Y........,.A@g=q.gC..w...::>....i..d...@..!.5...>..Z.C>..8........n....8....uJ;...(...ZZ<......J...t.3.i.T...t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbddd

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\430__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1370
                Entropy (8bit):7.118552395768326
                Encrypted:false
                SSDEEP:
                MD5:34CEDEEDD590F2BEE4AABA980BEA19FD
                SHA1:CC7747AEC47C7507A65EF4B2988B788CD17EB6A1
                SHA-256:1A821E847DA699AEB7E53852459D6385A11D8E051EFB422F67B92C58243BE524
                SHA-512:9736570E716232BE36EA6317DA8A3B8377CD2DD9E7943FE8F47D2092743E09E00305E6A7747BB11C96AA2485FE61C637A7C4BF9AB345B1F7479BB5AF014BAA5D
                Malicious:false
                Preview:8P..>....j=...h3..{(....q...@F6.........C......o.`......H..te.f.e...........g..~.!M....5E..;.n[.k.d... .3[KU..%.h.>>^.J....qm......aZ...[.V-k.6..Hd...$...OY..)kn....b?,.E..^.......'#..7\.......c.D.k../_..(.^.m...'.G.f...4.,h<>y.~....1....[0../G.Z.p...q.L.Ax..'...G.x9.N..b.>_.r}m./L0.V%q.T..w.........C).Fz.....m.!W..].k..k.....X...............`/y.76"LC#xAc....6$`.K..e...|......Jz.0..;...T.[.g.%.u.t==.]D...7......x7..!...Y.}.9.<...L.TZ./...pq.....Q-O..H;.jVe..J<..xp..P.kBL.......i.sBzZjq.H.,M......(....g88.:.....$p.?..r.&.`.:-.xa.....].RAa..Ar...{. .S.2.n..f..w.w.].tq...#.o.c.....nf....#...7%.._^./..M...&....2...5.!............5R.41A..v.gKXU..,w....+........3F./y...H.....W.p|l..d.(&...r61.|+8.....i..d.U$.&..,.......:.%.e1/.._^..+.....K0.....t..O..18E4P..}q.....,....kC.~.!I..Rt.7..9..q.;j....J:.].7.w.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\431__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.073432762649795
                Encrypted:false
                SSDEEP:
                MD5:3EAD525B131E557318095F1CCE712326
                SHA1:EDBEE60BA4F386BA850058F82C095F55AF771BDD
                SHA-256:C077A6216F54C53621DB62370090DE5C3C04D745B7479E51049F4B18CA22A858
                SHA-512:1218A010BDFCD46BBB34141A18C168A23902C52CC21A435B969A9485757EED20D103F58209604CF49471DD037B9B293970A77D82EDE4BE34F30A8A8AA9F3C725
                Malicious:false
                Preview:S4.JXd.#.5``b..b...@....>...j..t.d.8..o.Zz....)C....%..8...B8...|.vG.S?.\...\....U..rw._uF6...|..G..5.(...O.._G..R..<`Gro..:S..N..V./..y.S..m=#dP.A.....E..@,.J...............V9...%...D.d}c..P.].y.wt.U.......>r...CW.1...u...w.....*q...&...h.}......O.....^.~./...:3/.[.....^.|.)3)..........*.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\432__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.971513086906548
                Encrypted:false
                SSDEEP:
                MD5:BEC6A7C555B10CA36B08FD496897E8AD
                SHA1:3E25A137158698B9B2F52BFB7376746F8FA83900
                SHA-256:ECE6311404B3169DA8A70BF25E908D454D80FE4BAC0A7D584F54EE994A1D1540
                SHA-512:C0B129056E67BB4F32E59293DA06D6246BE46F8D74A3B9CDCBA1BAA1836CBF44DF929E355D23C27484D7E96B946179888FC1C023BB42907D43D4CFA0664638F9
                Malicious:false
                Preview:3...k.q.K...(T...T....|.,.eG.sK2.}.g..O..[...v.Z..U.U.o..`.p.)...V?..0..C...lB.&Bm!..B...bXa.F1,...0.....`fZM...y.i*..}.......]..O.ID.....9....4..#.@.s..Y..v};.b......y>.g...|P.@**1.2>..nK*.8..d.d.W.ZP..3.9....................P..4.B....Z...NtH'..Xy./.=....>...@*..b.K.......0+....<st.C&N.\....+......K.......O*{6...#e.|....Fz.~#b.r;.Z....0.:...;.h..[.g......$.On.5...#-n..u]WH3.4v.0d..%:....hB4..k..f..Z!.c1\.#.q.L#..)x..7..V...Qc..1t.l.I&.?ZL_.X...OBjf..S.#K..Y:.+..y9.UqX.3.G......4....k....H..R..]."...Z.{.....\.l.....-U2./..<.93..G.....r.T.....L/.D..A.5.....C}6...r..:.d..C._.]..6.h.:..%./.|.5.+...H..@g..M....0"..o...f...k...$N.......\0....k........e........<.^..o..q..P.`..S..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\433__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1175
                Entropy (8bit):6.897813859637127
                Encrypted:false
                SSDEEP:
                MD5:83CC95C7D519B89DDD809BFCC93129D7
                SHA1:D227244C242D8DF03F2D511F5F9EDB5855321293
                SHA-256:DD436EB85078D369DDCDB2522DF200A16677B40E105017191185D9EB4C66383D
                SHA-512:E2F9F368BED28F0C8B912CF719B8F411B51471B0F5F5ABCCED418E4762A252838BF2DBC3EC23E6200C9E9B14588CDCD0E861F3437E3D3A5631BB59E6801C4A40
                Malicious:false
                Preview:......t.x.>.t...]*.XN@.;...V.6.`f.P..bV-+.TRnb.....bw.b.::../.s...q.] ........D.F...k4..R8..m..M3...J.....@.....|...'.cR}Dzs#.x|.ufBTm.b.q[%A.7.."^.J>..>..<.A........~....r.p..].!.3.97i%4.y.F...G,.s^.7...n;.0]#<~6l....r(.!Z......|..%......5...)..D....M....N..u.AGESG.[....ghg..>../|i...U@S.@..F]B.'v{..0...#@.K.;0..l...1D..R...+ON.8d...;w.a...Wy.k4..J.Pt.)a~.1.%..F.LD7.t+A.}iu......U..~)..H.&hMYs.i...+.......>...D.TO_.A..^.?S...}.....p*BEr...Q.b.}.`u27....$.1....!-ZJ.u.iT.J|.?.*.k....>..@.Y@.n......Y.6....^.U..=(. [z......(.rZg..f&.$.E..Y....J?......HT....$...)....?.~B...............E.v.x.%F.\..P.Q........XQ.J.W. `.pz.3^U.a...b.".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\434__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7624332673542735
                Encrypted:false
                SSDEEP:
                MD5:FDEEF9042773A931282FB49AD7A786D7
                SHA1:1F18941939551CE47D2FB2F7F59FF8021C00D387
                SHA-256:DEF616B59B5994C66B7AB1DC9B0833651BB660711064E177342576965B373998
                SHA-512:B5F09DE6C69FC75C7F6CE992730791DF0457055997934B382A884BFB81B1BB40AAB809E8E4A63EC6272041422B2B99CF56D0F4FDAAE1C12FBFBCE45B9851DE25
                Malicious:false
                Preview:..Q$3.&.[..F.=,.c|..J...@.K,$..P\(G4......./).:.....................xL..4.c V..^..;...........E.H2...j.!Q..~.X.{....#|...g.u.w.1....S$..n..-......C..=..$.DUy~....6....9Bn....Go......`=...*......i.D.j5'h...k.H..~...4;.l.n[Y....t...e...~%G.......B....;#:z......`/...z.yC&..>.D.../~6._e....5........+..v .1....f...>6x..-.(U...M......m4.....;g.l.w..BZ\.q....vrh~5..:2..dd.. h.......;.C$....:......MK|..O....n.ga.~.d...f.Z9.. .. -8..sy.'6)'...#.")....pW%@G.k.]....g..f.y..1k%cM.%...(..........` .....0...X...X.>+?y......\u6.cQi_...&..../..k._.Cd.|-/...L,..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\435__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.674412195484113
                Encrypted:false
                SSDEEP:
                MD5:1CDDC30985ED3623AAA2DFAD8D351ACB
                SHA1:831BEAF2269167FEB3BF61756694CFDF8FF40E0A
                SHA-256:4C1B830292ABBF26F4A9C72E91718A2DBAC90A4139E7EE3DA29B68CDBC2613E0
                SHA-512:6FEC4D4A8B4338B5CD1C42F7072234E3BF9C3C92F1237B0F2A63E4080B52948FAE645E6264E93B616BA2382724D3088A0383502A58B998143DCBABD637FC2F73
                Malicious:false
                Preview:.n..VA....]^.j.G..d.........%..aY..i.\.\......).e..N....]z6.7..A2..|_[&.p/..i ..J.....$....*..7.3.un.G.Y..3....J(..e.._.6..p|...Z......b..].e.M...71..`C....{.{...W..!..C...d.\.7i...nF..7........#.}.V..}.AO..(...r.O".#.].$.k>....=.S#.:.|TM,..h4;..D.'..P.}.Z.u.R.-.3.<,r...;T.0...5DZ=JI..,.....Y.2....)....9.'J........u.S%f.*.d.o..>.r.s9.eJ+.y."./....#~....]..K}...9d.h....(...y,?...1.r.. .).uj.>....n`.B..T...yH...u.;.?..s.S.R%f`^..niI.S.v.m...j.g....iU..UB..#Tf@Zn..B.3...;..I....W~..3.....[....Hi.W..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\436__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):958
                Entropy (8bit):6.476056514086596
                Encrypted:false
                SSDEEP:
                MD5:51A88CE3EA18283B13D6BF75B34EC707
                SHA1:3CD2D04FE72963DA55EE79C7C5EC2785EB99FCAD
                SHA-256:956293840BEF659697E049A9771CB00E597A915F7E07EC1BD0CFAD1F3BB94FA3
                SHA-512:7D04198B265685D839966048786514BE6597B7C3A5E14D93686250FACD3009723C00AF8BB8F13E17BA5E73ADD80907964DFC2BAF4369371614897BEAFDB68429
                Malicious:false
                Preview:z..F...t.@...H.G.6._...HX.B,%w1......#.tX.d..Cg.M.y0...q...9.&/...f.v.P].k.K...:i.3^..|.e5...zbf...K.n..........."s...)..N....^8.}.y.DYO...._........9..TD. .T..y..BU.YD).w^S..0...@b...7@...~.nT..M^..57kU.u..f..M...gFw...@..R(.d..2..SW.e..q.f....L.G..j...+{./......,z.....k.{U./..:?KJm..!...S...H/.bZo.......qP..s..)..~.99.."K...a.S.......U1..\4/. ..+...~.5.%....1T=*.....9...._.C..-:$...X......#....:...)?<.H....&...[Bk.8..A.....ZIX..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\437__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1786
                Entropy (8bit):7.430232774131321
                Encrypted:false
                SSDEEP:
                MD5:99BF6D43F363FBEA4D8ECB7C3E925A2B
                SHA1:9462A788171BED89A444C91B1A246DF1D92273F5
                SHA-256:D12E0DAA9B83ECC7E67960CE462B2E9F8E62A9D86F414E1959EBCDC9F2BFAC41
                SHA-512:449DD719D2720B46AFD096EBECBD5542213CFC64C91A087BD3FB42A956BEE98565F9562E1F37CE60F79F9106CEAA8F54950B61D7D1439E13FE22865175473A57
                Malicious:false
                Preview:g~.A......,.r....;..^.~.S.u+7w......f....z.w...r}....N?..O..7..fA....r.^.......!se}..Z)..i..W.o2./.3.......qz.....Ec~.....$Y.y.......^`.u...w.~Q;.mA.a../.....?L...'3..x.3.b 5.~..N.?..... t.tRp.k..7....A.H...K.]...-k...#0.d,?RTq......Ux...q"......G..9..v..?z.\..C..C.r.].{...5J.I.?..oj.@..F8.'...54M...`.p.Pr.....9.....K.-;WY".e.."./~(.......K`..z;.....]/....z.-..)j.$.[LD8#..2>.@.<1..j{.A#.]...).]..~C3.......T%..]Q._lg.@..f.0?s...Q-P...T.pl.....c.?p...6.q.t.l.3..L..G...^.W..a.(.d.16u.Xoc...........&..,].f.....+.C.r..w.......Q.m........-\yM.V..Z9f..U.k..<..97.6..?l...].T.`.5\..........x.:F...9.IA....4Nh......'.k.....X=.{.Q..VT...u-yi.pjH.B.>..p.......(.5^.[.(.~}.k.X.5u>.m=3.F...+.}kV-5n.......$..^H..:..;;.>..<...W..>.7C.?..>xh....ZY..W..{.XQ=H...n....%....3I.wwu.@./4..e} .yP).'.}...8.....x.g..|.a)....w..@..*..\.`'...i.H%....;..g...A3j.....T+....=.s.Q~.!.j.l..f..B.Z.}.m....m....b.S#..BAB..7..5.....%.. qO.f....d.6.....m...,.....x....f..I.I.x..E.3...2..[.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\438__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1033
                Entropy (8bit):6.661633447619071
                Encrypted:false
                SSDEEP:
                MD5:0CC195DB5519BB1CCE6B021D900BA833
                SHA1:58BBF96070F4ADCF9A0B22E509AA50132D4FF406
                SHA-256:1B47CFDD87BBA15A22BE55597E790BAA05655283B5B34CDA337354CF433FB661
                SHA-512:49EFC291AA1C2BEE11A8012CF5AF9EC7E5F60B7F4A29B4C86565A51FEDE9F435B79857ABF7C9B51E6205BD9998F9FE04F3BF4D604DFDAEF8EF1C06C1FC19AB2E
                Malicious:false
                Preview:F.!l.......7K.i.%...q>.XSsl...5.?B...b.NNb=g3.....=_vZX...B{..|G..3.Y.S.n;.......Q.3.~#.`O7@..1.......2.:B0.?.........A.Z.......5dg.Q...s.........Ju..hYI..C>....F........(.....V...z..+=mf[....!.,.!;c.x..]..Bb...&!?.q.i...8..\.w.'z......:.H....W./.4bP.,.....J...,y.. ..bn5.q*.Z..nY.XO......^......*.wy.}.+..(T..d.,.Y.u`.v.V.jL.Z..o.W..H..8......p.4.......4..../~W..j.;-..t..8...?'hB..%.D...8....&:|...v.......(..^}.....t.p,..}OJ.#qS`..u.l...."l....T.!...S.l.jX..;..m....Q...y4s<Cl=..b....4(.2\.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75ee

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\439__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1096
                Entropy (8bit):6.789272117537376
                Encrypted:false
                SSDEEP:
                MD5:E1821E02152BF2FCF7F62F9268CA6700
                SHA1:107D8A5134E53D845EA10A085012DE8CAB738228
                SHA-256:389FA8196E5D772D859B00C0750C9945BE114DED00955335A21B6E7AE7C322F8
                SHA-512:AAF690F52F2F2689778C941BD68F4DCAAFB2B4C279BB464D6E80555CF1A022A21DC211B40BEAA4BC4EC5EF0A430163821A4D6AB254CFE7DC1C052E97DB3478AF
                Malicious:false
                Preview:/.........&.W5.....x5_n....-.`.x.acQt{`pWC..3.pw.Tm.2.RR..2[u.........q..k.a[.H.$...6?..".|1pI..zw.......I.K..Ii...3.].".2Zl.."j..x.E@...0&.Fq.JE...R.....Cc.;...e.]..%....H.<...k..Cl.sNB..X...q.MJ.......?.[...1...{.n.......Z......@s&.J.r..H.^S....r).R...|..S....f.....>...6..?.T&bM..}.r..!.........*..#.?+6v...>.k...a.6j.....4.h...H.,.....gy5Z.....}'.~w.6.6l!.x...|....*J..9a.G..ok......!...FOAu.^.N.npt`..I..;.\.!.......Iv....*F.6........).x..9Ha.V...EF...._.d^r&....e..R[./W..M*..Y..\:v.Y.*t03....C?$.l......!I...=.`]nA.U.=..L.ttlHP.,.....!&.k...#...a..E....h..:.\.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\43__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2315
                Entropy (8bit):7.601340345434567
                Encrypted:false
                SSDEEP:
                MD5:087BA21C3A9AD5F06FE49E80CBA18E19
                SHA1:AEAAD60FE1FDAF97A091FE59908F30B3BB2492E1
                SHA-256:7C54CDC4FDB97FD6976646C13AEBEA466C88C8981369025D3158B40B504565BD
                SHA-512:0E3974D627B7F204DB1BB08AA3F1C5091D94D8C092FD71BD04F703CBDB84579BD4CFF3F6248A870057CB48422EA933C1CC836753661EB86F51727BB7C00B4818
                Malicious:false
                Preview:f(f..R!..nJ..C Fc*..+...32RH.u..X.0...M.A2n^<...P..O-..x..-\~..P..&.@..Qp..#......mj.b?..Rm(R............-t>DnPT6<..@NM...i.......9..+.....8.`.8..TV}.H3*B.N...w...........lMG.j.8N....#\....._..>mb.S.&...z>T.'J.P..W..wDL'9....=...$9.+W...fr....AOZW.m<..f.0.R.............P....v....-.....7;...g....x.P...m..s.<...._GlJ..E."><O...=..Snw3n~.....M...E't.mn..mq...|...S...R.5."./p.'....'..% zE6+...U....bnv7......D....it.24.N\-&vk.....o.G...($=......:.=....Y...)....(.9e.f.1(....kB.Z<....|...GT.S..t...\..9,..t7].oX....p...B.B...z'.."..3...c.R}).*In<x.o..WHs...;..P......[.T..X..'7y...(TxX...l.EE..$.;4......~z.M..+A...8.U.k.5xH...=........&kU........\.!.+...|B..].*.B.T..>.EJ.Z..i.h.BD..0...b(IE^Vj..^M..<..n.0.....d..A<.sK..*...#....b...../....|.e...fX....!.....Ax.l.[c..AI......\.U~.^.t......Cb.1..|....."....~..~ ...w....~..*+....zI..c....p.....r.hUL...;.(<&.y=r_.....g...E7r.d7%.....!.+..!&.L.?....i....h[..D..K./#w..~*.[%X.+.(,...T1fV%.....8!(....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\440__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1045
                Entropy (8bit):6.663947960841901
                Encrypted:false
                SSDEEP:
                MD5:476507593F2B222F64BEA38A04ACC994
                SHA1:D0BAA9524088F07B570436A3796BBFDD67DA0E2F
                SHA-256:40E096339B8C9A476939AD2CBB01D1FDFFAD6F3C781ED652FCEA7E7084E37DCD
                SHA-512:413FB36396D9D3C254864E3611F2E20FFB50042CAB00DACA76F561AFC0B2A1550FB96CFB444C011DA2A3DC8FBB3F5E8C954EC71F4FDFBDD97009CA2B37D02DA6
                Malicious:false
                Preview:q*...ae......E...z&...L.....S......_GFY..Dnc..;....../q.7....s..B'.O.).E.......e..S...O.....:.y.r.LQ=g.i....]mAI.n.u..g.).5........F..x>.$..Vb\_=z.Za..+[I.c.'.T2h%.j......P..H95.8`.l.2.0...7.".....vK.._..>.qH.A.@.U.gl...u.>.JW..:..... .....g5B....h..v.!.(...^.#)+^... ,Y).y.$.'..k...K.7m.....Y..]d.,>.._.._..AiY.n15j.L.).3.....G..?$=.2....a.G. ..y.C..n..C.U......M.2.^.5Mi=3.SM\.c...+.4..i..k8....S@Vn$.....RI.?&......^..Lm#...=k..*...H..c.7#.4W....E$.:.V...'.s..y.......AH../U.#fP!..P.t.j.n`.T0....,d.*.C1....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aab

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\441__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.494884170819165
                Encrypted:false
                SSDEEP:
                MD5:4BF1B099875EAE3863F2CD6EFB5BA501
                SHA1:6EAE23AD766B4018D33D19A8EFE68D0B9FAE8E96
                SHA-256:B1DB49E5B3DCBD2609788E9FE84BC3946B81BE4661CDF3C2261E3197DF4BC2DF
                SHA-512:D4B67F053A66A7478DE74BD5EA63BC2462A6226795E5E1C4539BF073828A2B311B44AD5999E338A51989D8D42C45AD1F9AB16AD1E20BA15AB837F1C97FAB6368
                Malicious:false
                Preview:..t..l..+..O..0.k..iX........p]..*-#7... ?.B.....+..Q....z...`2....OS....a:...4..N.9..>....K&.5:.$.......q.w9.v.2....u...4..`_+....$.+..rK......iT..W{.u......$S.v.6[.f...d.~....A..k.b...Z.....x..x..p..A|k...Y&.o>%]s...[...jc.Y...........D...v+.*q..h.4....O...GV....6.|A...J..ON<{....F.w5W.O....bD>.6h.K.)......a~l.:n..[...u@..o..GxV..*...,1y..r...q:,U.va`.3..K..A.....H.F..!^.\ .I.lm...Y....w....W..k3oi..R..B..b.....+.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\442__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2053
                Entropy (8bit):7.5228221412971825
                Encrypted:false
                SSDEEP:
                MD5:D853C76C95590A86C96878D2FD84C5D5
                SHA1:4EA4661311C1A4F39E6B5F4E5326F6D724C5EF33
                SHA-256:7A275A635D7FB16B62D842EA3D4A317D6294EC1768DAC97EC66625F87EC4D028
                SHA-512:381EC229CA547045CE4ECA3AF4789D6C6EAABD6FB179E3BEA181E0B5163711F8A29B5BBE9D7FF39DDB61F70F4379A8CE0536BE73E54F903121C0CC5C6522AAE7
                Malicious:false
                Preview:....D...U.J.!...j.g...E.[./.}...,..y(.Ok.5$.p1.l... ....\@.#cg......S.X...:Ym..~..k.......qr.......sa?...k..=*.......xP.w......#............`q...R@1.j...|..............1.i..h&9'".dw.....`_H...%..$.}9D...J@5>..|5....D..G&P...~.J.K.....H%.fy.[e....(m..+...AW.._....o....Q....rR#...b{...?....".}...G.,d.....o|...`].....N]...=..G..I..-...|..)...A0B.........@O..w-4E^ q.%.*.Lw..?'G....bD......I51..~mII.0.p64.\.7].,Z.-.R..^M...x.K.y..!.n.\ajsP...c..B+.*...T.....S1..N....|.....,Fa..h.(@.A?....:..W......f.d/P.kl.7.f.G{.m|k.hh......?.:6:V.e.b..>U...0..7...c.l.]....5s....s..U@.. ..mo...d..X@...~...[...0..g!..y.[H2..+..]k...&.>.../4jsF..G.#..<>..*k.K..j..u....b..n....;n...U%@_..."B..gh.XHO..)...o{.x....... ..5z5.n..........".............6V.....'h....&.R6.+.o-.x...{k.._G....}......<P.D}L.7..rr.F..Q.....:.....0.e,o..g.6..X...,..03......AQ.......9..w..T[..,+..a/...r...R.........p.orR...S.......Y..E......b../..g......D@Pjt..yz.5....{....s.;K!#QF0..NP

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\443__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1358
                Entropy (8bit):7.13365994200933
                Encrypted:false
                SSDEEP:
                MD5:DE3FFA86FF66DCA34CDA9A8DFF4478B7
                SHA1:E0CD671FD96AD23A539093557126286301FCAB8C
                SHA-256:6EFD4F9082DA694AC226EB88ED82BECD91DF4D24B6042F66384E11582C8B9709
                SHA-512:2DEC5B8EC5FB9B481DFF2F8F252B26AF2B72C52E6AA930B8D8A470EC050D02FE3DFD137C385F765D5E3D4F1431DD4AF8D63C47A4B88018311168388658D784B8
                Malicious:false
                Preview:.R.ke......gP......r..\X.gc.tE/a[*...LCF...>o.v......P,;.N.+..Ajq..h...D...`m..c...C(...B.....A../..5|Mp.YB..... ..5.r.h..}'....|...1..S..(\..^[.l........r.$wl.G..ec..}.[$$. 1#L...~F..v.%.E.....|.R.(...Q..pR.o"h....... ........;.1.m.w3....D...9~.C+Thz.z...NG.f~. .Coh..+...../...y..K.....<I.....,.....Y.:..O~.s.7.#.*.>.1.%Wq...=.'...m.....DP....H.-mi.Do.`).q97c^..~...v..*..f.......F.N@K.az...A.P.B.....P%..sZ.3.C...&..)B...s.?..3((..jh.......&...}`&.rt.fwQ...@.!..lE.4......`...~.W..c...^.9..-.....V..K._.!.y.;./%.&................6...b..m...=.aO..7...].s.J.9.s.nE.Z..H/w]...H.f..9.4.B.p..t:....0wo.......Q.[_.3t.}.G .....a....9...m..P.....3...h..uM.o1....5.(...8.>4..y..........._...X..'3...:&..<|....}R',.n....|...[./.0.X%.S....~...:[..X.g...%A.7....l.../.x=.#.......7.E.h....;....%.$.~. ....z-.%..GX.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\444__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1232
                Entropy (8bit):6.97930134258466
                Encrypted:false
                SSDEEP:
                MD5:AE3BC0557AC65DB0DB9097BE7BDD5DC4
                SHA1:D99F08F0E9EA653F85FA8D4A5A377D177BC5F4FF
                SHA-256:8ED5F246919C7C382B31B32F15E30812CEA1674AF487192B1E3DDFDD572FED2F
                SHA-512:982BA5320CACF3DFA35BDC0A234C541E79BE8ECA580D4D323E98A12CDBBB484AAF4B98EE6A4E349A6D23DDFD0C51E39C232557F73C9A26C49B4BE95B00568CB4
                Malicious:false
                Preview:........L.... .]........";...d.c.Z..@....7.....^......(.Y..P@V.p.....tg.p......O!........a.....m....G..Z4.m.z....zL|1....W..;...=.=....P../.......}.,...L...O_Rey....>.vZ....S)..u...H.....lFJ.....'.H..O......YQ..}..mw..... .}d".X}.3.,.2..o...*.......Z1.x.Z...t.Rd[...1.....:..........Kk.....:%i...;.....c.s...W.kQ..$#..tI]....'..U.$g....mtU.z.....]j.]K....5.,..y..L|....._>cI..$..........p....c|..1.S.$.`...... ._7FF..._"o..@Z(.+Kc.....yA..5...f.UC.D,}."5-6..4.Tf..rV+..5..0?...<.._.~iq.t..2.."....Z..9.wo}.k..........|EJ"Z...1.\(.v..H;?\..(:v..#._......!.M......|T..leh..H...L.K..R.!.f.&Hk.....q...o....).7.........Y..v.;..L......E/)...7.t|..j.....x_..z.:...u....?p.;.w.J.S..2.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\445__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.7688833305048375
                Encrypted:false
                SSDEEP:
                MD5:F84901AF5329563C4E9FAEE70151A2C9
                SHA1:A04FA49E913563D53FF87E58965A02614F6D6089
                SHA-256:8B8A1FF1562F45B3E200376784572D28E8F12A5F3EC22A4A99A91FE75444DEA8
                SHA-512:9A9CCE7247E85E1830965E6A4CE60006A99BE4BF4E1C9876F5B688B5945996829DA8EA148C8FB43CF1C3396A2C19754B5B1B01706696389CB43758F7AC26EC51
                Malicious:false
                Preview:..XN.m_.&w.,i.K.._!6.....K[..f..m.K.'\.2|.C,...4....F..gp:.2;.-..._......I...LTO...z.p.f.Y.Ts.C.HSN.'.yA P...I`.....U..Mq1.oo..........U...Q..[...n("..j...RZ...{!...=...-hu.y5p.g..uJ?...9!...*@A.Q..DQG.$5..;.n....n.u...E.4@....#...My...\...;......*.R..Iy.fI5&.i.....m;.u.k....aip.y.{g_.}..&.....d.e....s.?<D[.`R...}...V.......(....pVm|.<W.T1.QaS.V.../.i..;n...6w...M.DN[.R.e5..\/[..)...*...".....W\.7..\......../......\^.....3%..J.F.*rg!....h0*.6.Y.%.....;..-%....Ao.....6..J.S...1;N..U4g0....R@d....uEa...d.4s..r.v.....s......Vt.N..7.k.}...lP.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\446__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.63782859763797
                Encrypted:false
                SSDEEP:
                MD5:D1907D857662634B645578D6638FC93C
                SHA1:E0ED46CEB1358DC63953A2F89D1F319136632979
                SHA-256:3F93C1BA6D48EFBF36CBCD6B37A5451C9A553AFA35239F03884CE75128A77DD3
                SHA-512:B59462B3F041E0393F789CBB713D6B58C931F8A0F691ADDC18FB37C7DFC6D976741C5F9F266ECA98A8258CD48FD272B747E94C13E8CC7565F5C7EFE251AC41F9
                Malicious:false
                Preview:.[z..S.u.?.7..7.......-....NO)[...=.Tf....V%..l@.3.D.n...q.o.....`.R..~z.;.k...4..UZn..g.z.09...5.y.....m.....0.}...(....^..i..pg;.>....\.#2..tFD.|....v.3..Q.-O&M.&......2$@..,.h....}..L|..}..vT...`..yeg.<.N.@...i.3..;.....(.b.2.l...0...E.8.....u0y.f0.T.g.IS|zU.qDe..|....*...P.*-sU...=./.s.}.Q.......<.d.I~..|oU......o$...Y|.$..Pz.s......4!O..P.)...kk...-R...#...2..^I).t..Y.%zH...T]H.....f.S..}...jt.....X..vm......8...'.gu..>.J...o.,.|a.bN:.}S*....+.)..^...s...V.p.1h..........v....t./.B.9.\.Gg.R....v..v\460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\447__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.4529047396064785
                Encrypted:false
                SSDEEP:
                MD5:02A3105A0683A2248B2C3A776B52F65C
                SHA1:88BDAB90BDB95E5B21F6751BF00DCFEAA4D3E096
                SHA-256:450DBF8D70912B40C251D8CF88CC000782EB478790D2D6F6F8CAAFFFF9CA7F05
                SHA-512:E9F9B52F86155942427E7F98A44FE0B3F2D75D7A57CC763371568D35AA2B6C04C87575C74723063E1B6BB77F3948329A5E316DB20996142BDD4DE8B7C9C9842F
                Malicious:false
                Preview:x....Y.d>...Of...T.........QL.(..oE#b.<..i..@#..3...*d`.Ix..S.R..3N.V.....uY..1.{A/..s..PBu.c...N....y..TH<....i..{=.I.........vj5....L..j..O.7.N..D<....Qv..|E.Z.....3.aE.e.4t.%)..ra`..9..J_.&v0.Q..&..=.....;.2....A`um....h..%dq.^$..M&...y..(.Q...p.kq2.....x.._=8.y.h./. ...o....Mt.5...k)...P.=.U...!d..oz_..P..Lo..n..m.y.....^..<N..a.Bt....*..........3..T..@.sm.....dE. .P. .'/....).....u.8^....O.....&..Dw.....5..3..-...".460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\448__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2724
                Entropy (8bit):7.68610411453995
                Encrypted:false
                SSDEEP:
                MD5:83B0D65963CEE899CABE0E17A78793AA
                SHA1:3208DFB5626F152604BD85C67E6DE9456B424E8A
                SHA-256:9BDE5E5D56A2454A53D7A09CF51F1456165BBCBE0801F704402B4FFAEA71B696
                SHA-512:6C2321AB3778697E6CA62B4FD5F9967CB09BCA586876E3B49A812AB96C1FB52B25C43FCEE98F7E8B78708C8D1A827F8519D117AF9F6A53917EB2812946D46FCC
                Malicious:false
                Preview:a"....V}w-....YS...m.0...s....vC.:..=.t.z3#'......L.L]..t[..f...U2E.....T.V.3.`.....K..v..M(3".n{../...P..V......A.s"h.;.n9jA=..8k......BS..{#..`9...:QHsz...oB.......oB$.':R...........<VM.....1x.D..$}S-.<w..*{.._..=.c..<1...V..U....`...Okh.K_.\..^....i..s.V....B~......fk]6.p.{.)...1.i..g.^.o....5...L#.0.r...V..VW.c..KK....\v..].....S.....mC..W..G{.....E..U((.}.'vzph..PA..)..+zX....P...N.T..ZU..L.#&.-.....OR...{.E..Q..._..+...)Fv....N2....Yl..)|\i...c./M..?*...b....-AyUq{.)&.....zG..Je....}C*'.;.T.I..Kq%..c$.3.g....C.Ba.pV6.?.S..W\...j..kN90.P.P..;U)s...P2.2.$.ty$.8...x]..$......x. p......NV....%2+......e-.....@....T....t*.3..kYw..H...:^.Ub.>..x....p.'(.MT....D..C.%..W;s-0m..3r.....5j..a......>XIs..N.|......\..Z&..+.?o...I.tH....B].8@..9...../.........q<$K.&..NH..Bw.%..!(eP.M.~.#E ...S.....(y.i..`....'..f.=I....._,..:s]wj......./m2...|.;9.f..X....*5.c.`........3....CZ.A..J...K....bK..*x..%$......K.0.f.N.....O..]....l.....&g9.=..d..U...{..4.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\449__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.023216840114311
                Encrypted:false
                SSDEEP:
                MD5:DA83D98AF404D827BBB1BBFDB2EE6869
                SHA1:7DA57D2937D7638F70FA0AF2F63D0D07EB9C767C
                SHA-256:7BA44104FBB0731EF8E50D4C4EC35309984661EF3D84DDDCFCC38F04237E65DA
                SHA-512:953379538177833ADB55512A3FDA94595940CD07574AB10D32787C4E78B326FECDA81A72FEC915C243BE63D86A11026BC8D44DE851C0165D0F4013B44758F070
                Malicious:false
                Preview:..V]...e.. e...[-. .."uX.|G...d..T[.Lu..|.?..w.........P..`<.3Wn..yY.o..7.,$~..Y.P.7=)Ck...c5.....W.../...n.#O~.>bf.O7....N...g.XSJ..d.....y..oUf..a...A.....7.2.[..;Y._.G+.L.D%.Id'...u...y)..,.:.?x.&.@...x...c..D$........i..4..D..U.....G7.Se...e7...89.b.........&.......y...... ...W..I.....q..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\44__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1089
                Entropy (8bit):6.690542293941946
                Encrypted:false
                SSDEEP:
                MD5:66290B50888FD4792C0123B6564EC659
                SHA1:6EAB94D6FE8233349592782CB17E14CB636860C6
                SHA-256:104767410C437AEF6D80D4B3415569EFBBE29E93DD35DEE4D9D64B0FDB7A7C14
                SHA-512:9F9F8E816B47C2DFADD73BD67315A5B367B2667131141C38457C8178BA251061F9C38D72BF93AAD73F273C12A526A6064C05930860DBC47B1A4FA205F6E7FD27
                Malicious:false
                Preview:...(g..7..s...C.j..Z0p}...z..~..-.........d.......tVS4.u.K8.]..G.fA.h..!r.F.<d+'mH..?.H.?8$v..C6;u..xJ..z....a.t/3.N.P.UE....v.1Dx.b?..Mb^.V../.=.6........V.b!..%..._..s".%~.\.{.g#\...pW...SX..v4.u.2...4....Q.vk..2$.w..Bk...w.^..0.&.......&zs.JF...:aQepKZ._vr.....E...4?G..............q.-...D.s.?w0..w>.F&.s.....g...d@.).fT`Zb........._Y.Y>fr.........A`i4...}ZY.U...).......7..........#6<.7..V%..m',F...K`Q..EG..+.~............C).c'1e._...<....6......F.....7..'..'R."\.Z.o..w9........\.v...3....D[F..Hc..1....Wh.}.g4bY..X....^...d...Sq..E). P....[460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d5

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\450__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1219
                Entropy (8bit):6.963542565769617
                Encrypted:false
                SSDEEP:
                MD5:FB754BB8159B82B660C9903543EDBA79
                SHA1:B4C857DC99BA6AB9EAA6921E25B0D4A7D1FEF08F
                SHA-256:34CC5FA676434154C611FFD3C59D51ECFFAFCFC60379E1C818E853E99FE6B2E3
                SHA-512:87FFB38E1141EF9F9B91DA79EB80175F28BC5543E60DE9A7A723E729C96D96222F3D7EF1ADCBBD1EE0911180B6797A0F01192425762DC58939114BCE47A566E7
                Malicious:false
                Preview:`[..D. ......(..?E..#..H=..".....S..k...+..`....EK.>...>b.....z.?.tv:.8.89.8M...Y.....-........T.+V..e&...[...,v...hS.@A..S..CI(R._..D..@G..w.9e...\m/_.j.V...9.].40.3..,v.o......-t.j...#...H.E..nEb...=qq{|..x.K..BI$.9..MD.w"z.#..&If_ l.C.f../.6#8...x...4<..b........v).L}.UL...y.......{.....G....k.?.S.&*E.P.....q..YW..2.Y.S%..yAl.C.\.,.(..2..#.76_.8...",.#...|.v.....N........8Fo.n:.a../#.w.O.A..cc&v.?..;.R..L:.........g..Wt.5...z.,..a.+f.Z.0..B..............;...@">...P:.v..~.....S..*...S.xv...S..h...........I.g..........q..$K./......G...93{..?...VZ..'..:...~d.k...#.Kn..,s . .%.0V...OL.$.w..5.......`.\...}'.....UY.....L...*T.|...M....n..q.NM.g.l.l.`.?.}K...1....P.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\451__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1775
                Entropy (8bit):7.435983601419654
                Encrypted:false
                SSDEEP:
                MD5:9B9AB424C1B7E0384DF38EB2711CE40A
                SHA1:D34D40DC30C1FDC7FC9455794C6771095814B616
                SHA-256:381A218E7E13C6FE5F13D8617204865B5C1B06D54F5CB6DD75E9979570687822
                SHA-512:8D79026064AF32B0FFA4677BE0DAB89981274ED7A72D66DE0481DCE1D1E852AD500FBD5E993EC2B3E64E18E158F01099D3B882453B5BE35FF206E83FFCDC515D
                Malicious:false
                Preview:7..'>U..}..p.?.?p5$....eh....x8q......5..g..#.W...X....f..}X...SUe^.l...SS...wg.c.D..FE..}.%4jq.f....{((.6a.n..&`M.....w......../.;l.lh...........'......=spN!....7.......O].|.......(..d%JG_.'.:.IP.{....'.v.x<;..#.h.z.9....#Q9..a.\..\Z...?..~J C.&n]......s.h.ZK9.%z[Q...........iP...$u-W.-..Y.......Uv..Rf..MKw.]`..0...).ho..l.3..+j.1.&.......i`.i...%..$v.Q.#.r5.j.Y=.9..<.........D.o..\.N.S.P{..srO2..I......o.p.8.....j#pq.............C...&......@.j.a.O..%.oa.....j..M.)Wt..m..y...N....f.P.R.VA\.b..eg...R..m..*....vM...N;....dZ..6..%y.-..u.SM.oW.m6/.......,lN...*...l&...\a.....1|Z[.jz...^lW}.Y.q...z.>.q....MM./.2..m.K.F.......E.)B...HJ.V._...5.m..T[.uV....i..`."e.....Ec.bf..UOPA3...k;vo.@........'.l..?..)n.6..H.L..y..Qf....UjT.KK.....{../<...qdu./.=.:.?.Lp=g^q.......3.....#....G......y...,Pi.....j..)y3T....!.....w'Yl.....Z..g.r....lr.~.7.....G.4.K.....Q.....>...$hx...q.i{..@....i.....;......A.:,...<.Z..2...OH.x&..F4..7.1).......-.q..v...#..

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\452__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1158
                Entropy (8bit):6.860462196767179
                Encrypted:false
                SSDEEP:
                MD5:2A1D8A65922F1A2B0EC14A60E1199F83
                SHA1:71FA10E00D1442863A13C994B6EB93F35DDDE5BA
                SHA-256:82AC300DE4BA627DE1AB2CEB6D22C1D20995841DF2FDC28AAEA3076D3DBFF036
                SHA-512:9A4912AB1ED107C521E525CA6443169DA3246E0C9F4D1DDD9FF8A88883C6A61C372F6D199EB256024A0E11DFBD634DE9C4D6B0E67379C6C4FE244FD8C4C5C0BC
                Malicious:false
                Preview:..|#&.7..%.....c..K.....2...Zt.P._....[.C...L.)<..p^.]F..].`.V)...1.<..z.......n...S...`...4.\..6.....Q),..z......P,...w.p.O....,E~=.Qn.I...gt..'...b.#.W..... ...pT..I`...R.*....R...=...]KZ...%....3....,.....d<[.J...&......I...|..Z...B...n.!...3i.b@....'.P....D$9..].8a..;3E.E:.7..i.+.w. q.. .....$.'.=>..rf0..}.E.!...r...MX..|.Y0.`...0T\..>.;9P...C.F.G..x4C&..R.g...'.9..t "[.......*..*.i...&Rm...V..3.........(..\...B.3.......M#;..K./.L..h.,?>.(.q...F......y_..g~..\$.....si:z.....W.J%p.=..%.6.(>.u.8....Qa+.X4Fk3J.KD...f.\z.{...I.j# a..}sx..r....!.%.Vhi.m.g..7....6^.pM.W..x2B..a......).....7Z..>.)..........j460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\453__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1156
                Entropy (8bit):6.827886338823764
                Encrypted:false
                SSDEEP:
                MD5:68E1FC562CB6DFA3D1B97E109BA7BC08
                SHA1:199109ECF474B45FFEE04AACFE8DE4723D2729E6
                SHA-256:85D008AD43CCFC315D7156D67335915DD9DFBCFBB54F7170E2FFFCEDA99F2147
                SHA-512:D8695F9056D298092699993DEE573D79E5BBB0FA84B16B94CED972B95BD51AB5C12B070FF75BD04795B9A5F39824715FFB8B219AB2E7F0825D7253B99ED59E75
                Malicious:false
                Preview:..l..k...V.6Z4.a$^....HM.?V."...5$.PYF......la.=......@...z#...%s...3\.Rm....;N\.......y.C.....\.CeiA.....].~......m...;E.f`.....X.V!U.<<.v...T...]z.D...*r...p.J.Y.......+.Q.{....X(...._.......].....r,.v.1U..p.u..C.....A..[.jLc.i..b...B`......Z.....0&RW..q.-...v..[..6.Pe.....=ZA...*.".f..P....3..]..1YC`6.8.Q.6)..Q$l/:?W./?..5.S6gS.vW..TSW(...&....W.@....Q..PE......9]Z.F...1..3gD..j0*..P.....3.,?.*h.a.9t.d..ef.c.a->.eY....?.Y.........0."v...j.%..+..{......n.4.g....g._.....V.2...8..y$c..R7^5..$...2B.I%#.F.......@..M..Y.g...O.2}.../..S...p... ..cZS....\!t~...a`...g.=......P.+.Gw..M!!..b.t.{=<.y....hg....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0ca

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\454__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.908089923654055
                Encrypted:false
                SSDEEP:
                MD5:E572BD431A50C617F873304643EC97A9
                SHA1:36383F212A9214A8CE6DD09BD64CE39F7C57A1B6
                SHA-256:A8CF7D9C964F78A965B5F1E88CBA75F6A8644439102D00B40626259967026E7F
                SHA-512:276FD59A3E5F42607A59F334B1040950EF721F7D6CF01028E0829CA0D6AE19A70EF98943A9977453F3441001850D76A0212C053285C18C40AB126530B375E9A2
                Malicious:false
                Preview:..U.\o.)^.!;..~..Z......=.3..$n*...$Vt.....3.(.1...t.].1D.j..U.g)<..`..9.t...<.......p`.%P..@MI5.#...M.l...P+C.......K...y....k.....qt.1..3.m.R.....R.e.......u...K."....k(.EX..K......2....pl.h/....{...1.N.'1ED.f..~...QK....5.F.|.[.pB....P4.o..v.\P+.O.2)?.C.......-..]]2.....$Ip?......T<.L..a..%.).Q... .'.f....R..c'N....... .U.}.H.......0-..,..Yf.W..oR..w....(%.gxm.}..cH{....8k.D.ig..w...4...u.`~.5....B0....u.i.[..(....`..`.....V. ......|..?..I.g.....?....S9.JN.K..w...o..9.@ G..y@.U....-f.....K.AL....z.5...!.......1..S.A.&....C.\.%.8...R4i.C.^}[.eE.GL.~]j.m~.UtH[..[>.U......"..V4v...bK..".."U?;...Y.2.6....qx8..*..H460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\455__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):998
                Entropy (8bit):6.50784951861997
                Encrypted:false
                SSDEEP:
                MD5:1C66C417D0C82FB0F1C851E39FE4F972
                SHA1:189097AAD03F30DEAC93D9F5C05BE03ED6F1006C
                SHA-256:7A0E5A56A7A1EA3E949E8C8536FA3C45F8EF5E1219619657626EFDE605D0D064
                SHA-512:DB4855460BC087CE796EDEAD648B25B86F842617ADDC0E56C2425259C9F98A91EA619DBD72620E9DE3CF813EBAB67663261024AC5F629A5921159BC2CBA65EC0
                Malicious:false
                Preview:n...n...<..%...._.....k.....e.*{.8".9.....6..hD.^z.|V.-.!.lgI.p..u.vFi{...Mht.Q......{........*1 }.{.%..#.p..*..)....z.c........\t.[.1.K.d..RDmP.]M.e.Nt..:.T.._.."?......Q..k.c?....|..5.u0......JC%.u...O.\9-,x.F..C...8c.lIR...[4.....8_./.c.].,n>n.y.1F'....t.3.b}.Ea.mL.fD-c...u.k4.S~F....x..c...9..ee...J..b..............`uP.e...].C..vI...4d.-..&{...T....wT.4D.........O9i.q....8.R.VN.@= .zk-.2.;....[*.. .....5V..b......d.N...!...I.eNi.|6..E^.>.......8.....{4.....Z460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\456__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1094
                Entropy (8bit):6.8041012018848415
                Encrypted:false
                SSDEEP:
                MD5:76773DC68713976CD0D81C179741522A
                SHA1:B31E516A282115EA127AEB555B158784125C21D3
                SHA-256:700757C6BF5649BCAC23F18851194CB63A5813DB7396ED7830A8EE78B986C491
                SHA-512:3661FF3C3A6DA4D9A5D63EBE257401EBC41AF6BB0A025F3DF891E67A9242718F1F250DB86D63B7F4C6E481244408702B070C55EAEA19324B96E935875FF6A59B
                Malicious:false
                Preview:'.{..*...w...Q`....2.*....U..I..nRn........;tS....6.....V.~.H.........2..[..$.g-..r.x{.......2-..I....G..(......6S4}c.....C..].b.)..pW.h.......x@re.X...o.%...w|".jH."z..i..o....F....>.e.w....JqA.^.....^8..v...v.....Lx....~w|A./ .....P7..qr.....7.0..sM~..(...@a.}..P..;0..$....".9.....p.....d.l.xyj.".......G..l......!......RL....<.%|..f.H#.w.......&....@.. 9g....Lb...k...R.V'S.f.#..$.eB..O..z.!@P.^.w.5[...gg.F8T..i8M..(O..4.#...~*..v$....2...b..n.H..A....T...Z.#i-t:..L......7.F..D.....J.........-.q......%!.7..\I...T{P&*..a...y......T. .~7m.U.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c458

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\457__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1044
                Entropy (8bit):6.68578647612368
                Encrypted:false
                SSDEEP:
                MD5:AEE02573F19AC63EBB7832D20D2F9351
                SHA1:EAE446BFEBE2F4817E22D405E15FAE57493C32C5
                SHA-256:B5D0CCC383D75C625274A4A4E1019A46E28323B9B08A79A40F9BDAC60E2C4DDB
                SHA-512:E183B7238AF970D1EE42F340D23473B8EDCCCF1DDB3EBEC614F285471BCD50B04DDB4C19D0184EB4A0E2E74874C3371249A40037D12AFA88FC0F8ED1839901B9
                Malicious:false
                Preview:.K..p....o.F.+0o.Z$(GR..H.l..]w;..e....qy.....\.!.)..x..~@..t5za..R.3...b4.....Jqd.......l4H....B.i...j..z}..Ou..[np.*w.B..WO.iY....{...Y..0......)q.(Q..U}P..'&.f.c4..NMfQ.c.H.[..r.a.y.).P......CU..I.~.2.}...c.]X... B..k|..CZ......9.Q..t......9}.7..z..WB.,.JoR..../.<.......{&-.)......)..O=...w..jh..L>m.,.`..,..m.......(.....W..C.~.x.,..*Vv.&4....9....Y.j...7..dA..H..:H.:`>bi..\........^.|}.u..n...............8..;uy...zm...X.l6[9.h..}4}}H.......1.)..._.}2.?.....o.+..&...2......m.4....L..p.|.z...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabf

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\458__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):959
                Entropy (8bit):6.440989880546689
                Encrypted:false
                SSDEEP:
                MD5:EC2D841645619C2EC1078C1FC1C5029A
                SHA1:EE87F1E4D7BCF4B830F9F0B0138617A45656E3B3
                SHA-256:E5853138C5F430184FD94D169B1E1F2B45634DECB549928E2E09DFD7F38268AD
                SHA-512:6DC670896911D520656B074F2E0CF17B3D1B45EEC89352030397C2B1760B4601D2ECFEFAD61E2DEC501DB1AEBB969BA4711F56C668F81198FC87E3DAFE787E09
                Malicious:false
                Preview: .d.@z..F...l.2EU.^..o.N}....F.'b...D....9.l.6.J|.u...SYOm.....f.|.v-q...73T?|.e..S.|....3p........N...Tf.G9.0...l..)...L..3.@]X..T.G`=....5n...E~..M[...M.. ...Wa....>L..Sh.oF...k.".5.y..^D.g.y.X...p<^...w..D.$u.V.4........g8.*...E.....e`.....9..=l..;7.j...#.gd.93..jz.:R.<d!wx....r..5.uA.L.....s...........e..e]..K.....sE...B[....)...t7.+-"Kh/ST.?......pi$G.K....hu..c.1S.....29T...Q.....x..P..;P._ho7H...4..Z...+..}gu460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\459__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1772
                Entropy (8bit):7.402495731274295
                Encrypted:false
                SSDEEP:
                MD5:5FAB87D7599C0BA826AA6DEB1BDD90C9
                SHA1:39EA4D5A6CC69CE2CAD7F3C775FE64CF5D91CE98
                SHA-256:6633BA1F7D8CC2FFD07F8FA854049E54805E0BC6EC7B8848D3FA4CD377D83705
                SHA-512:986B919ED1BBA0871C86FF2013C56665590594BFB78CCCE8EE1B10C27696DB926AF4C54FED02FF8A39946F5851E8F80F78C986C2B9CCCF0C1E96866B309BFB24
                Malicious:false
                Preview:.-.N;..O{.n.........~.b.....S.5.. .=...+.. .TF.\...^4u>.!.K..P..7t.../..7..gm.F].V.x.b.F#.W4....i.40.d.......\dZ.1S.(..*.q.V'T.P..0C$?.j.z2.-....M,.:^D......$H..#K.:..z.b~.l..s..;.,)...6.-UoH...z........9.j^[6..L'2.s.W...i.+..z[.$....uE=..]Q..<...Hd.W-:........;(........7Q.OU.....<......>.V.+.9..G...}.}..Gl......W....P.*r~.D..&|Y...x.p...s&....*k4...&.....qJ.%.....>..j...S~t/g..$q..4S........>........apS..j.fsvVx..<\.y...#.A.p... .f.])a.?.%E.z.:mCO...s<.Rp..k0@.N..K...c..a.wKI._9?.>...l?......Ofm^........?.Q6...l.....9..qQ.RG.e..7.g..=.....=...+.U..V.i........>..f...7k.Wv.6Hq..-.VU<Bo..CL.......$...A.......+.+.%.3...q....r...u.^rJKU.i.........yo.y..E.;..f>=v.l{.&"..m..&.<..}..i.T...{..Q.e..u..-c...VP......_.g.N.......h.+.:...{.C....";....7...p........h..UB..z9.0.t..p,....E.WaX.....M......?.......T.a..7...1....8..o.4A..h.G...!..L.N..8.O..J%..R^..QS...R*4.nh..<.B.y..&H.A....~..'.f..c..C.P...9'n.B.T...*|`.Y....Uw1z.d..~....l]......$!G.w.R(3.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\45__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.620110256721349
                Encrypted:false
                SSDEEP:
                MD5:9E45FE51281399872B0DE7953AB0B980
                SHA1:545ABA1F12BB158637E2FFE5A60832B6DD9240C5
                SHA-256:8601CB337C9DFE3FF03C0E17E7CB677E7AE28CCDD833AD4AE6E1AF134E352CA9
                SHA-512:58AE50FEC2FFB8B61FE6AB81EBA1B0152A3BC27426214B30E10B057D22E46978E43F95FC107F06DB6549A2F6490B6CB987AD5346016FCC9450BF43F8074459C8
                Malicious:false
                Preview:..W.&utC...?..3N.=.A.:..F.bX...iq.@Nm.\.\Z...c..[d..{..Hu<..>;`\.^.....p.7L.u.|nF...nG......?.lc.ZQ..y...0D..I1.G.e.|.f.D|lb/.....%.......!f.3>.U.nnm....8Z.l.B....F%..W@..Q..ss.t..c.f*.~H..,...6%....J4..H5....a..G..D[.$Gj.D...0.t<.X....}...pq..........b.2..5..2l.....o...3..Q.s..w..s...S.1.{....>.......4..N..%.(^3J.d.>#....y8.......L~....zV..k>X....^.(Fu.U.....=..i.A_.e..!...4.,...0........%^.H.M. ...B.u.1i..,.K...X...9@.....[.H...\...,c<hv..XWec........Uh$8:..8#.s....!.&..O.:.z....Se....p.27.,..M.J|@s7.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\460__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):998
                Entropy (8bit):6.547310852835487
                Encrypted:false
                SSDEEP:
                MD5:9748DF3196A2A46C967F400E9E439E0B
                SHA1:8F05A734908D7A684D7EFB8734BD735772F90A23
                SHA-256:F727BB53BA5B69C0C87F52934B1EBFCB5A299304ADB78052BD7BDD4878D53A39
                SHA-512:254C7DAE0A33DC963EE80C9F68885CB005D0DB91B72781D492D470C78ED0154A72C3BC6D57BF2CEBA73C2E5DAF63902F3587E4211A58F5E3A1EE917DC929B715
                Malicious:false
                Preview:&4l..$..a..-Y..0j.(_......|..`.Y"...>.R.c..%N....7...yV..w..D2.....'...za~....B..+."...B%.w^OZ.6.Re..o1.B7f.um,.yT...7.y[..6.g.....Kw.F.O...).0..N..pl=..L..d.e......;. |*.2..N|.Zd....$..X.j.....0.j..:.a........|f...&..c...s.*S.-$.6j...\.w........c..7..H..H_s.->.X0..<.....xk &Fi.r..\.u".;.P....,.^.".>K....f....3g...'....Q.d\!........_ ',mb...k.3...^4...\O.......{..C.Jg...<...t..........C...T....xL..2.w..O.K.q'.G.P..d.D(.w../}...v....y....an8..-.0.c...Z...B.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\461__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1752
                Entropy (8bit):7.4144450275063924
                Encrypted:false
                SSDEEP:
                MD5:0D3D5FBD43E87FFC8AEB550F5F275989
                SHA1:5783BBC64F6C8DDE9CFED2D64D5370634134C708
                SHA-256:67C2703E2A015C35E1A23A1CDFC4E2493E0E9ADEC85660C562A6BA000C9DA757
                SHA-512:98B0F00CB35F309F2DC85B8F83067D797E84BD1B9A76371B0FE75C93551C7A702171783F1BB53CB2C38ABC396279E6F6DAD4BC562EB5BF74C225FDDA568FF242
                Malicious:false
                Preview:....E.A.t.......l.IT........I."(.....O....t?p...tI.......dc...N..*.V.w...2i..h?.w...{.......$\.2....S....w...T..o6.z.2.iw.0..+._..5..7...)..*.-..F.G...dd..I........7..E.].p-...d..fu.^..*.9..u...]O.s....t.h....2oP.s*.P.;A..2O...U....3w.@=...z...hM,..#.*8..?..q.b)..-.1...!s....L...QpY.r.o.#...S...=..;1./D9.*K....q.:C.F.F.fvh.......B.Y.....9..>RJJ@{.....I.....t...]..\.Q....`..~...~?Wv.b..+...1.v.n.......=.J...j.......1Q....^o..ZmuP.D.....+!J#3B.......E.#..>N.\..F..5.6'R....._Hs.....N.,..gv]&..8....&.{.^....'QTz..#.....=....B...%.5D........5Mx..?`w...#...)..~,.}..+......-.=.;..~f.Mhs*.....w(]..O.p1b.,..~q!.d#PeVN.ZT....,...f..\`..[:.4.....>1...C.!..v.)@(....}....*.]'.lw.....6&z|..c0...L:......zf.j........K{..9.........C.&....M9..B.P..V....?Io..s..*.r.......i...*.s}8....sh(4...j<.q.sR]..7.(E..b.o..L..j..<..G....K......"..Vb.^.;...A.....G.WD_..t......VqRF..3!.....H.E..!:B.<.H..L...M..u.....H1L.l.K......g0=:.!.*.+...6.....E....i0..a..#.~.O...m1.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\462__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1231
                Entropy (8bit):6.998016308584742
                Encrypted:false
                SSDEEP:
                MD5:45F0C1DD2EAECC2109AFE8910366B0B7
                SHA1:5C8F1B8E3870C06A0B2B52B66948C9D2DD031229
                SHA-256:A4772BC082634A0CCE7E1C0F4D9DA13EA7DCF89528A919C1E7A5DF77BDA8D560
                SHA-512:C3796139B023108DB2290DC0693AD776D388A98C7C9364CC1E8A1ECCCE45E50D8E7674D1D502F229A7F642D992E6208AA2E0F688A4CB961B1D3ABA954549FAA1
                Malicious:false
                Preview:...|.pC.7..?I.....0...HG.j.A.:........(......v.%.....5..9.j..,.....~.Y...R..a...7A......~.x..s..[..*.5.K....!l.....m..f.miB..xwmA..m4..:V..@.r......{m.......crq.......'1....K....3?...C......-I...........;..Y....q.cN......o}.h...q&.O*..U.6....*..r'T-.C.E+...}T.d..F1.1@p....-d)...u.M#G5......)..*.9.......,..]P.........S.{...F..h.w..|S.<....,H.k..|..q.N.B.HA..VF.H....Lh..>!.......&<...$K..".l...E~.$... .,.....*..)o......l.4e..4...f.....].:....B.........kr.S....h .T../..9..........5.W.BLP...?.i:.<..G.s..$}..o.O..94..b=.F.h>.).......Xlo~.?..v.....R..5_....v.../Iw.:.Ha..#.>v...[PJ. f.U.".4D..A^~[wy.p..$..ce.^...p.]b.....u.\...k.$8........C.W2s.Y..1..X.*F..^Nf._..t.[.....[.(..rp460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf712

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\463__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1230
                Entropy (8bit):6.952653718238598
                Encrypted:false
                SSDEEP:
                MD5:2D5E7D17C4668BB89E848FCDA5B001E4
                SHA1:019B72DD2F1C79D2526677BDA3F2A6977A0BA6AD
                SHA-256:00F28C0E4CB37A51C07F5FBF42641A1DAF7FBBAB71256DEC949D65DBB76AABA4
                SHA-512:6E2D075E5AD62D533A482B38CDE9EBCD82AB1E652D5334FEAE9B824670DFF6ECB0159DCFEBDB533A3F0E7B86DF153E863AB18D58B0F9B10CEFE2CA35DBCDE3E4
                Malicious:false
                Preview:D....7....f..........X....(.O\}k..L.|.9..9dI0....k.v$X.b..a%[.........4...?J......~..9s.,}....C...B...*...av...#.cp.r...T....P..J...-...PD(+......%.,.......x..J.e:\.V...U....R>..V.fhF...:...+6.%cyA0PYZ....?!r=.b......r.e.2..}....K.D.......f.5.L.....>...5.X..}f...TT....I...>*...!..w.+`b...A.n....[..SG.m...R...!.s/h@.K.......@S...+.y...|.G..o...h.E\=.....(.^...._..Q..H.\{...(0..g.BD227..(q..A."..'}......V.....V.=N..c...MBo...O...=kW`+....@D..L.1y..{j.Z..hR.d.;...x....#y.T.<./7.!.wv...]~..$..;oV`.`.].6.f...r..{~2iL.7.hM...#.s..<....l...Y#O...o.r.0K.b..(......p..H...9..n./...v.....@..4...".p68{.V..f$.'..e3....~2.....|..+.UU........5.;..w..+.hD....3I.>.6vD..L.1...b..d..q...l.Q..H..:..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7120

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\464__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1171
                Entropy (8bit):6.890199662774027
                Encrypted:false
                SSDEEP:
                MD5:B8EF0554F0CEF1D4CCFD6BAE026D7396
                SHA1:C992101464F9760DF0E28C70268CDC1C614BBBA7
                SHA-256:789C3CE9DB76096E8EC1674214847206E566D3964066AC19C03E1F0A6DD40F1D
                SHA-512:5A904894B6BB577AA88C7325E117A04564555A2F0E6F1E4F3EDB79D2D0F697A9D8443DA7E78BB7AC92E348EBFB6BA4CEEA7CB72151B222A3710641AF714F3D02
                Malicious:false
                Preview:..f../5....am...RFn.<s.8)......W.`[...,.".V.K.L..F.;Z..Kt.A>E..c>h....'.....T...u..5....a2...cr.3.V..y5k....5w8.....x..3...E}...\[?h....U..............-:y..:....w4.8/,...K2..z,.C..|....!.....e..Q......=$.F=oX.p~.n..u.x...mA...G@|......?XD.w+.+.`.!...1.VjX-#.LQ~y."....b.7.H..J.g.6.4....W..........R../.....-m.p.j+R_....?F...........R..(z..qHT..W#...X..$..7....Y..<8........r...K........*. .3.......N.:...U.0.....I1...PA..*.59...l.W !.F.[..98C... ...Xs3...lK.:....a.u.S.M.."T....")......<8.......N.p...S...U.3.W(...Xg...c...}Z%j.+...q..>.h.G....@.s......-3...^......h9.*;.x*.L.lM.z...&Mbf...Is&...'..O.y7;...T..w.v..k....p8460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\465__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1165
                Entropy (8bit):6.8910602360229625
                Encrypted:false
                SSDEEP:
                MD5:785B9418311A66BF78719BF5B52103BD
                SHA1:7276462E50A045636B0A8A27B37ED9DD01ED91B4
                SHA-256:DFF16C20CBB3481A509A94F3559AE43FF97C4FB0D3FDAE03F779064A7BDB7FC5
                SHA-512:DAE18B885C31B8175F5D92C234F0672EC2082F72B8B70159EB41A47955B912455AFB6D5569B5262A2C734FEC27D36E2E5D9B1EDCD112344AE7C403907F597816
                Malicious:false
                Preview:*.......k....51.........=y..,.c"\..Y.L:.....c.F........q.;.,..,.=.z....].....j,.%,.ag....d..ZC.N......h.}..6..I.....xV.W..[9.2..I..-.G6(]JC<.&.B..(..U.......}_..p.=+,Z;...\V...PT..I.5e...g.......`....../.:..Y..X.EF.d..M.....9.}.t..s.*+....(...&...7e...X..c...B.....WL..... ....R...).J28.........q;........6...../.3.......[rn...@.....i......f..<.[...T......<y.G..0...:gg..c.-.|.......mnhCd...eaTq.....8`.Q.K..u...g,......j.- .V....n.-;.6*a...#"|.c.{QiG.j..>.............%..X..I;.Tbh..@E...b.7.]`......I=.1...li.E.>...[..`>$........P1.....V"V..\....I..U...6x....G.!...Sy,.g...5...BPc.~...6....H.rq..../..^.N./..%:.....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\466__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1084
                Entropy (8bit):6.785088379275513
                Encrypted:false
                SSDEEP:
                MD5:2AB87710D329A21766907B74CDD70223
                SHA1:7AB73BDBC183F41BD36B76161CF38687C4286388
                SHA-256:18E13195C9716FEAA0A795587A9258ED890946553EE18896688C429B1EE1E8A1
                SHA-512:5238EFB8C3DB7A78CBA665285A1A83549EF739196F4980F4640F559F3A748BD5C2635634E8DDD93269EBDE7F3E7ECC3DFB700A94434577DEEBBCDCEFBA7AD94D
                Malicious:false
                Preview:..?..<.b.J..Q.......n.......^.2...>?s'>...k2;.......v..\..y...(.p....I...=KXU..._.0......&?....(A.....86].^".....4...%. `.....8...=._.x...E.^..........G.......*....A0.S..F..tSXsB`.._m.].+...t....v.A.Y...<..?..#...g....=...E...7.../Ok..q%...o...bP..,...6s.r8?N..?.Q.....b.`b..,....Z.'@....,L.A.........;............1zn.I...Q.W.....`.....Kq,.uo..y.P..$.....).w...?qL....]QS2z......_..K.4.5.....VBc.j....C.5...| .c.~;JUGJ.....n4.Y...|.D..)...../..n...-t\..c.u.J<x;........2....%^To;....<..i......F.ve......T.tq.............2.^.....J....B'.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\467__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1039
                Entropy (8bit):6.6056747503025095
                Encrypted:false
                SSDEEP:
                MD5:2C6802FE13276638C841E0B1A18E0046
                SHA1:BDB2863C668FDBD472B7B75D776238D0E3788F35
                SHA-256:B1051832BDF95CE35207827EB38D8AC3BFB8380318F0056D632F3FE59B4323E4
                SHA-512:2DBDA8A72A34FECBCB7F1E50081A72BF65F961B08BF2968BCC7A0A2F2DECD0159D282E5F36A7A1A0BEC5B68AD5D2268FF09FDD9AC7D41DD44DB40FE51FCFDDE0
                Malicious:false
                Preview:.....MQ......N.%...+..4..x..Y.=.B[.......1f|....!$O.)_....9.J..6T...6....}...g1....o.s..;...\..O...ZX.J....>....6:.O\..x.K.'w..W.g.uP.;.@......N...".DvZG.rM.}.CNOz.Y..t....I..tW.v...3.x..G_.bE...X.AY....3.d?}2..1!.h..\!_N..w..6.@L'{35......m.....6...i..E2V.9..w..}..1XR....[.......|....d...c*7.1c~......\.]...I\..\...z.N.q.6a......h.....\.Z....309...4i....G&..IjB.3.@R.!.^.A...w.Ogb..u<...oNS[..Ok..M... ...4...g .Y...x....lJ.xa..#}..g>....}.T`..S.Dw......>p.a....1......g.:.\#....:.c.:.g...O..E...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c1

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\468__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):953
                Entropy (8bit):6.444697452073619
                Encrypted:false
                SSDEEP:
                MD5:4000959A243559E1D1B3E0534AC8B328
                SHA1:8D2F3DC6638CB446B76E2AAC05DD606C623BACD4
                SHA-256:C90D5C0D0986705CC0822E1C4E8C10F6CADDDCD7D71AED3B911AA762E9C085D3
                SHA-512:076016900402477E6C3E7419D2806C9BC9B0699071B8F7E656D554F0B48D0E1BFBCFB310FBA0C183E2531FBD9E4AAEF241F035DCA3180F513EB5E8CEFA550959
                Malicious:false
                Preview:t....m+.Q....4 ].....5..pc....,..I.c...4..(.z..%.~...5Bx<.t..k9.9t.oF~..i.eWy....D..p._.q....u.m........<(}~...q..?o4..}b.X9a.z...&S...{U......Y......Z.......w......B....g.9.@Bx.B.R<...S..#X.....L....f...5d..C...N1Z.f..{.\Y.....Y.7L{.S>...H.1.j....6...=.....3..#.3...._..4V.\..."2..H.MV..+DrE.ZT.r.Z...:....{Mo&.y.Y......6.<.W...Ci.."R...2..';...j....Boi&Y.r.Z......v.'..E.3M....[.....y.+r..._z<.......W....fs.....^.;.+.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\469__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1172
                Entropy (8bit):6.919593140261489
                Encrypted:false
                SSDEEP:
                MD5:52AE45C5905F6A048F3536948559861C
                SHA1:7620B56C228347CF56B8FBC9A4C3CE6A95F090BC
                SHA-256:B8D3B38E775DBE94A16A9089491C8101C84930DC437C619CC69E9FDC4F765110
                SHA-512:B4046AB5C12A31A33E0752604432AC3FB62F66686F625B2061150A227C5E6F0D84950F023864EED5CAD6FF116DEB22AFC7358DC099F8C65899E984DA55E6A094
                Malicious:false
                Preview:...+.;i...=m..:..&.L.a.N.I..eX+Gf[.^..6).....<....0ON.......=$.)S.u.~..T..b..Ue.,\.".A.2....*..hF....F..3...6B......... z.y..K}Gq..YZ.w...S`l.-;.s...H..........J.r&wk...Z.;%ID.u.._.$.z.....3....p..v...0.a...C...$..+.nZWl...*.[.B.M).^..%.7.. .`_q.n.GO..$......0.,..=3n....5{...Snq.........@q..l....2K..X.m#... ........^Y7.....`...;3.g....#aj.)..x.......t.C...-?.3....V....+r..%.+b8.D.Y...3Pw.<F!...-.i........w8...c..C.t..r..p.9.y:n.b...1..qP[Og.di...-.......&.....Q3N....=..i...@...I......@.".I.......Mg`;....M.......z.m.\q........E.m.yx....pF.l.Ke...+.M.A~....R]..|...-7.....H.....dt....f.}...G......rxR..:81.....<....B..f_Mk...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daa

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\46__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.471129738054079
                Encrypted:false
                SSDEEP:
                MD5:FFF39FF9090EBBFA640820808596335C
                SHA1:CCBE67D148BA99491D143FC1F65CFA697E46F053
                SHA-256:10A0E175077811973859A4C64385D431D6630A171ED841B03356020891A8AA5F
                SHA-512:1374614B0B76AA205BAE9979ED27EF600A8B5142697CA28203EF52DAEEAD2460EDEF712716E920072F4C202A6A42696930BA14C54EAE5902B954427F84C84A5A
                Malicious:false
                Preview:e._*....+..^..-.-..=nf7.f......V.R....9=2U~. .?..*.C.Y1g...1...\.y=...q}.JUM....''....t.-.fW..?.U.....K....~...7.Hv8.r-R.........j.z6'...Q..x.0v.v...m[.&I..~....^GBgw...Q.>.Dw.3.G...#....1@.h..q~..R`f........;e.....m.)Z.1..|.]#......{.Wd<.....Z$.>..JEG9...REe..6...((]..>U...1...>,..g..~g.0..9...>T./..>A.Z..hu.UoV)F.....,(m..&.C..Y.2y[..*..%...?..}Hy."}..6....^.*.[...I..]u......b.~..P.......UA...R..'..M6Y....^....-*>.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\470__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1773
                Entropy (8bit):7.401961736756028
                Encrypted:false
                SSDEEP:
                MD5:756EE760616C43F44A5DF92D21FB36BF
                SHA1:D3C9265227D35C1FF5FA51B01EFFE3AB095F8CDC
                SHA-256:A157773AC76783693B2B79370B52529C87E958382B8C9631EA50517946395FCF
                SHA-512:D3E784B8ADCC5A49F4320389FB3EDF77FE3BD9DE481DF9DE6536E6CE2DD7BFAFF2FFEE3145E4880D8D648CA189C43985AC09B8023C2D8214CD2B356D7A2277EB
                Malicious:false
                Preview:......[.\~X.o.-..0.VK..OKM..C._w+Do9.iR..3u.UC...........E.NB....xN>.....;.'.BX.t......rC.j...,QT ...j.\C...`hV_.....h.V..../@...$3.``.../ .w.Y.m.p..u!.8....y.,..F..$.J.....|.b...d..X.B.D.H...1$@.O6.....c...e.c.h..X...v.wO-:....10.<.U..Z.......e..x.......6...|.."~...9....84]......c&./_..KB!...O......R.V.7.........i...../x..q..B.....!<b>4..P..,Ic...!0B.e.4.sp!.r&vB. %d'.l..U....(WF.4W./\"3cQ{.%...!e#R.........|S.&.u....-N..$F...XF...xx.-1...EX9.b.T=~ .?'..%TO..Q...j.J..^....3.;u.W.....U6..o..|.;ZHL.B..9..9MbWtR0A......&..W.S..xSA...!..'.4.&....#<&..i......t.I._.......o..P.r\v;...R..]..%..+....^....QS...3..#.n.......<.....GTI.....0.m.w4OE.4.40...=..H.l.o.x1.I.....!.g.?f ...bn..~_.....7.<.....8......x..5..io.....N.y.'.t.MP....y.a.....wN.A..|#\.D.(*.){8Pb.q.*B.*....'..k.R..)l.N&n....V....h.....g.../g...P:.....Z...:"... .VF.6.@.G...cI.Q.1.{.r..d...g..=...>.(K....Bc*....f.b.{..L.......'.9H;s...!..Q.*S.\.....t......|.R...3uo..."1...I

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\471__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1165
                Entropy (8bit):6.844686232673756
                Encrypted:false
                SSDEEP:
                MD5:E68C351105BF687ED4200695CF7852A9
                SHA1:0AD2726B39D7EFA42FAF72314F6F75DAD4801796
                SHA-256:2ED84DD2D990D670EA697802D87B9C764E375D874F872F2761FD4CBB2391B9A1
                SHA-512:15D5A2955B3D9181E8D2AC39531DD0CD95B03E417271C2ADB78C71900F388D4CA65D5484510CCE82EF3CDD226D913B7EDD6D933EF2444B3E61AEE7134FDAD927
                Malicious:false
                Preview:..hdM.8.. ..(.).T.[T.f...qP.+.....[.<. .lH|D0)M.t.-..H..}...........".I...d.I6,. ...5..c[.p..BV..%..i\.|K....M.F!...$.|.&..}.s....E..o={<....:..\5...+.Ea4.-'..~....U. IY..8...Uq."..iu.u;4...".7..<..t.w...:.u. .D`. .Bk......f....[m...B.V..z...."%..&f..T.0>8.2...a..-..E3.{.(.......^.......)..<..}...Jx......IST..Y.....5.e....U..|.q...QG.._.H_?.w.ppz.."@..].XM.....f...Q3!.^..%...w..h.7.2sbz.n1h.j..\..*.>.0.z.3.h..E`......J...0wQ.o.N..3....4.,.S.L...f.p.(...i..dB..).0 .2p.i.l.e.....u."...7.....;I..{..*. .{u.P.~....n....T......w..c...$..m/.e.Ps....O[#6F.:...+T#...&w/gQ......s.[....{m.n.:6..Z.>.:& .J.h.:..|r}`.a.VP....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbb

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\472__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.75536214414976
                Encrypted:false
                SSDEEP:
                MD5:58BBA6E531331F32B9B7E5845A9F8342
                SHA1:C3F5A700D2F2AA61BD2FFF0375B664E3CFA4DD2C
                SHA-256:13DF4B9DA0167FC531BF95B6D1ECB227603960943045A73D73BB079A5CDFC014
                SHA-512:656E9C40E677430FDA5A36A320A7D194CC9570802B4822077826C084CD4F7C946A4B2B20C5A85716D438ECB758423205578E14C4BC00ABFB3A92DD0C5DF94FB8
                Malicious:false
                Preview:^.,..w...9..].\. .9.[{J.~..|u....h.u:d....c...skQ.c=p}..Y.f.!D.~:g.5V....`4h^..,Z.G...f...L.......)...~1.....h....Ht.vS,9#.#.......X..j..3. .z$$.@%t.....h..H.Y....3.(,P....B..U.........G.\LO.5..2r..z.Q.x{V.z..^...L..#..3.q./.P..&.X.}FZ.H.=K...hO..FC.Q..e.....k....2u...$5.w...V.......~.q..}.~rb8.M\.....xM..CX6yW`-H.C.n-6`.....j..?.u..Mn2e.._..x"./.=...X.!...R"...J....4...G.u.3....o.8.}..+..q.C....._.jH.<..J....\\e.."x2..v.z.XO.=..u..R......`.m...%..+...6.nh|..M&..H..k.%jK..B..2 {..]lUZg..)..'.....BM.IL:b.I......$.1-..8....."`..(...@~..3460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\473__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.663949535922833
                Encrypted:false
                SSDEEP:
                MD5:5448084459CBCA110FBBFF1086B78BCE
                SHA1:51D6C4A8A835B332C91A6997540CB0589F6671ED
                SHA-256:D8BE00645A9C4A2640C318BB1EADABCDF68051E4DBB06BC1371ECA7AD411FBF4
                SHA-512:A42B707A81D21AC826E89C5B2375989A11AC1A1881FD6987610199A18601F0EF7FE4285B9FCE1E7BA6CEDCCB9429536C7B331C47F47233AFC03F2667CC26BE45
                Malicious:false
                Preview:`ne.:...=.|.~...*.#.Z..5..j."...'.s....n.E#.f.,'Pyw..M..0dq!.....{.......n..u..F>.....zv....h.!.b...N.>..X.%..7..7L...#.B..A86y.g....(...;]8a...|..p...B'x<.J...yrTd....!...T..[.<. .....Y.M.K.6.$.]....../1......W..v.1.g..xU..4sq..uW..0 Y.......{..1.V.....^.......$......(....."..X.../.9.....{%.L.. zB..f..)..}7 .Q..?.....V....D.8.A.....!.....9@..B....|t5....v...._.-K..-.....O#4..9.j....>........b.....^"...;J:..e.....Pk.o.N/hi>]....!.^....>..`3..3....X**..."A..*Xo.,..Q....@.E.....g..#...~R.......w..V..P....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\474__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):956
                Entropy (8bit):6.435460015085734
                Encrypted:false
                SSDEEP:
                MD5:FB0237EA9CB8F7AB19CE405FD5342201
                SHA1:4EA98A58C7DF6EABD2A9F91202666CFD4ECF038E
                SHA-256:42BB5B0DBA5559B88ABF277606776A86BEB844A6659694669BD19D55620D6D76
                SHA-512:94E1ABB53A6C2673C3069197E14C4D6E9073F2D073D2D00F84B8B25420A6C688DE17532414C3C8744B3A4330A78715FD181597EACC3912C6F018BAE131B7D96C
                Malicious:false
                Preview:.?c.K.r.....@wo.TO#..2...mX..."D..[.....q.#..L..w.....8e...bKr.-.P*......z{{.v.u..e........Xu...r.,&=..f.%...y..V.?.N).'..i.};Q..[8Df..e.|.S4.]............W......|.Sa.(.A...Kf>.]..Q.X.VJ...yr..wT...B.BB..a.6.0..7.....f.eO.#E!0.oug\S?Q<.F.x..+W...[..]1)?..ik.C.a6..C..RA...l.4.Pc.....|.].....d....Cn....q.>.+....L.^v....#..qgD..n.P....`....U....n.FV..f..tFH...@.<5.Ne8..e..k.z........M.......'..V.e.......8#....B8.k.<.(.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\475__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):6.966164582936306
                Encrypted:false
                SSDEEP:
                MD5:8C9A3161E77F80A299C427F409CDBC4A
                SHA1:9FA551FDCDE3E3F81F37BD19FD8B6DFA9637DB8C
                SHA-256:7E7E962142DFE6365D12F0A9CC35A8C53752B986BDB04D2EF8AEA296CD303010
                SHA-512:CEA41F1D0E96C9C70D585EE4C75226DE1C4949F7E820BF92CFAFD798553F4ACEC5434D43BA44DCEB23EF8C4D06467A6F110C8094569D77805F6B7D579FD9C431
                Malicious:false
                Preview:=...$.-.....QY..Uh.....i........2_.6..r..@....6......F.[.6....q.>.8......D.~^~G.y]..V....xD^.w..d..!=^....f.....~.3oP.e..|.o.....Z.X*..W.....i}.4.....";.8.p.s'.........s$.*/.CW...*...*.A/.._.LN.k..i ...M..\..l_.C\...qC.2~5r.d.^T.e'B.o#.....+..p..G8^..T.dd.Xx.A..UJ.E......u1.=.....$..B.Zi#....X`5H.<.......\..+...2c.S..$...(.....j......Cun.._.cE...MVv.....(...Fj......}....h...p.....P...M.)...`...qR.y..O....... ...Fp....s......C.G]If..s.........X.?.T.c..}$....f........\.;.T...L.-....j..B..P......;`.>JC.wC...s8)e.F...../...=..-..2r...U..e..81.09.P..7R....k*n-~.2...f.S.R..A.]S{P.8.kh5|.7.:./......\.'..7..5w....P.&.0...H;MX.Jk..f..S.`..8.=6....*.z..~...\.qI.)...;.... ..Xu^..p.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\476__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1239
                Entropy (8bit):7.0074367220275
                Encrypted:false
                SSDEEP:
                MD5:FCE3BC3D8CFCF2500C1D46C90C3D5A30
                SHA1:46E3F438D1229DAEFF79788295E6AA8BF636F6A2
                SHA-256:8221C7774641B7E941D39BFFA49683FBCEFB848168981BAA9563E1CAF8A35B37
                SHA-512:AFCF9A25ABEAC113BBEC62CC0E55D77F5BEA9703A3EBFC2C8D4FC610FB58925483817268352E0A09B46BFA4A3053EC6BAD70F42D4E8B1A8ED3619B8BC2C76591
                Malicious:false
                Preview:.}M...W...gX.. L........%..'IU.!|3Em......<a....[..6E.7.........c....a>......P.%.@.F...y.......s....._..=..ri.y..L....4.....*b.Y.&..R.(...c0..N.X........d.QhN.;.(W..i..U=.....oEZ..w<=..."D.k.X)c!.fb.g.2.2.=...j;.Dy.l*..W..=.g...vB...Q..~...f....@.....5..\ib.......+.%i>....2.w.j....6.w..(......s....b.fT..].<..N.G..>..&..-O.N.. .D.b.Sg.s.<)Dxz$8.Nz../2n3.....-..N...JE2JRF...FN...M...#.S..b,:......6t...D.5.&.n..I.`..)......,.K...x|...!..+..'.~..&.8].$..#..\....i.f...O].....GvQ.......cm..,wKI5.x~C.H1i{O.....JBj..).&..V....Z9.9..iE.#...>C#..).0.|.k..G......Q...c[W9.t....:6$6..>.t...;.a.......B.......;...q.l...>....XT?...u.A.1.XK.$..[o$..O......j.r.... pEZh..8..A....P.@.......@.W..q...kVN..t460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\477__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1155
                Entropy (8bit):6.894172379698234
                Encrypted:false
                SSDEEP:
                MD5:F84E4F8223A83A696C627889A959882B
                SHA1:D6EF0F936B4FDAE947D53DE1478D402D22950775
                SHA-256:9F53520229A891C3E254C927710BBB02EBB4866AA328EE0074FC9A6751EB77C2
                SHA-512:0550BF9A21FFB912DFC3C6F53F43E3D3BCE26471C09A4F830B78A430B62AEC191B6596846B8A1E1F8DF8D3942C42063BDD861E5CBD9C0453E4503362A45FA177
                Malicious:false
                Preview:A..P.....v.X..,b=......-.z..st..x..W..LK....v...,L..+.9XV...J.U..;.e.3........U.4....U...{...`R...o...u..PI.h.s..5.%;..%w.......2.....p....g...,...c......N8.....d....A.~....N....BR...#...63..v.mk./....V7..;......^.=.c.f........9.E...n..3t.w,.E.......|6..c....~.k..+....k'Z).5..2.Hp.......I..V...T......PlnH|G}P.}J.k....aY..m...;-.'.6.QtS}:1.F:._......;9..N..V....._..X..)._....O.....V....[.].......b...WpaC*...p&...d.l...6.Y N>.V..?.o.O.R<..a..x...f.\F~/..U.(..W...).D..V....|.O..E.......k.._..N.....w".SE.q.W.aZ<.....5..Y.'@.....(R...7..y5..5.[....!I5.BS;....m.......G... ..=.f.O....v....x..=.Nc...!.?...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0cae

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\478__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1168
                Entropy (8bit):6.908166310979692
                Encrypted:false
                SSDEEP:
                MD5:CB4A8D07888B77FFA2E8859BA399B076
                SHA1:6A0F53AD6E855EA92A04D851F7A9A11744BA5ED9
                SHA-256:59533C4F9DC3EE2D3BA371CEA04EF462125C8E4A46DE5D831F2CE26847E7B6D3
                SHA-512:DD7D1C38C6BD629AF550B5A1E60B1F0373F25354F811BCDF77DD715DA33348A2F99F5A81506380CE672027CA48DC93C413DBD7DF130901909A189B01EDE1DCEE
                Malicious:false
                Preview:G%.l.4.t3.Aj...(S>lm..@#[i4Po...F..........O.'^...9.".DC5.Sw ..}..}.@...3q'..v.L..j?....1.,u....Y......:Zt.~..-Cy.V)..C..h.>.N...) . n.bz.Od.d...!.\....a_[..N..Y..qC..8....:....4..?.+.nu.}O...._J......z../T%..W..re...7..|...wQ.%....8.....c.?.7.9O$.....W.:..\..$R.j.,..Z.HLr..4............Z|.|.=..._.v.U..M.;=r.\..p-?....>\,`dX.NR.....VR|....R....q.(w...;L7.......x.....X.....(.Q...Q?...4......;f.~....2.^....v.U..,'.m........d..@t.........._.e...Mc..(7o.Z.B.....g..m.K...`.wA...<.S..<.....'.K&.4O.....{.1.....>l..,.&$...fz...(g6...F@.v..w..!.p.m.x..P7.1-{.f_....V.Y}.0.G............q...H..k..G4.....5.\H.9;..]...V..;k..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fc

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\479__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.742048999499528
                Encrypted:false
                SSDEEP:
                MD5:361C5BED9956B7B884C5DA68E5BD3ECA
                SHA1:EA8A15A7347F9F9863907B04507FCD45DE800237
                SHA-256:B139F4A83D1687F4E3B310A8B5DA35E0C8F4CEA34186A3C5661B4834EF7C5FB4
                SHA-512:232AE76AF2ABB9C9B90D8A056D6A366856CBA7488AA5737E089F319CDF76EE5D0BD3C673B56BA8F10DA101CCA3309EC806E9B9D45A194BC23C662A22B189C74A
                Malicious:false
                Preview:.....W.......4_..:<.T2|......vV.....L-'.>. ..k.?...S.]|.r.B...\.2Q.5C.[..... ~.t...........F 6.~.\.q7-w'.....B.yT.k[_... N....jM..t..$....Q..y.?.......,.-a.\.*..=...V.2/.1L|..]..~...s}.....1.s.....w..<..9......d.......b.zr.....aq;a.. HP..}l>....i.!.;............r.....O..........Qx...<...;$..'..I%..%.>u5..5..'8B.h..|..4d#.b.x-~.w@.MB....&.A.M.. ....u),....'G60."E1.*...B._........;X(.|E.(..0..5.....|.a......[..L.g.-.Rj.Wha..NN.........0.{6...AV.^.\C'.&7*..gs.....x.w..V.b.s.R..........b...^..b{.B.....4._%.../w....]b.C..Hj..-..MZ4..8...!.ku..<...]....S..U......8460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\47__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1237
                Entropy (8bit):7.007456742483378
                Encrypted:false
                SSDEEP:
                MD5:D4ED00655CED7E299BA04CD1F3711EF0
                SHA1:8ED163A8EE38A0EB92E81CFA07264111A5659801
                SHA-256:8D85D18A9662EEC27D368FD1D8E899CBD1B691033CB48CD66369F0E22C76F217
                SHA-512:03DD85BA8A311E6A1736FCA4169822588C2BF86C54A8A8017C05BD60BF93BEE374519C3AA2EFC3C0E9636F7AB003A66FFBC5413B580241D0C6C28EEAB1411397
                Malicious:false
                Preview:.......`..."..x.J.....oX..!.k..l.ACT....s.NC..-.h..CEs.IQ...b........E..zq!..O...M........I.#.M..-...jn.)$<f.h...V......9....y.89R.v.e....c...~#..,..a.D.......j....U....:...........E........E1&:..:9'X/%...h.-.J..i...]..T.!.g.&V.2n,..........=..\..K..>.....2b$#....]..W...g.N..$@'_P.}U._o......F=..kT..i....u.{. .%......".]l.kE......%E.z....EF.,...u.@.3.G..S,3,.....y.7]P.ws.....CdMr...$......$..=N<.y..T2b...%..M..D.W..D.uhSA.....))..L...Jd..7...u};..,.]t...y.Xi..].....h....m..!.....%u]yr..u.....Z...L.y....@...fZ.yJ...)..*....i..#.7qE.{..4..:...V.....p..#....6....-B;..[.....vw...o1K._DV.L!..3..KP.....v..[......}.1.B..re..1.....Ql+..N.V.DF.<..I\2.}.3..aR.;m.'.J$R.I....3..&.....R..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2f

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\480__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1042
                Entropy (8bit):6.684111081621896
                Encrypted:false
                SSDEEP:
                MD5:DF776C53F0EEF1EA83A107DBAE636984
                SHA1:D8781C7658D709005F46F2DF7D8060C27C5F3B71
                SHA-256:98407C67087C547A24032657CEC45AF40DC19375D6AB9FE2BB60158FA808C3F9
                SHA-512:FEDEE36F123ECE43F5A2FD9B74FFCED32DFE7BF721A9219B3F105CD478FCB7391D24568228CA949A14A54D7AD6C0996A02D134CEFCE7F5737A1AD47651D8E96B
                Malicious:false
                Preview:.....O...J4....%.Lf7..X....J..;.X.. d..}...*..]..d'..hg?7o....P.O...MT...'s._nP....F...|.O.a.<c..m kl\....N.GT.{..A..........a.d.Wl.. ...3BP....h`|......f'K.....-<HoS..h3H^..`...M?.%...:.....D|Z.+...].....u........Y..!.~..C{.j7C|.)...m.....\.F%...*....4G.x. ....c.m.<pU....,.....Q.bQ.7...'X7.!..6f.|.&..%..?vX..)....{*=..n.cG.....s.s.Eh.._.^Y...mTyx.$.....>@..a......B..nl{.&..g..M.G..q._.M...+...mQ.l..+.;.....B;..%..l'rO.`.;..q.I.=....s[=...M}...Y..P..R..._.....f../d.. ..J...c*.3U3.....j...zPq....460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\481__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):960
                Entropy (8bit):6.454573752894185
                Encrypted:false
                SSDEEP:
                MD5:14445FF4D7AF4581AE6AA715DE91C3A0
                SHA1:61E1F52835C39DE47E8233A31BE649B25D5BB440
                SHA-256:9EFC635873F0A7CD827476A4DB5BFDCD7B1EEE45207497B23DB5055ECCFB3296
                SHA-512:0F9F934DD5907A2B1EDC7158771170947978F523DC6825B8E194F64977F1016BDF45DC9C2E6609D5515D41343B6C2DB90BC78F0B67321C27533D9ACF6B789096
                Malicious:false
                Preview:yn.%o7.|......]J...k;.qs..k]"u$1GU.U;..y.s.^a.2......X...F..$..9.....)!...).s.M..MG...........ir.Ph3.~....s...rK`BMx.....!"'..#..l...UnJ..t.QD.vc...F......#..Y.d`..@....os..D.Ox..@..+.7s..h.......a......tf.l.U.e....q.....`...GO.F...n$Y ...l..F./..A#*1\......x._wE.vt....'_.......S...`Cji`.....:.T$....8.l....Wq...+..\2...h.+6..y.h../J....c.~8.+oK6....#..Y2...5.F..o#..@..o...?.$.>......O"G...33....@..1..(4j1./F%/00z.W.; .F.-F.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\482__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:SysEx File -
                Category:dropped
                Size (bytes):1896
                Entropy (8bit):7.4730695227068065
                Encrypted:false
                SSDEEP:
                MD5:32A80A17FB68E4C8868A0CE0C0E35F89
                SHA1:607C2CD43DC68D419DABD499C8D7D4A10822D4A3
                SHA-256:640CE3515C4D1630906F273106DC44D9BF34D38D4C1085FDE7A4776496E93B6F
                SHA-512:908A5D2A64263C1561B9EB99EA0ADFD947D7FCEFB691B3A30FE65D296C32FAE55B28D31CA8BF1E8BF3F43B2203F278EE59EAF98ED542BAD4660E9BB880CD1F5E
                Malicious:false
                Preview:.zZ(mi.9...Q.XXs...1.........45.;....4.1...G..5.je..=...]..e.GM..Q...z. .pa..0.U.]j(.|b.(.......W.VA.....B.Y..4..~...ff......Sc.e..j..pIoz.5....C.....a....sU.&..Z.y.0V.)...9......`=.......M....@....+(<.h.S..U_?>...I.L_K`qT.....'...Y{..M..*P....#.....ba.x..D......8S.........K.c."r..#X.X^B...?M2Q.5..F.$.&..o..P...w...a....h..[...C1rX/G$~..TbHW$.H...7....!.W7yr.....ko.h.F1...kl..R.-c^....8._f..v2..j....r..P.Y...$...C...mg9>.y%vTH....@w..~#+>......2.|..FW....w.S,..).u.Nm.....?.. v>J..E..5G..Gwh.:ssT..... `..o.N.6X..X..x...Lfbj......+..*....Z......2..nh..k...}1Wc.....@..y.y.....=$B....f.....i.....5.n,G&.o^Y.7.0.'.UM<.*E/..*D......Lm~H=O.KRYU{........3......O...X..F.....1R.S0..z.n...1:..)f... ~x.u.)...o{...k.....:'.......tz..^...L*I.&`t...+.(..X.&M(9....F.p.....|.jaFi.&.../L..V.C.g..Q.w..-..`..m.H..pV...._..d..%.Jrp...s..A.JE!g......p..1....d........?..P..#,V..%.r.8..8.iB.^.2../.o....OS|O?2..K.."9..:./......L..Y.$....Mrs;.2...'b.%.

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\483__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1157
                Entropy (8bit):6.864067743547031
                Encrypted:false
                SSDEEP:
                MD5:08C3BCE0E11D0DEF47E0FEAB5620329B
                SHA1:2FCAB67A8F6855F734B7C5D70DB85CD0D5A13AF8
                SHA-256:3B6BD3A7739EB026C65F5DC59B3F3458D37626A60190394187C17AEBA9B34C1D
                SHA-512:51EC41727F2DE7A1E30F7D6033EE96D4D70CE52C08F630F2869849319990B4A428940008BF0DD2502AED5126258ADAD4AA117ED79C788117D94D58FB455E6710
                Malicious:false
                Preview:.......z.........x......r..\....j... ../]...v.NW...M.U..H|...."..0..."...i.W./X...m.{..+.l".g4...O.FG`...K...%t^.7e..L.....r.k2O..i..R...0....9A.P.o...'...}.i'..z.K........o...W..."x.......L.).......T....f.QF......6e|.....:..jh...s.v{`..c.\,A8:.M.:...VHg..e8..+.}...E.o{..`E..MX.i..i..fE.(cO.....X<O..po.s~...3_.....s.b...s]L%.../.`<.N..Y..\..R...@u...k.#.;.....i..(.S .gn....Y).co[.{..Mk......9UY*.i.<I......G.f%.p.H=s...j]..x_.|w.23..de.wgbU.......T....w..WzD.T>...V&Dy..3....!...Ls..e......Y.h.Y.a.8i~4...e.w.Wf6\..S.O.h....S+..$...eZ|....8t.x....YH.j=.....o.A.F+...Q.....`..H.........r.......9..[!."./.......460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0c

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\484__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1018
                Entropy (8bit):6.633058018770575
                Encrypted:false
                SSDEEP:
                MD5:F671135F1EA9952BF9ABCB075F9EE63F
                SHA1:DEE249DC53BEFDC426741EBBFF6C60904DE0F998
                SHA-256:5DF216D22E6A13386F499A3C2FA2BF8A2B15917071F79D57CE3B8474BC689B3F
                SHA-512:DD2F0E50271DA905AE6C1C3F9B728A74E78E47B6FFB94DD178ACC5BC516CEFAF61D8D1C32D0577A764273493184546EB5D17821526EDDDC8AFCB7C1932AA11F9
                Malicious:false
                Preview:...et.M.'\pF/s....0.i:..:..\!..$.7X.9..2]D]..:.{.j..<$......3...h...M..0P<7(.M...{0.. X.. .Sy.L-,QX..%. .4).....<)h..Si......czI.e...#I.Bkf-................slD-.MrF'....9<].6......`.nu<......-.tp.Wz.._pM...gsi.D7..r....?.W...E?..<f.#..V>..|...G<..S.KeZq....Y...R.q.....k.+....d.(......g}F.X..,..n.K.w.!&...g...M..z!.>....t.....G.....O.,..8..e].../o...m.O.}..|.?...4TW.XZj....V.Vk@Ox= ....t........f..1.G3.>\....k.&/...B..N.U.T..e..-...Q..i..J.}qo7rj.......^.....&q.......hp..+wt.x...-$.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f41

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\485__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1098
                Entropy (8bit):6.767367338232256
                Encrypted:false
                SSDEEP:
                MD5:88512FC8120BE3C64D86352C0215BEA1
                SHA1:EFD3055A363E06E78CF1E9A72E141B91553D50AD
                SHA-256:E5A7C8359956E407027335A53DAC96492CBAC872826C48A7627B32240EAA9ABB
                SHA-512:77134DEB42BDCD63BFB2C9E03DA60F6028FE8718269059CD66636197CE82D0D9E22B371DA47F312D166C973A41872E01BBB28E15206FF4114B064E0D90E8120A
                Malicious:false
                Preview:.0..l....@...F....,..i.j.H.h..O.p..........kIY.!..$fo{..Z{..3..:.K?... .y..(S..j.#U.s...!./...A..R..>.^..H...,.1Mw$xs.7.M.$*.....5.E...j..qE.a{.%.`.U..n.........|K...|.,..K.G*..X.D.....By...BY.Uf l.....3G7............"..L.6.y....b...l9).P8..X.lW....=wX.r.f.^..........').W...U S3.}..JU....8..U..z.4h...-XRK=...8.qJ..#......|...7....Y.v/...u....$im.$y... .a...!X.`p....H!C....Z.g.._;f...1U.]...,.\.Z6c....Z.ZHj.BD&..+`.8A.Y.d.&.e.rxE..sIx.>....nK.. ~[.....^..L7....c.|^$.qo. 4|.!.."3..u....?.zJ..^*.7.fl.-V_..l.P.v.|d.....>..<.|kL..s..x...............d.?.s...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\486__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1046
                Entropy (8bit):6.690645648476447
                Encrypted:false
                SSDEEP:
                MD5:899B312ED40550661212C50F759C77C7
                SHA1:07A613F1EC4FB320FB73E96A978ECE271C41CD5F
                SHA-256:4F92DA9C5139B8BA5067B4922B8944D3C2681637D07B5C71DB1C0BCF809C80A9
                SHA-512:C1A318FA32B0579FC6CD06E6FDA9458058A4C96244F1390010A58BDD7A82C0A75FDE95DF63E7969EC5BF6EF8F0D325AC0D472487A7F5EBDEE6F61C7149B94D6B
                Malicious:false
                Preview:....^....x..N.:T.j...^......l"_....rYP0t.".D..4. +.,.. .....#..).*.1.q...4@_..-.....S^.EsI...w!#....d..=m........}^.:...0p..4...R..>,3u..T.4..+......^..5.F.fZ.?H....Q\..L.FF....H.<.U...29......p..).O!U....@<5...mT.B2.... ..........,.....h&..Q+...tZ....cI%o1..q.x...Ed.....#.A..M.Y>a..K|....i.......tH.......:^...@A....E......&..B.l?F^NW`/....[/J[..nd..I.q.q....f[kwD...oB.(.;.:....>...@..-...x...0b...p.2.qZ..}{.`pt..O=(...iudc...5u..:.k...b...4.k.....$.\..2CG.IR.......&.n/.EL..7.G(N...{.......ogGBF...j.}m.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aa

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\487__Cellular_PerSimSettings_$(__ICCID)_BrandingName.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):963
                Entropy (8bit):6.496791101907643
                Encrypted:false
                SSDEEP:
                MD5:73B8733BCEE9AD4DBB6DF4B8C747C1C6
                SHA1:A7B0CFADE131266E208C29A02FCE9678387ED316
                SHA-256:71A16F186B0B31B5BACC3AB382FE581564DE10994FCE9550D47EEB65A574A92D
                SHA-512:1016A5D0C8DAC704516446D6714AD5A75165A7BD4500A076D7EC656BCB9642A688EACE12DD1FD0F352538DCCAC37E247CE70A6382A7BB7BB704DB953CAA3DB3B
                Malicious:false
                Preview:....+q......a........VAr.?ls.99.._.....q3.x?@.wawC:....6..S.. 3h./>../...... .~\.\.....T.;.S...PP.U.b......i.A..7....>.m...c.Zy_....,X..H....k*...J.R@.......,.a.....k.-..*..#Z.?....Rb.i...C..F..(y........N...n2.....d.......Z....'&,G%.M...............{l&...t.h...hj.`..K.-D.j.hMSRY.Rn.....7..C....sx...(Q)E..G4B.7..zD[4}U./@...I..'. 9.r.lQ.....9d.....E2.*.s..eGg.h...A....F.iY..m'f5.j......N......u..`."......0.:.~....O.s.I..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\488__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1233
                Entropy (8bit):6.969259995512794
                Encrypted:false
                SSDEEP:
                MD5:777F876094882758D84E132B2E0AF13C
                SHA1:8E61CD9FADD68C087767AAFCBC1EA539FEF8F52D
                SHA-256:43D48E171D1B3A1B8C2AF7676E9AB7E29893D79B98E959F7AA8410BB75D75FA7
                SHA-512:48AB42854E53F1EEB74195C74D10D9D5538732224532229F79A326940E9A1DC50CD81A1CD428B34E032937919EA896422E79959CDD123391D3D04AD402FEB1AE
                Malicious:false
                Preview:..bA!..4.Z>..aHO..)i..]....,..../.N.Z_..y.v.`\.I0)1.ro...6......=........}nIM.B.x....~v...6.5..n..wQ..o.J.U..\P8.(..N.U..~q}!......F.u... ....my......p..G/...H...........Y.T..q\K...2...XxY....TQ...*a.|....1.s.T1....%...........+q..<.p.6".....y0....\~.=.v.$.&.@$9.s..{.2.....[B.5.4.W..$.....3.E.9.Ty.hRB.Vj......j0cm.wJ./.../B..{....|.s..F..n.I2.!Y....Q.h..".P...H..Q.l..*El.~.......m.GHgrZ.g...^.Et-.S...z.B..^...y....../3<d....NA..t>....zY.K.c.z....._.Z.Y.?...z.:..vm.V.}.. B6f......... t...&..L#.i.!.c.Kb....o.X..:..n.....^...S..n..(....{.X...A..&...........{.([..r[&"=q.).".c....e.=....b.f.~F@a....P....3...d3e...8......h.&.D/OL7.....|.....i.0...Z..t.6D.b.. ..R9.w?.i.7...460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf7

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\489__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1162
                Entropy (8bit):6.902098736139322
                Encrypted:false
                SSDEEP:
                MD5:65B07CAF2878629531D389AB88ED910D
                SHA1:CF474443881C7DA908C031EE152AEFE2FD8BB163
                SHA-256:EB0C4FD46463C208F710F1838BB73E14C17BA5A8A41C2A72C1752635AA3A6054
                SHA-512:E7B7E5343AB5674CECB249D090543917F88F0E271720B1945069912422C90ED2585F2E95314B7F3A7C10B6215DFBEFBC8BBFB9BC39DAC21028F488BBACCC078C
                Malicious:false
                Preview:b.FC...F...+.......1..z.H6..>..Y..&."{.t...Q..8{..=V..f.`...lmS.Ll.n.;.n..JX......../...'..v4.(...........C.z<s..&..!-.h..t...L.w.iY...F+U..6.I.\..,...-..9.+.K,....9].B..).....%H|6...n.......3.......DDQ.....jg..%XT.$`....h...B..7.............u....&.@.D..CW....2..R.A.....WW.37.<..N..$..u....V.c..BV..o....8..c....!..d.2........y.!.vm.+TO..G.......V.b:.....@B.g.....,h...i|3s..G.....hi.....6._.QI.-..../..f..P;...)..%..]-...:...;....4.`......q..#*.......(Q.v.s..n..9....O.9.[W...Ma..................b.;..CCV..[G.;....4k...D.X .S#4O4.F..X.qRm..H.3..\=.f.M.z;:.=.W.Y.M.uy.}'oA..C...b..Oe2x...R........m.^.(d.g.v..460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\48__HotSpot.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):817
                Entropy (8bit):6.038326724155067
                Encrypted:false
                SSDEEP:
                MD5:65E6C9C5BD1DCCB8880C031587008025
                SHA1:5412E8A36B438A987A92934B46564A4FA3B7B5E1
                SHA-256:46F9138F2E32EB8C33E89D9BD40DE03FE4D4E99785325FBA5E0514CB68ED4CFC
                SHA-512:FB1F407A43AA1E8E235A27E723A7A37742691519940FFC043C527E2EC4B5B9B6C9C8FD51DB712CD872962FD5A4B8A0482FE2DB23B92BCB0AEEBE969297BD8DBD
                Malicious:false
                Preview:)..._.C..f.?.l2&f...#.t....6;x@8@.H."aT.u..@-o.\.4!.v..g..i.H...v.{..}A..P... ......jB~.0."..=.'.a.a=Zs.:.G.pC'.....rDg...j|...#D..R..\...5;I..iN}..m8..U..#.Y|*...{Q..j..J.;.LmN....Cf..~m.....G.M....c..9..+.4/'../kO......R.....gt...i...{..lc...g.@.....p.S..0k.....E...&_....4.w..u?.]........j@.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\490__Cellular_PerSimSettings_$(__ICCID)_AccountExperienceURL.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):980
                Entropy (8bit):6.4937665628007375
                Encrypted:false
                SSDEEP:
                MD5:B2B92A1EE2BE302AA0E35E4AE361A027
                SHA1:D623B570B039CD0E94DCB30253BCAD7C31B51C0D
                SHA-256:8EA9639B113EC02E2401AB470AF33935CA31FB0E8BCC1A189FEAE69076A5EC87
                SHA-512:30B0B3303F2E85DC10BCF0A8473AFF34CA391B799A49938E154829B378B8AB47438A186CCF04AECBE1D3F858D036493A1042F81F01BF74DC32618DCE4F4F6186
                Malicious:false
                Preview:hl.L.;0....6~.cq...^.f...8.....N.9.I.j...?....[.J.PF....o..'.....v...,.D..z.......zSe.|.9.U.9.bz.?....9.MI......S/...(...i......zZ.D.x.&......^. .........in..l...:..I....T>X.L.}R.......K...3x..!.e..F.g4@.1=..........w..0....^^.2...=A.B...A.....m.......s....0...A.qn..Oa.@..w....+...@..8..wb.......8N...._#...Z?.r.4.DN..o.P..e.E.{v.<.R...b.8.2^..{...............Rx.h....f..[....|.....'.E.....-.eE..e2.w[ >.....+.-&....?......zR..\WjL....vBE.e..8.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff89c19e75eeabb4538ca4f3f419ef7a3c6139729a292

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\491__Connections.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2296
                Entropy (8bit):7.602284324376664
                Encrypted:false
                SSDEEP:
                MD5:393D1368C74DD6E74A5A83C3F65270BB
                SHA1:40419379E30C4549E2C6EFDD0D88001C356ED8FA
                SHA-256:E6658DC0247C28C4D7FB1CCC629513B8D67F216C64581505BD6150E88A636040
                SHA-512:8FFA90B75636A8ACCAC0C3AE225F77740643F239206392987FF184CB229C4662E059CB7387669CD95A8143D3D6F999CDA33DF81473215489882AD05F3C0B4314
                Malicious:false
                Preview:>....2.....:wo.N....R.....-...n..Z...U_...Svw..?......3..C.......I.VJ.f+...b.....PO..+`..........H.....H../.M.G...0.U.yg-l.4...Bwd.2q.|.f;..^.%...{F}.\s.,,..d.R..M.E.1._...~.?%.A.Y....3:.p.n...\./!.....j.4GALT.r/l$Z.#.8.Kc.g..y......c.........G._..Th..m....q/V%._...j..e.s;.$...5..i..."..~6]... ..de5T.?.FW(f|.........t[L/.^..B(..u..G..8...Z._'.4...xR..J..^.X.....V...`u.9..,..._..............N..;lX7Nb......\.g......P...a..O...|..."..x7...=.CZ.....-....O...E..W.{.pcz2\e.'?..m...Cs6e.(....o79.vHN.3$..{L.7d.x.rb..OZ.%.2.M.4.>&...^"...'.G.[9i.....Z[.....D....@V.....$.V.6..u..."....'.&.,.....)PK./<..<...Hj..+......dI...yn.Qji.G.........}..b]........l...&....U"....?.T.......+:....7J{.G#.!.h..3....<J..S.?.=...N.....0l,..''Tf.{.$.~......i&^..;...c.|..k.!Wv7.. ]b".a8p.6.mW...[.K..O......A..<.h.ej..8O.68....f.5.?p...n.uZ..A..5..3..$...r}..uTi.O..h..uB3D.[.Of......j..].g..q.Dt.z.........1.J.....z.8..q7..U.8,]D.`...pb-v.s `..<.K.(..V.m ....pj....S)s....z.vV....

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\492__Cellular_PerSimSettings_$(__ICCID)_BrandingIcon.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):1090
                Entropy (8bit):6.741274679395132
                Encrypted:false
                SSDEEP:
                MD5:18D27F5A5A02390D964A6BA846170B0A
                SHA1:2F0DA47EB68F05DFE05780000D40076D8F6C79C8
                SHA-256:08180A1A9CD2331CA4A89BDCEE7D2033BDE57D8E6DC348652AEA8B6267EC08E4
                SHA-512:8633E1D8D5E7FE1DB43C650E9C6A4D21C0D052E44DA3906D50D13BA718A94A5F5560E66942CB08D57285F583893F1CE9BCC6E5FD1D8FD0B23FD34D074C48B007
                Malicious:false
                Preview:.y...7..US.xN.....\.&.63..>v.y.M...k!O8C....y.2.../....2J...........F.=.....b.L&..Z..M.g....l....l..c..j.O.2'<.vT.t.8x.C....]...t......2.......UG.M.....)Sf.O_...{....a.,..(....:-..m..>c....C...S....R..-1rk...<.T.}..x...d........0.T...Q....&.l./4.^.s.p<,.a.J.L../.............mF..>..0u&......E...........qB?e...x...Dw...F.|..m.s.W.'~.c...f..@O/n{."`.....xR..Pg.U.b..M..8.L..Y$2.v..(.$.&..b....xt......cb.-.q\...&4.h.m...r.n...5n..;e~p.U.&HHhS..d..>.P..1%.^..{..n@.'d........L.Cz....!.p)..A...A....j....K..L...F..C..K.s.r.c.;G...;.\.`.C.460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\Prov\RunTime\493__Cellular_PerSimSettings_$(__ICCID)_BrandingIconPath.provxml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:modified
                Size (bytes):1042
                Entropy (8bit):6.712549920728468
                Encrypted:false
                SSDEEP:
                MD5:BED971FAD4164D8461A59493221D9FC7
                SHA1:A0555F971E258DEB55CB78282730F80C919DBB15
                SHA-256:28B02F023BEA1167856A1F476D81DD12DA9103218A6DA5C8EE54513BA61F5B33
                SHA-512:60231D9DAE77130E77AE61B31ED059D59D9FE47CF592EC09F30A602306BA64F861B93CEAF12F689861D546DEA9D5A633F53D58871986E82D07490DB4E3D47DA4
                Malicious:false
                Preview:q.8...g...'..=. 'U...E....`..S...]..]:....-....i.. ...........j...g....d.O.C.....$.....[.O...`.Gc...wg.......;..yN=*/..T....R......w.+..bY..8...k...B...."..P...$Dl22.B..&.Y.A.Q...CO......J..L.L.F.$...Ygj..zbs../..Y}.DG..7..>..I....j"..k..o../r.0LN$...?....1.^.>....bk...]._..-....{=r.=\..]O...S..........E.6..O.j..?uo..R..X....^=._..W.pmU.~.:....&...\H#d..q@.O<.&.r..?.:|bl*I>.Jz.7.....f.t.^....\.uQi..Q.5...d.L.m...J......@....E.....%.:..Y...Hq.y...kBh.k..?o...xX-6(FX.0dR..t..b.N{F...}...%460ab23d90ad96faf336be9497c19ec7294541370396ff312d442e26bfbea7a6cab59ad32a0726db35c524f900e6241da5e5609b1bf4a943d049d34cbb7e750b6b7fd7f6d3bfd0259b8e6382d9159e9ad4417082823b9832336779724eb6d708cd4be7d0cd4df39d9dfccbdddd868be1b420b4a196302e5bbc60e5f96f68e389939b163cc76f6686c2febf71203eba3608f16a11bf8510c795d55c7c860754c9d4cc7ea55d2264632daab3fcfbba53cdc0caed37931fa80b35ad9864f68a35b4748871350038ada6ab392263dca848c4587e0d55d95a7fc01e57070fb8810a10f520872f69a84076aabff8

                C:\ProgramData\Microsoft\Provisioning\{c8a326e4-f518-4f14-b543-97a57e1a975e}\customizations.xml

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):674393
                Entropy (8bit):5.63851475271528
                Encrypted:false
                SSDEEP:
                MD5:BB2603BFE03298FEFF2415D54A8FD59F
                SHA1:075F7985FB6B68B97A1C08BE4D2348E24E83E1BD
                SHA-256:6C37576C8FEE9F67517F910D5E54EA24B7E07A6511C50D5C16AAFA062FB86144
                SHA-512:5CC95AA456954FE9475AABADCFBFE2DE4A1E4C3DB4C89BFB4852C082D974D402203C64C43B020C880627A055A0CE8FFD4AC4DBB308E6D0E1A337AFE38E2775E7
                Malicious:false
                Preview:..}.L.....J...!..[~..:+./ ..I.....`M...7.IAm..\ J."...'.v.5:.B...*....Mp.';..W`/ ..B....C.[..>JS...~....}.kv.=#.@-.=y....4.....B.i.S.P..CC........aT.8N..;.0..2..M.p'.9.t...Y..N......"..s......OK0L@...;]q...v....]%.>X..Eu...E2......:.......`.G....+...+-.X...i.sX...*.gJ<.a.-.2]..K...ctK..Z#y........X......<.../...H..t.MV.Vf..t...^.....).J..m....q..n...s...Ql=..-..z.....W....*VV.....TY..1..k'....."..B_.....%..+k.....X.H.0{R2 |.D....H.WF.}I.......@......;....qC.s.:...%Z..]JE..vJ....t.^...\.Z[P\.....1d0..!...W..F.NG.-....Q.,?hlSKv...C..%..E.nP.s.|..+3..(8lub..=.N..".(..!".K..W.y..'...Xy".4.3..4Y.n...oD.#v.H.`#7.......'....T+;b.g.....V.5....E..(2..}.........!..}E=. ].^..2.2*,4E..-..6g...R.^...).Z..-y. .....4..I..<...[.T$^..@..OK.LB.l-..>.3.Sm(....6G..7.a....R.Q.,.PL.:.._h.A..u..`Z6&.......I.....l.....w2K.c.....`L>=..r..U.W...?.9...1..\.WN....Y:........`h:..|..+.._...5e..J.[.G..*...S......dU?0.'m.h.9.sE0..B6\...kn......p...OQm!.r..@o I....T.

                C:\ProgramData\dbg\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                C:\Users\user\Desktop\!-Recovery_Instructions-!.txt

                Download File
                Process:C:\Users\user\Desktop\S7kJLbgFtg.exe
                File Type:data
                Category:dropped
                Size (bytes):2006
                Entropy (8bit):3.41165430872584
                Encrypted:false
                SSDEEP:
                MD5:B37789CE9CFB38F5E3548056460A35D1
                SHA1:F367C80AFDA2AE6FEDFFFE5881404C5EB7F95795
                SHA-256:A5D15200B166F06F96311C9AF03B3517B8437AE26B3DF985BFD8EC475DDAF3B7
                SHA-512:E93A0D7AE350C7DC598AAC773B6036AC8698F740A774677033EE3CD80C0A76B86156CC94682775544C844A9ACDED121231535B3CF17749DF7D6098394632B47A
                Malicious:false
                Preview:!. .Y.O.U.R. .N.E.T.W.O.R.K. .H.A.S. .B.E.E.N. .C.O.M.P.R.O.M.I.S.E.D. .!.....A.l.l. .y.o.u.r. .i.m.p.o.r.t.a.n.t. .f.i.l.e.s. .h.a.v.e. .b.e.e.n. .e.n.c.r.y.p.t.e.d.!.....A.N.Y. .A.T.T.E.M.P.T. .T.O. .R.E.S.T.O.R.E. .A. .F.I.L.E. .W.I.T.H. .T.H.I.R.D.-.P.A.R.T.Y. .S.O.F.T.W.A.R.E. .W.I.L.L. .P.E.R.M.A.N.E.N.T.L.Y. .C.O.R.R.U.P.T. .I.T...........N.o. .s.o.f.t.w.a.r.e. .a.v.a.i.l.a.b.l.e. .o.n. .i.n.t.e.r.n.e.t. .c.a.n. .h.e.l.p. .y.o.u... .W.e. .a.r.e. .t.h.e. .o.n.l.y. .o.n.e.s. .a.b.l.e. .t.o. .s.o.l.v.e. .y.o.u.r. .p.r.o.b.l.e.m.......W.e. .g.a.t.h.e.r.e.d. .d.a.t.a. .f.r.o.m. .d.i.f.f.e.r.e.n.t. .s.e.g.m.e.n.t. .o.f. .y.o.u.r. .n.e.t.w.o.r.k... .T.h.e.s.e. .d.a.t.a. .a.r.e. .c.u.r.r.e.n.t.l.y. .s.t.o.r.e.d. .o.n. .a. .p.r.i.v.a.t.e. .s.e.r.v.e.r. .a.n.d. .w.i.l.l. .b.e. .i.m.m.e.d.i.a.t.e.l.y. .d.e.s.t.r.o.y.e.d. .a.f.t.e.r. .y.o.u.r. .p.a.y.m.e.n.t.......I.f. .y.o.u. .d.e.c.i.d.e. .t.o. .n.o.t. .p.a.y.,. .w.e. .w.i.l.l. .k.e.e.p. .y.o.u.r. .d.a.t.a. .s.t.o.r.e.d. .a.n.d. .c.o.n.t.

                Static File Info

                General

                File type:PE32+ executable (GUI) x86-64, for MS Windows
                Entropy (8bit):6.228337028258821
                TrID:
                • Win64 Executable GUI (202006/5) 92.65%
                • Win64 Executable (generic) (12005/4) 5.51%
                • Generic Win/DOS Executable (2004/3) 0.92%
                • DOS Executable Generic (2002/1) 0.92%
                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                File name:S7kJLbgFtg.exe
                File size:600064
                MD5:55b95e36469a3600abb995e58f61d4c9
                SHA1:de6717493246599d8702e7d1fd6914aab5bd015d
                SHA256:7862d6e083c5792c40a6a570c1d3824ddab12cebc902ea965393fe057b717c0a
                SHA512:9b2eceff54340057b3eae7391b7c5205c3b2d6d13299b4b918fb1d1a5f6f1006079fc4c58b9dd589738927cf0580f5050c4e61448dd82a8d089f2ea9ddcb5e0a
                SSDEEP:12288:VfV36FBXWYgeWYg955/155/OqgG0xbxHrRBVmfxnmtoD:FV36FB8gG01BVDIRmtU
                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............{...{...{.......{......B{.......{.......{......r{.......{.......{.......{.......{...{..5{..Q....{..Q....{..Rich.{.........

                File Icon

                Icon Hash:00828e8e8686b000

                Static PE Info

                General

                Entrypoint:0x140007d10
                Entrypoint Section:.text
                Digitally signed:false
                Imagebase:0x140000000
                Subsystem:windows gui
                Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                DLL Characteristics:TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                Time Stamp:0x62259C57 [Mon Mar 7 05:47:03 2022 UTC]
                TLS Callbacks:
                CLR (.Net) Version:
                OS Version Major:6
                OS Version Minor:0
                File Version Major:6
                File Version Minor:0
                Subsystem Version Major:6
                Subsystem Version Minor:0
                Import Hash:c26403ea8cfe82591aff1eaca9fb0431

                Entrypoint Preview

                Instruction
                dec eax
                sub esp, 28h
                call 00007F9EA8C06E5Ch
                dec eax
                add esp, 28h
                jmp 00007F9EA8C0686Fh
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                int3
                jmp 00007F9EA8C2F894h
                int3
                int3
                int3
                dec eax
                and dword ptr [ecx+10h], 00000000h
                dec eax
                lea eax, dword ptr [00059BDCh]
                dec eax
                mov dword ptr [ecx+08h], eax
                dec eax
                lea eax, dword ptr [00059BC1h]
                dec eax
                mov dword ptr [ecx], eax
                dec eax
                mov eax, ecx
                ret
                int3
                int3
                dec eax
                sub esp, 48h
                dec eax
                lea ecx, dword ptr [esp+20h]
                call 00007F9EA8C069C7h
                dec eax
                lea edx, dword ptr [00079C23h]
                dec eax
                lea ecx, dword ptr [esp+20h]
                call 00007F9EA8C1FF96h
                int3
                dec eax
                mov dword ptr [esp+10h], ebx
                dec eax
                mov dword ptr [esp+18h], esi
                push edi
                dec eax
                sub esp, 10h
                xor eax, eax
                xor ecx, ecx
                cpuid
                inc esp
                mov eax, ecx
                inc ebp
                xor ebx, ebx
                inc esp
                mov ecx, ebx
                inc ecx
                xor eax, 6C65746Eh
                inc ecx
                xor ecx, 756E6547h
                inc esp
                mov edx, edx
                mov esi, eax
                xor ecx, ecx
                inc ecx
                lea eax, dword ptr [ebx+01h]
                inc ebp
                or ecx, eax
                cpuid
                inc ecx
                xor edx, 49656E69h
                mov dword ptr [esp], eax
                inc ebp
                or ecx, edx
                mov dword ptr [esp+04h], ebx
                mov edi, ecx
                mov dword ptr [esp+08h], ecx
                mov dword ptr [esp+0Ch], edx
                jne 00007F9EA8C06A42h
                dec eax
                or dword ptr [0007C247h], 00000000h

                Data Directories

                NameVirtual AddressVirtual Size Is in Section
                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IMPORT0x829f40xc8.rdata
                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x920000x516c.pdata
                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                IMAGE_DIRECTORY_ENTRY_BASERELOC0x990000x1700.reloc
                IMAGE_DIRECTORY_ENTRY_DEBUG0x759200x38.rdata
                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                IMAGE_DIRECTORY_ENTRY_TLS0x75a900x28.rdata
                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x759600x130.rdata
                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_IAT0x610000x5e0.rdata
                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                Sections

                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                .text0x10000x5f0d40x5f200False0.514254476018data6.50417133884IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                .rdata0x610000x22d860x22e00False0.387306787634data4.85597881342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .data0x840000xd6140x9800False0.175395764803DOS executable (block device driver\322f\324\377\3772)3.46755974321IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                .pdata0x920000x516c0x5200False0.481088033537data5.63195391939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                _RDATA0x980000x940x200False0.19921875data1.41840871537IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                .reloc0x990000x17000x1800False0.34765625data5.38328458906IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                Imports

                DLLImport
                KERNEL32.dllFindClose, CreateFileW, MultiByteToWideChar, GetLastError, lstrcatW, DeleteFileW, HeapReAlloc, CloseHandle, HeapAlloc, GetProcessHeap, GetModuleHandleW, lstrcpyW, GetTickCount, lstrcmpW, lstrlenA, lstrcpynW, TerminateProcess, WaitForMultipleObjects, GetEnvironmentVariableW, GetComputerNameExW, lstrcatA, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, CreateThread, SetFilePointerEx, ExitProcess, GlobalMemoryStatusEx, CreateProcessW, WideCharToMultiByte, WinExec, lstrcmpiW, MoveFileW, GetModuleFileNameW, RemoveDirectoryW, WriteFile, lstrlenW, FindNextFileW, HeapFree, FindFirstFileW, GetTempPathW, DecodePointer, ResetEvent, GetLogicalDrives, ReadFile, LoadLibraryW, UnregisterWaitEx, QueryDepthSList, InterlockedPopEntrySList, ReleaseSemaphore, DuplicateHandle, VirtualFree, VirtualProtect, VirtualAlloc, GetVersionExW, GetModuleHandleA, UnregisterWait, RegisterWaitForSingleObject, SetThreadAffinityMask, GetProcessAffinityMask, GetNumaHighestNodeNumber, DeleteTimerQueueTimer, ChangeTimerQueueTimer, CreateTimerQueueTimer, GetLogicalProcessorInformation, GetThreadPriority, SetThreadPriority, SignalObjectAndWait, SetEvent, CreateTimerQueue, WriteConsoleW, GetConsoleMode, GetConsoleCP, FlushFileBuffers, HeapSize, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, WaitForSingleObjectEx, Sleep, SwitchToThread, GetExitCodeThread, GetNativeSystemInfo, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetProcAddress, QueryPerformanceFrequency, GetCurrentThread, GetThreadTimes, RtlUnwindEx, InterlockedPushEntrySList, InterlockedFlushSList, RtlPcToFileHeader, RaiseException, EncodePointer, FreeLibrary, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetStdHandle, LCMapStringW, GetFileType, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW
                ADVAPI32.dllCryptAcquireContextA, CryptDestroyKey, CloseServiceHandle, CryptEncrypt, OpenSCManagerW, ControlService, CryptImportKey, OpenServiceW, CryptReleaseContext, CryptAcquireContextW, CryptGenRandom
                SHELL32.dllSHGetFolderPathW, ShellExecuteW
                ole32.dllCoUninitialize, CoCreateInstance, CoInitialize
                OLEAUT32.dllSysAllocString, VariantClear
                MPR.dllWNetEnumResourceW, WNetCloseEnum, WNetOpenEnumW
                SHLWAPI.dllPathCombineW, wnsprintfW, wnsprintfA, StrCmpNA, StrStrA, StrStrW
                WININET.dllInternetCrackUrlA, HttpOpenRequestW, InternetQueryOptionW, InternetQueryDataAvailable, InternetOpenW, InternetCrackUrlW, HttpSendRequestW, InternetCloseHandle, InternetConnectW, InternetSetOptionW, InternetReadFile
                WS2_32.dllrecv, connect, closesocket, inet_addr, send, socket, htons

                Network Behavior

                No network behavior found

                Statistics

                CPU Usage

                Click to jump to process

                Memory Usage

                Click to jump to process

                Behavior

                Click to jump to process

                System Behavior

                General

                Target ID:0
                Start time:13:57:30
                Start date:22/03/2022
                Path:C:\Users\user\Desktop\S7kJLbgFtg.exe
                Wow64 process (32bit):false
                Commandline:"C:\Users\user\Desktop\S7kJLbgFtg.exe"
                Imagebase:0x7ff608060000
                File size:600064 bytes
                MD5 hash:55B95E36469A3600ABB995E58F61D4C9
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:low

                General

                Target ID:1
                Start time:13:57:31
                Start date:22/03/2022
                Path:C:\Windows\System32\vssadmin.exe
                Wow64 process (32bit):false
                Commandline:vssadmin delete shadows /all /quiet
                Imagebase:0x7ff777700000
                File size:145920 bytes
                MD5 hash:47D51216EF45075B5F7EAA117CC70E40
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:moderate

                General

                Target ID:2
                Start time:13:57:32
                Start date:22/03/2022
                Path:C:\Windows\System32\conhost.exe
                Wow64 process (32bit):false
                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Imagebase:0x7ff7bab80000
                File size:625664 bytes
                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                Has elevated privileges:true
                Has administrator privileges:true
                Programmed in:C, C++ or other language
                Reputation:high

                Disassembly

                No disassembly